Fuzzy Rule Interpolation and SNMP-MIB for Emerging Network Abnormality

Mohammad Almseidin, Mouhammd Al-kasassbeh, Szilveszter Kovacs

Abstract


It is difficult to implement an efficient detection approach for Intrusion Detection Systems (IDS) and many factors contribute to this challenge. One such challenge concerns establishing adequate boundaries and finding a proper data source. Typical IDS detection approaches deal with raw traffics. These traffics need to be studied in depth and thoroughly investigated in order to extract the required knowledge base. Another challenge involves implementing the binary decision. This is because there are no reasonable limits between normal and attack traffics patterns. In this paper, we introduce a novel idea capable of supporting the proper data source while avoiding the issues associated with the binary decision. This paper aims to introduce a detection approach for defining abnormality by using the Fuzzy Rule Interpolation (FRI) with Simple Network Management Protocol (SNMP) Management Information Base (MIB) parameters. The strength of the proposed detection approach is based on adapting the SNMP-MIB parameters with the FRI.  This proposed method eliminates the raw traffic processing component which is time consuming and requires extensive computational measures. It also eliminates the need for a complete fuzzy rule based intrusion definition. The proposed approach was tested and evaluated using an open source SNMP-MIB dataset and obtained a 93% detection rate. Additionally, when compared to other literature in which the same test-bed environment was employed along with the same number of parameters, the proposed detection approach outperformed the support vector machine and neural network. Therefore, combining the SNMP-MIB parameters with the FRI based reasoning could be beneficial for detecting intrusions, even in the case if the fuzzy rule based intrusion definition is incomplete (not fully defined).


Keywords


Intrusion Detection System; Fuzzy Rule Interpolation; Simple Network Management Protocol; Management Information Base.

Full Text:

PDF

References


J. Yu, H. Lee, M.-S. Kim, and D. Park, “Traffic flooding attack detection with snmp mib using svm,” Computer Communications, vol. 31, no. 17, pp. 4212–4219, 2008. [Online]. Available: http://dx.doi.org/10.1038/421805a

M. Almseidin and S. Kovacs, “Intrusion detection mechanism using fuzzy rule interpolation,” Journal of Theoretical and Applied Information Technology, vol. 96, no. 16, pp. 5473–5488, 2018.

E. H. Mamdani and S. Assilian, “An experiment in linguistic synthesis with a fuzzy logic controller,” International journal of man-machine studies, vol. 7, no. 1, pp. 1–13, 1975. [Online]. Available: https://doi.org/10.1016/S0020-7373(75)80002-2

T. Takagi and M. Sugeno, “Fuzzy identification of systems and its applications to modeling and control,” IEEE transactions on systems, man, and cybernetics, no. 1, pp. 116–132, 1985. [Online]. Available: https://doi.org/10.1109/TSMC.1985.6313399

Z. C. Johanyak and Sz. Kovacs, “A brief survey and comparison on various interpolation based fuzzy reasoning methods,” Acta Polytechnica Hungarica, vol. 3, no. 1, pp. 91–105, 2006.

Sz. Kovacs, “Fuzzy rule interpolation,” in Encyclopedia of Artificial Intelligence. IGI Global, 2009, pp. 728–733. [Online]. Available: https://doi.org/10.4018/978-1-59904-849-9.ch108

J. B. Cabrera, L. Lewis, X. Qin, W. Lee, and R. K. Mehra, “Proactive intrusion detection and distributed denial of service attacks—a case study in security management,” Journal of Network and Systems Management, vol. 10, no. 2, pp. 225–254, 2002. [Online]. Available: https://doi.org/10.1023/A:1015910917349

J. Yu, H. Kang, D. Park, H.-C. Bang, and D. W. Kang, “An in-depth analysis on traffic flooding attacks detection and system using data mining techniques,” Journal of Systems Architecture, vol. 59, no. 10, pp. 1005–1012, 2013. [Online]. Available: https://doi.org/10.1016/j.sysarc.2013.08.008

H.-W. Hsiao, C. S. Lin, and S.-Y. Chang, “Constructing an arp attack detection system with snmp traffic data mining,” in Proceedings of the 11th international conference on electronic commerce. ACM, 2009, pp. 341–345. [Online]. Available:http: //doi.acm.org/10.1145/1593254.1593309

W. Cerroni, G. Moro, R. Pasolini, and M. Ramilli, “Decentralized detection of network attacks through p2p data clustering of snmp data,” Computers & Security, vol. 52, pp. 1–16, 2015. [Online]. Available: https://doi.org/10.1016/j.cose.2015.03.006

W. Cerroni, G. Moro, T. Pirini, and M. Ramilli, “Peer-to-peer data mining classifiers for decentralized detection of network attacks,” in Proceedings of the Twenty-Fourth Australasian Database Conference-Volume 137. Australian Computer Society, Inc., 2013, pp. 101–107. [Online]. Available: http://dl.acm.org/citation.cfm?id= 2525416.2525427

S. Namvarasl and M. AHMADZADEH, “A dynamic flooding attack detection system based on different classification techniques and using snmp mib data,” International Journal of Computer Networks and Communications Security, vol. 2, no. 9, pp. 279–284, 2014. [Online]. Available: https://www.ijcncs.org

L. Garber, “Denial-of-service attacks rip the internet,” Computer, vol. 33, no. 4, pp. 12–17, April 2000. [Online]. Available: https://doi.org/10.1109/MC.2000.839316

M. Al-Kasassbeh and M. Adda, “Network fault detection with wiener filter-based agent,” Journal of Network and Computer Applications, vol. 32, no. 4, pp. 824–833, 2009. [Online]. Available: http://dx.doi.org/10.1016/j.jnca.2009.02.001

M. Al-Kasassbeh, “Network intrusion detection with wiener filterbased agent,” World Appl. Sci. J, vol. 13, no. 11, pp. 2372–2384, 2011.

