Enhancing the Performance of Intrusion Detection System by Minimizing the False Alarm Detection Using Fuzzy Logic

By | August 11, 2018

Khaled Batiha, Mohammed O. Alshroqee
Computer science department, Al al-Bayt University, Jordan.

Abstract— According to the information technology and regarding to the revolutions of the computer worlds, this world has got important information and files that have to be secured from different types of attacks that corrupt and distort them. Thus, many algorithms have turned up to increase the level of security and to detect all types of such attacks. Furthermore, many algorithms such as Message Digest algorithm 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) tend to detect whether the file is attacked, corrupt and distorted or not. In addition, there should be more algorithms to detect the range of harm which the files are exposed to in order to make sure we can use these files after they have been affected by such attacks. To be clear, MD5 and SHA-1 consider the file corrupt once it is attacked; regardless the rate of change.
Therefore, the aim of this paper is to use an algorithm that allows certain rate of change according to the user, which is SSdeep algorithm. Meanwhile, it gives the rates of change depending on the importance of each file. Moreover, each rate of change determines whether we can make use of the file or not. I made assumption in creating four folders, each contains multiple files with minimum predefined allowed of similarity. Then graphical user interface is created to utilize the SSdeep algorithm and to permit user to define the allowed similarity on each folder or file depending on impotency of it.
After applying the algorithm, I got results showing the benefits of such algorithm to make use of these attacked or modified files.

Keywords-Intrusion Detection System; false alarm; fuzzy logic; computer security.

Citation: Khaled Batiha, Mohammed O. Alshroqee, “Enhancing the Performance of Intrusion Detection System by Minimizing the False Alarm Detection Using Fuzzy Logic”, The World of Computer Science and Information Technology Journal (WSCIT). 2016, Volume 6, Issue 3. pp. 21.26.

2016, Volume 6, Issue 3.

[1]Mallery, John. “Network Intrusion Detection”. Security Technology & Design. 44 – 47, 2008.
[2]Pokrywka, Rafał. Pokrywka http://link.springer.com/chapter/10.1007%2F978-3-540-69384-0_45. 2008. Last visited Jan 2015.
[3]Zadeh, L A .. “Fuzzy Sets”, Information and Control, Vol.8, pp. 338-353, 1965.
[4]Kornblum, J., “Identifying almost identical files using context triggered piecewise hashing,” Digital Forensic Research Workshop (DFRWS), vol. 3S, pp. 91–97, 2006.
[5]Roussev, Vassil,. An evaluation of forensic similarity hashes. Digital Forensic Research Workshop, 8:34–41, 2011.
[6]Roussev, Vassil Simson Garfinkel, Frank Breitinger, John Delaroderie, Barbara Guttman, John Kelsey, Jesse Kornblum, Mary Laamanen, Michael McCarrin, Clay Shields, Douglas White, John Tebbutt, and Joel Young. The NIST Definition of Approximate Matching.Technical report, National Institute of Standards and Technologies, 2013.
[7]Chyssler, Tobias, Stefan Burschka, Michael Semling, and Tomas Lingvall, KalleBurbeck, “Alarm Reduction and Correlation in Intrusion Detection Systems”. In Detection of Intrusions and Malware & Vulnerability Assessment”. Ulrich Flegel, Michael Meier (Eds) Dept. of Computer and Information Science Linköping University, S-581 83 Linköping , Sweden, 2004.

Leave a Reply

Your email address will not be published. Required fields are marked *