Applications of fuzzy data mining methods for intrusion detection systems

Abstract

Two data mining methods (association rule mining and frequent episode mining) have been proved to fit to the intrusion detection problem. But the normal and the intrusions in computer networks are hard to predict as the boundaries between them cannot be well defined. This prediction process may generate false alarms in many anomaly based intrusion detection systems. This paper presented a method to realize that the false alarm rate in determining intrusive activities can be reduced with fuzzy logic. A set of fuzzy rules can be used to define the normal and abnormal behavior in a computer network, and fuzzy data mining algorithms can be applied over such rules to determine when an intrusion is in progress. In this paper, we have introduced modifications of these methods that mine fuzzy association rules and fuzzy frequent episodes and have described off-line methods that utilize these fuzzy methods for anomaly detection from audit data. We describe experiments that explore their applicability for intrusion detection. Experimental results indicate that fuzzy data mining can provide effective approximate anomaly detection. © Springer-Verlag Berlin Heidelberg 2004.