Document Type
Dissertation
Major/Program
Electrical Engineering
First Advisor's Name
Kang K. Yen
First Advisor's Committee Title
Committee Chair
Second Advisor's Name
Jean Andrian
Second Advisor's Committee Title
Committee Member
Third Advisor's Name
Kia Makki
Third Advisor's Committee Title
Committee Member
Fourth Advisor's Name
Niki Pissinou
Fourth Advisor's Committee Title
Committee Member
Fifth Advisor's Name
Yimin Zhu
Fifth Advisor's Committee Title
Committee Member
Keywords
belief theory, fuzzy logic, intrusion detection
Date of Defense
11-13-2007
Abstract
With the rapid growth of the Internet, computer attacks are increasing at a fast pace and can easily cause millions of dollar in damage to an organization. Detecting these attacks is an important issue of computer security. There are many types of attacks and they fall into four main categories, Denial of Service (DoS) attacks, Probe, User to Root (U2R) attacks, and Remote to Local (R2L) attacks. Within these categories, DoS and Probe attacks continuously show up with greater frequency in a short period of time when they attack systems. They are different from the normal traffic data and can be easily separated from normal activities. On the contrary, U2R and R2L attacks are embedded in the data portions of the packets and normally involve only a single connection. It becomes difficult to achieve satisfactory detection accuracy for detecting these two attacks. Therefore, we focus on studying the ambiguity problem between normal activities and U2R/R2L attacks. The goal is to build a detection system that can accurately and quickly detect these two attacks. In this dissertation, we design a two-phase intrusion detection approach. In the first phase, a correlation-based feature selection algorithm is proposed to advance the speed of detection. Features with poor prediction ability for the signatures of attacks and features inter-correlated with one or more other features are considered redundant. Such features are removed and only indispensable information about the original feature space remains. In the second phase, we develop an ensemble intrusion detection system to achieve accurate detection performance. The proposed method includes multiple feature selecting intrusion detectors and a data mining intrusion detector. The former ones consist of a set of detectors, and each of them uses a fuzzy clustering technique and belief theory to solve the ambiguity problem. The latter one applies data mining technique to automatically extract computer users’ normal behavior from training network traffic data. The final decision is a combination of the outputs of feature selecting and data mining detectors. The experimental results indicate that our ensemble approach not only significantly reduces the detection time but also effectively detect U2R and R2L attacks that contain degrees of ambiguous information.
Identifier
FI08081509
Recommended Citation
Chou, Te-Shun, "Ensemble Fuzzy Belief Intrusion Detection Design" (2007). FIU Electronic Theses and Dissertations. 6.
https://digitalcommons.fiu.edu/etd/6
Rights Statement
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).