UMBC ebiquity

Fuzzy Clustering for Intrusion Detection

Authors: Anupam Joshi, and H. Shah

Book Title: Proceedings of the 12th IEEE International Conference on Fuzzy Systems

Date: April 30, 2003

Abstract: The newly formed Department of Homeland Security has been mandated to reduce America's vulnerability to terrorism. In addition to being charged with physical protection, this newly formed department is also responsible for protecting the nation's critical infrastructure. Protecting computer systems from intrusions is an important aspect of securing the nation's infrastructure. We are exploring how fuzzy data mining and concepts introduced by the semantic Web can operate in synergy to perform distributed intrusion detection. The underlying premise of our intrusion detection model is to describe attacks as instances of an ontology using a semantically rich language, reason over them and subsequently classify them as instances of an attack of a specific type. However, before an abnormality can be specified as an instance of the ontology, it first needs to be detected. Hence, our intrusion detection model is two phased, where the first phase uses data mining techniques to analyze low level data streams that capture process, system and network states and to detect anomalous behavior. The second phase reasons over instances of anomalous behavior specified according to our ontology. This paper focuses on the initial phase of our model: outlier detection within low level data streams. Accordingly, we present the preliminary results of the use of fuzzy clustering to detect anomalies within low level kernel data streams.

Type: InProceedings

Pages: 1274 - 1278

Tags: intrusion detection, security, uncertainty

Google Scholar: 8pNPZMAuG48J

Number of Google Scholar citations: 51 [show citations]

 

Related Projects:

Past Project

 Intrusion Detection.