| The intrusion detection technique is an essential component of the critical network security mechanisms. Nowadays, with the wide application of the distributed computing environment, the traditional intrusion detection systems, which only concern the local network environments or a single host, are proved to be not sufficient. Many attackers on different nodes attack coordinately the same target in the distributed network. If the user's operation sequence is detected singly, the system difficultly detects the true intrusion behavior because the single operation sequence doesn't consist of the necessary information. However, when these different operation sequences are combined on a certain mode, they are likely to form a true attack. It is difficult to detect effectively these distributed attacks by the current intrusion detection approaches. The distributed coordinated intrusion detection approach is researched in this paper.Firstly, the attack map based on probabilistic fuzzy cognitive map (PFCM) is constructed to describe the intrusion behaviors by applying fuzzy theory. By considering various factors of intrusion and integrating misuse detection with anomaly detection, a PFCM-based hybrid intrusion detection approach is presented. It describes anomaly as fuzzy conception, executes numerical operations instead of pattern matching, and expresses the uncertainty of relations of the factors by applying probability measure. The PFCM-based Smurf attack map is constructed and experimented. The test results show that the approach is robust and can keep high detection rate with lower false positive rate.Secondly, based on the PFCM-based hybrid intrusion detection approach, the PFCM-based distributed attack map is constructed to describe the distributed intrusion behaviors by applying the phase analysis technology of intrusion strategy. This attack mapconsiders consequence of various factors in distributed intrusion, and expresses the temporal sequence, the restriction and the uncertainty of relations of the factors by probability measure. A distributed coordinated intrusion detection system structure is designed, and it is used to perform the coordinated intrusion detection in three aspects that are the coordination in data collection and data analysis and response. A PFCM-based coordinated intrusion detection algorithm is presented. The PFCM-based Mstream attack map is constructed and experimented. The test results show that the approach is robust and can detect the type of the distributed attack and judge the degree of the distributed attack.
|
PDF Full Text Request