M. Al-Kasassbeh and M. Adda, “Analysis of mobile agents in network fault management,” Journal of Network and Computer Applications, vol. 31, no. 4, pp. 699–711, 2008. [Online]. Available: https://doi.org/10.1016/j.jnca.2007.11.005

M. Al-Kasassbeh, G. Al-Naymat, and E. Al-Hawari, “Towards generating realistic snmp-mib dataset for network anomaly detection,” International Journal of Computer Science and Information Security, vol. 14, no. 9, p. 1162, 2016.

M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19–31, 2016. [Online]. Available: https://doi.org/10.1016/j.jnca.2015.11.016

J. Mirkovic and P. Reiher, “A taxonomy of ddos attack and ddos defense mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004. [Online]. Available: http://doi.acm.org/10.1145/997150.997156

A. H. Alqahtani and M. Iftikhar, “Tcp/ip attacks, defenses and security tools,” International Journal of Science and Modern Engineering (IJISME), vol. 1, no. 10, 2013.

M. Salunke, R. Kabra, and A. Kumar, “Layered architecture for dos attack detection system by combined approach of naive bayes and improved k-means clustering algorithm,” International Research Journal of Engineering And Technology, vol. 2, no. 3, pp. 372–377, 2015.

S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks,” IEEE communications surveys & tutorials, vol. 15, no. 4, pp. 2046–2069, 2013. [Online]. Available: https://doi.org/10.1109/ SURV.2013.031413.00127

L. A. Zadeh, “Fuzzy sets,” Information and control, vol. 8, no. 3, pp. 338–353, 1965. [Online]. Available: https://doi.org/10.1016/ S0019-9958(65)90241-X

S. Dhopte and N. Tarapore, “Design of intrusion detection system using fuzzy class-association rule mining based on genetic algorithm,” International Journal of Computer Applications, vol. 53, no. 14, 2012. [Online]. Available: https://doi.org/10.5120/8489-2436

Z. C. Johanyak and A. Szabo, “Tool life modelling using rbe-dss´ method and lesfri inference mechanism,” A GAMF Kozlem¨ enyei,´ Kecskemet´ , vol. 22, pp. 17–28, 2008.

Sz. Kovacs, “New aspects of interpolative reasoning,” in´Proceedings of the 6th. International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, Granada, Spain, 1996, pp. 477–482.

Sz. Kovacs and L. T. Koczy, “The use of the concept of vague´ environment in approximate fuzzy reasoning,” Fuzzy Set Theory and Applications, Tatra Mountains Mathematical Publications, Mathematical Institute Slovak Academy of Sciences, Bratislava, Slovak Republic, vol. 12, pp. 169–181, 1997.

F. Klawonn, “Fuzzy sets and vague environments,” Fuzzy Sets and Systems, vol. 66, no. 2, pp. 207 – 221, 1994. [Online]. Available: https://doi.org/10.1016/0165-0114(94)90311-5

Z. C. Johanyak, “Sparse fuzzy model identification matlab toolox-´ rulemaker toolbox,” in Computational Cybernetics, 2008. ICCC 2008. IEEE International Conference on. IEEE, 2008, pp. 69–74. [Online]. Available: https://doi.org/10.1109/ICCCYB.2008.4721381

M. ALKASASSBEH, “An empirical evaluation for the intrusion detection features based on machine learning and feature selection methods,” Journal of Theoretical and Applied Information Technology, vol. 95, no. 22, 2017.

Z. C. Johanyak and Sz. Kovacs, “Sparse fuzzy system generation by rule base extension,” in Intelligent Engineering Systems, 2007. INES 2007. 11th International Conference on. IEEE, 2007, pp. 99–104. [Online]. Available: https://doi.org/10.1109/INES.2007.4283680

Z. C. Johanyak, D. Tikk, Sz. Kovacs, and K. W. Wong, “Fuzzy rule interpolation matlab toolbox-fri toolbox,” In Fuzzy Systems, IEEE International Conference on, IEEE, pp. 351–357, 2006. [Online]. Available: https://doi.org/10.1109/FUZZY.2006.1681736

S. Sivanandam, S. Sumathi, S. Deepa et al., Introduction to fuzzy logic using MATLAB. Springer, 2007, vol. 1. [Online]. Available: https://doi.org/10.1007/978-3-540-35781-0

M. Almseidin, M. Alzubi, Sz. Kovacs, and M.Alkasassbeh, “Evaluation of machine learning algorithms for intrusion detection system,” in 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), Sept 2017, pp. 000277–000282. [Online]. Available: https://doi.org/10.1109/SISY.2017.8080566

Sz. Kovacs, “Extending the fuzzy rule interpolation "FIVE" by fuzzy observation”, Advances in Soft Computing, Computational Intelligence, Theory and Applications, Bernd Reusch (Ed.), Springer Germany, pp. 485-497, (2006).




DOI: http://dx.doi.org/10.18517/ijaseit.9.3.7360

Refbacks

  • There are currently no refbacks.



Published by INSIGHT - Indonesian Society for Knowledge and Human Development