Um Modelo de Composição de Detectores de Intrusão Heterogêneos Baseado em Conjuntos Difusos
Abstract
The performance of an intrusion detector depends on several factors, like its internal architecture and the algorithms employed. Thus, distinct detectors can behave distinctly when submitted to the same event flow. The project diversity theory has been successfully used in the fault tolerance domain, and can bring benefits to the intrusion detection area. The objective of this paper is to propose a mathematical model, based on the fuzzy set theory, for the composition of heterogeneous intrusion detectors analyzing the same event flow. This model intends to combine the individual detectors’ results into a global result with better quality.References
Avizienis, A. and Kelly J. P. J. Fault Tolerance by Design Diversity: Concepts and Experiments,” IEEE Computer, pp. 67-80, August, 1984.
Axelsson, Stefan, The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. 6th ACM conference on Computer and Communications Security, 1999.
Bachi, S., Mei, Y., Foo B., Wu Y., Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS, Proceedings fo the 19th Annual Computer Security Applications Conference, 2003.
Carey N., Clark A., Mohay G. IDS Interoperability and Correlation Using IDMEF and Commodity Systems. Proceedings of the 4th International Conference on Information and Communications Security, December 2002.
Cuppens F., Miège A. Alert Correlation in a Cooperative Intrusion Detection Framework. IEEE Symposium on Security and Privacy, 2002.
Dain O., Cunningham R. Fusing heterogeneous alert streams into scenarios. 8th ACM Conference on Computer and Communications Security, 2001.
Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, November 2003.
Ko K., Fraser T., Badger L., Kilpatrick D. Detecting and Countering System Intrusions Using Software Wrappers. 9th USENIX Security Symposium, USA, 2000.
Kreibich C., Sommer R. Policy-Controlled Event Management for Distributed Intrusion Detection. 4th Intl Workshop on Distributed Event-Based Systems, June 2005.
Leckie, Tysen, Bayesian Metrics for SEADS, September 3, 2002, http://www.cs.fsu.edu/~yasinsac/group/slides/leckie3.pdf
Littlewood B. and Strigini L. Redundancy and Diversity in Security. 9th European Symposium on Research in Computer Security, France, 2004.
Maxion, R., Tan, K., The Effects of Algorithmic Diversity on Anomaly Detector Performance, Intl Conference on Dependable Systems & Networks, 01 – July – 2005.
Nguyen, Hung T. and Walker, Elbert A. A First Course in Fuzzy Logic, Chapman & Hall/CRC, 2000.
Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M. An Overview of Issues in Testing Intrusion Detection Systems. National Institute of Standards and Technologie (NIST) Interagency Report 7007, June 2003.
Shaw, Ian S., Simões, Marcelo Godoy, Controle e Modelagem Fuzzy, Editora Edgard Blücher Ltda., 1999 Ulvila, Jacob W. and Gaffney, Jr., John E., Evaluation of Intrusion Detection Systems, Journal of Research of the National Institute of Standards and Technology, Volume 108, Number 6, November December 2003.
Axelsson, Stefan, The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. 6th ACM conference on Computer and Communications Security, 1999.
Bachi, S., Mei, Y., Foo B., Wu Y., Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS, Proceedings fo the 19th Annual Computer Security Applications Conference, 2003.
Carey N., Clark A., Mohay G. IDS Interoperability and Correlation Using IDMEF and Commodity Systems. Proceedings of the 4th International Conference on Information and Communications Security, December 2002.
Cuppens F., Miège A. Alert Correlation in a Cooperative Intrusion Detection Framework. IEEE Symposium on Security and Privacy, 2002.
Dain O., Cunningham R. Fusing heterogeneous alert streams into scenarios. 8th ACM Conference on Computer and Communications Security, 2001.
Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, November 2003.
Ko K., Fraser T., Badger L., Kilpatrick D. Detecting and Countering System Intrusions Using Software Wrappers. 9th USENIX Security Symposium, USA, 2000.
Kreibich C., Sommer R. Policy-Controlled Event Management for Distributed Intrusion Detection. 4th Intl Workshop on Distributed Event-Based Systems, June 2005.
Leckie, Tysen, Bayesian Metrics for SEADS, September 3, 2002, http://www.cs.fsu.edu/~yasinsac/group/slides/leckie3.pdf
Littlewood B. and Strigini L. Redundancy and Diversity in Security. 9th European Symposium on Research in Computer Security, France, 2004.
Maxion, R., Tan, K., The Effects of Algorithmic Diversity on Anomaly Detector Performance, Intl Conference on Dependable Systems & Networks, 01 – July – 2005.
Nguyen, Hung T. and Walker, Elbert A. A First Course in Fuzzy Logic, Chapman & Hall/CRC, 2000.
Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M. An Overview of Issues in Testing Intrusion Detection Systems. National Institute of Standards and Technologie (NIST) Interagency Report 7007, June 2003.
Shaw, Ian S., Simões, Marcelo Godoy, Controle e Modelagem Fuzzy, Editora Edgard Blücher Ltda., 1999 Ulvila, Jacob W. and Gaffney, Jr., John E., Evaluation of Intrusion Detection Systems, Journal of Research of the National Institute of Standards and Technology, Volume 108, Number 6, November December 2003.
Published
2006-08-28
How to Cite
RAGUENET, Inez Freire; MAZIERO, Carlos.
Um Modelo de Composição de Detectores de Intrusão Heterogêneos Baseado em Conjuntos Difusos. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 194-207.
DOI: https://doi.org/10.5753/sbseg.2006.20949.
