TY - GEN
T1 - Fuzzy logic based intrusion detection system as a service for malicious port scanning traffic detection
AU - Saidi, Firas
AU - Trabelsi, Zouheir
AU - Ben Ghazela, Henda
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - Port scanning is a cyber-network attack allows cyber terrorists to gather valuable information about target hosts namely defense, governmental and banks servers by trying to identify instantly open ports, which correspond to specific services on the cloud, such as HTTP, DNS, and email. The basic role of Intrusion Detection Systems (IDSs) is to monitor networks and systems for malicious activities, policy violations attacks and unauthorized information gathering activities. In this paper, we proposed a TCP port scanning detection framework, based on fuzzy logic controller, which uses fuzzy rules base and the Mamdani inference method. The proposed platform is a Fuzzy IDS as a Service, which enables network administrators and cyber security specialists to follow in real time the network traffic behavior, i.e., the Port Scanning Criticity Level (PSCL). A SaaS dynamic dashboard is implemented to quickly and efficiently identify malicious port scanning activities. Experimentations and evaluations showed the efficiency of the proposed system in multilevel port scanning detection compared to Snort and the related IDS systems.
AB - Port scanning is a cyber-network attack allows cyber terrorists to gather valuable information about target hosts namely defense, governmental and banks servers by trying to identify instantly open ports, which correspond to specific services on the cloud, such as HTTP, DNS, and email. The basic role of Intrusion Detection Systems (IDSs) is to monitor networks and systems for malicious activities, policy violations attacks and unauthorized information gathering activities. In this paper, we proposed a TCP port scanning detection framework, based on fuzzy logic controller, which uses fuzzy rules base and the Mamdani inference method. The proposed platform is a Fuzzy IDS as a Service, which enables network administrators and cyber security specialists to follow in real time the network traffic behavior, i.e., the Port Scanning Criticity Level (PSCL). A SaaS dynamic dashboard is implemented to quickly and efficiently identify malicious port scanning activities. Experimentations and evaluations showed the efficiency of the proposed system in multilevel port scanning detection compared to Snort and the related IDS systems.
KW - Fuzzy IDS as a Service
KW - Fuzzy logic controller
KW - IDS
KW - Mamdani inference
KW - PSCL
KW - Port Scanning
UR - http://www.scopus.com/inward/record.url?scp=85082648474&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85082648474&partnerID=8YFLogxK
U2 - 10.1109/AICCSA47632.2019.9035263
DO - 10.1109/AICCSA47632.2019.9035263
M3 - Conference contribution
AN - SCOPUS:85082648474
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
BT - 16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
PB - IEEE Computer Society
T2 - 16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
Y2 - 3 November 2019 through 7 November 2019
ER -