Application Of Fuzzy Theory In Intrusion Detection

Intrusion Detection is an important security technology of protecting information systems as well as firewall and data encrpytion techniques. It has great capabilities in identifying the malicious behaviors in networks and responsing to them. At present, some scholars present the concept of Intrusion Tolerance,and the premise of Intrusion Tolerance is intrusion detection. So the research of IDS is the basis of research of network security.As a means of initiative defend, IDS has several problems to be solved. On the basis of retrospecting the development of intrusion detection technology, the problems incurrent intrusion detection systems are analysised. By comparing several kinds of intelligent methods in intrusion detection including artifical neural network, artifical immunity and data mining, we present that data mining is a perfect method to construct normal profile of protected system which is used in anomaly detection.However, data mining has its own disadvantages such as the problem of "sharp boundary" and rigorous requirement to the precision of datasets. Noise hi training data set will warp the result. The problem of "sharp boundary"is coursed by the localization of classic set theory. Thus we apply the fuzzy theory in our research. Differs from classic set theory, fuzzy set theory uses a value in the closed interval [0,1] to denote the extent that an element belongs to the fuzzy set. It is a more rational method that likes human thinking.To apply the method in intrusion detection, an algorithm of mining fuzzy association rules is presented in which the fuzzy sets of each transaction's attributes is divided and calculated as separate attributes in mining fuzzy associate rules. We built a system named AFIDS (anomaly-based fuzzy intrusion detection system), which use fuzzy logic to solute the problem of data mining.The process of applying the approach in anomaly detection is discussed in detail. Using experiments on network traffic analysis, the feasibility of applying the mining fuzzy associate rules in intrusion detection is validated.