Evaluation of Kernel Based Atanassov's Intuitionistic Fuzzy Clustering for Network Forensics and Intrusion Detection

摘要

Malware or virus is one of the most significant security threats in Internet. There are mainly two types of successful (partially) solutions available. One is anti-virus and other is backlisting. This kind of detection generally depends on the existing malware or virus signature database. Cyber-criminals bypass defenses by generating variants of their malware program. Traditional approach has limitations such as unable to detect zero day threats or generate so many false alerts et al. To overcome these difficulties, a system is built based on Atanassov's intuitionistic fuzzy set (AIFS) theory based clustering method that takes care of these problems in a robust way. It not only raises an alert for new kind of malware but also decreases the number of false alerts. This is done by giving it decision-making intelligence. There is not much work done in the field of network forensics using AIFS theory. Some clustering techniques are used in these fields but those have limitations like accuracy, performance or difficulty to cluster noisy data. This method clusters the malwares/viruses with high accuracy on the basis of severity. Experiments are performed on several pcap files with malware traffic to assess the performance and accuracy of the method and results are compared with different clustering algorithms.