Fuzzy IDS as a service on the cloud for malicious TCP port scanning traffic detection

Port scanning is a first common discovering step which allows cyber malicious actors to gather valuable information about target hosts namely defense, governmental and banks servers by trying to identify instantly open ports, which correspond to specific services on the cloud, such as HTTP, DNS, and email. This paper aims to introduce a detection and evaluation approach for port scanning attacks in various contexts and levels of criticity based on fuzzy reasoning method. A new fuzzy logic controller, which uses fuzzy rules base and the Mamdani inference method is proposed as Intrusion Detection System as a Service, which dynamically detect and evaluate the criticity of port scanning. This SaaS enables network administrators and cyber security specialists to follow in real time the network traffic behavior, i.e., the Port Scanning Criticity Level (PSCL). A Dynamic dashboard is implemented to quickly and efficiently identify malicious port scanning activities. Experimentations and evaluations showed the efficiency of the proposed system in multilevel port scanning detection compared to Snort and the related IDS systems.