A program anomaly intrusion detection scheme based on fuzzy inference

A major problem of existing anomaly intrusion detection approaches is that they tend to produce excessive false alarms. One reason for this is that the normal and abnormal behaviour of a monitored object can overlap or be very close to each other, which makes it difficult to define a clear boundary between the two. In this paper, we present a fuzzy-based scheme for program anomaly intrusion detection using system calls. Instead of using crisp conditions, or fixed thresholds, fuzzy sets are used to represent the parameter space of the program sequences of system calls. In addition, fuzzy rules are used to combine multiple parameters of each sequence, using fuzzy reasoning, in order to determine the sequence status. Experimental results showed that the proposed fuzzy-based detection scheme reduced false positive alarms by 48%, compared to the normal database scheme.

http://dlib.vnu.edu.vn/iii/cpro/DigitalItemViewPage.external?lang=vie&sp=1045847&sp=T&sp=1&suite=def