An agent-based intrusion detection system using fuzzy logic for computer system threat evaluation.

摘要

This dissertation proposes a new approach for threat evaluation in distributed computing systems. Although anomaly-based intrusion detection systems are very helpful in detecting unknown attacks that are not defined in the signature and rule-based analysis of the misuse detection approach, there are many difficulties in accurately and efficiently performing anomaly detections. Tuning statistical anomaly detection engines is a significant challenge that often causes high false alarm rates. Also, many types of intrusions cannot be crisply defined and the degree of alert (threat level) that can occur with intrusions is often imprecisely defined.; This dissertation explores the use of fuzzy logic as the threat evaluation engine for anomaly-based intrusion detection system. It presents a novel agent-based anomaly intrusion detection architecture using fuzzy logic to overcome the anomaly intrusion detection systems drawbacks and to present an accurate threat evaluation detection engine. The new architecture was experimentally implemented, and compared to existing intrusion detection systems. An experiment was developed to simulate a difficult network intrusion called “Doorknob Rattling.” Two other experiments were developed to evaluate the adaptability and the robustness of the proposed agent-based anomaly intrusion detection system respectively. In addition, two experiments were developed to evaluate the effectiveness of the fuzzy agent-based intrusion detection system and to create a flexible detection system that tolerates legitimate variations in user behavior.