Fuzzy Intrusion Recognition Engine (FIRE)
Network intrusion detection (NID) is the process of
identifying network activity that can lead to the compromise of a security
policy. Most commercial NID systems use a form of intrusion detection
called “misuse detection” that compares data in the network stream
against a database of known attack signatures. These systems are usually
only effective when prior knowledge of the detailed characteristics about
various intrusion techniques is available.
We would prefer to be able to identify potentially malicious
activity without prior knowledge of what form the attacks will take.
Anomaly detection attempts to spot malicious activity by
looking for unusual events in the data being monitored.
The difficulty in anomaly detection is knowing what features in the
input to monitor. Some
features may be irrelevant to certain intrusion detection scenarios.
Some types of attacks are difficult to identify unless inputs from
multiple monitors are combined. The
next generation of intrusion detection tools will need to be able to
perform correlation analysis of multiple
This research explores using fuzzy systems as the
correlation engine for an intrusion detection system. Fuzzy
systems have several important characteristics that suit intrusion
detection very well.
Current Project Personnel
National Science Foundation.
Copyright © 2002
Page last updated 09/24/2002