TY - GEN
T1 - On detecting port scanning using fuzzy based intrusion detection system
AU - El-Hajj, Wassim
AU - Aloul, Fadi
AU - Trabelsi, Zouheir
AU - Zaki, Nazar
PY - 2008
Y1 - 2008
N2 - Intrusion detection is a mechanism used to detect various attacks on a wired or wireless network. Port scanning is one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous network intrusion detection system (NIDS), detects a port scanning attack by combining and analyzing various traffic parameters. Because these parameters cannot be easily combined using a mathematical formula, fuzzy logic can be used to combine them; fuzzy logic can also reduce the number of false alarms. This paper presents a novel approach, based on fuzzy logic, to detect port scanning attacks. A fuzzy logic controller is designed and integrated with Snort in order to enhance the functionality of port scanning detection. Experiments are carried out in both wired and wireless networks. The results show that applying fuzzy logic adds to the accuracy of determining bad traffic. Moreover, it gives a level of degree for each type of port scanning attack.
AB - Intrusion detection is a mechanism used to detect various attacks on a wired or wireless network. Port scanning is one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous network intrusion detection system (NIDS), detects a port scanning attack by combining and analyzing various traffic parameters. Because these parameters cannot be easily combined using a mathematical formula, fuzzy logic can be used to combine them; fuzzy logic can also reduce the number of false alarms. This paper presents a novel approach, based on fuzzy logic, to detect port scanning attacks. A fuzzy logic controller is designed and integrated with Snort in order to enhance the functionality of port scanning detection. Experiments are carried out in both wired and wireless networks. The results show that applying fuzzy logic adds to the accuracy of determining bad traffic. Moreover, it gives a level of degree for each type of port scanning attack.
KW - Fuzzy logic
KW - Intrusion detection system
KW - Port scanning
KW - Snort
UR - http://www.scopus.com/inward/record.url?scp=52949119607&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=52949119607&partnerID=8YFLogxK
U2 - 10.1109/IWCMC.2008.19
DO - 10.1109/IWCMC.2008.19
M3 - Conference contribution
AN - SCOPUS:52949119607
SN - 9781424422029
T3 - IWCMC 2008 - International Wireless Communications and Mobile Computing Conference
SP - 105
EP - 110
BT - IWCMC 2008 - International Wireless Communications and Mobile Computing Conference
T2 - International Wireless Communications and Mobile Computing Conference, IWCMC 2008
Y2 - 6 August 2008 through 8 August 2008
ER -