DOI : https://doi.org/10.18517/ijaseit.9.3.7360

Fuzzy Rule Interpolation and SNMP-MIB for Emerging Network Abnormality

Mohammad Almseidin (1), Mouhammd Al-kasassbeh (2), Szilveszter Kovacs (3)
(1) Department of Information Technology, University of Miskolc, H-3515 Miskolc, Hungary
(2) Computer Science Department, Princess Sumaya University for Technology , Amman, Jordan
(3) Department of Information Technology, University of Miskolc, H-3515 Miskolc, Hungary
Fulltext View | Download
How to cite (IJASEIT) :
Almseidin, Mohammad, et al. “Fuzzy Rule Interpolation and SNMP-MIB for Emerging Network Abnormality”. International Journal on Advanced Science, Engineering and Information Technology, vol. 9, no. 3, May 2019, pp. 735-44, doi:10.18517/ijaseit.9.3.7360.
Citation Format :
It is difficult to implement an efficient detection approach for Intrusion Detection Systems (IDS) and many factors contribute to this challenge. One such challenge concerns establishing adequate boundaries and finding a proper data source. Typical IDS detection approaches deal with raw traffics. These traffics need to be studied in depth and thoroughly investigated in order to extract the required knowledge base. Another challenge involves implementing the binary decision. This is because there are no reasonable limits between normal and attack traffics patterns. In this paper, we introduce a novel idea capable of supporting the proper data source while avoiding the issues associated with the binary decision. This paper aims to introduce a detection approach for defining abnormality by using the Fuzzy Rule Interpolation (FRI) with Simple Network Management Protocol (SNMP) Management Information Base (MIB) parameters. The strength of the proposed detection approach is based on adapting the SNMP-MIB parameters with the FRI.  This proposed method eliminates the raw traffic processing component which is time consuming and requires extensive computational measures. It also eliminates the need for a complete fuzzy rule based intrusion definition. The proposed approach was tested and evaluated using an open source SNMP-MIB dataset and obtained a 93% detection rate. Additionally, when compared to other literature in which the same test-bed environment was employed along with the same number of parameters, the proposed detection approach outperformed the support vector machine and neural network. Therefore, combining the SNMP-MIB parameters with the FRI based reasoning could be beneficial for detecting intrusions, even in the case if the fuzzy rule based intrusion definition is incomplete (not fully defined).

J. Yu, H. Lee, M.-S. Kim, and D. Park, “Traffic flooding attack detection with snmp mib using svm,” Computer Communications, vol. 31, no. 17, pp. 4212-4219, 2008. [Online]. Available: http://dx.doi.org/10.1038/421805a

M. Almseidin and S. Kovacs, “Intrusion detection mechanism using fuzzy rule interpolation,” Journal of Theoretical and Applied Information Technology, vol. 96, no. 16, pp. 5473-5488, 2018.

E. H. Mamdani and S. Assilian, “An experiment in linguistic synthesis with a fuzzy logic controller,” International journal of man-machine studies, vol. 7, no. 1, pp. 1-13, 1975. [Online]. Available: https://doi.org/10.1016/S0020-7373(75)80002-2

T. Takagi and M. Sugeno, “Fuzzy identification of systems and its applications to modeling and control,” IEEE transactions on systems, man, and cybernetics, no. 1, pp. 116-132, 1985. [Online]. Available: https://doi.org/10.1109/TSMC.1985.6313399

Z. C. Johanyak and Sz. Kovacs, “A brief survey and comparison on various interpolation based fuzzy reasoning methods,” Acta Polytechnica Hungarica, vol. 3, no. 1, pp. 91-105, 2006.

Sz. Kovacs, “Fuzzy rule interpolation,” in Encyclopedia of Artificial Intelligence. IGI Global, 2009, pp. 728-733. [Online]. Available: https://doi.org/10.4018/978-1-59904-849-9.ch108

J. B. Cabrera, L. Lewis, X. Qin, W. Lee, and R. K. Mehra, “Proactive intrusion detection and distributed denial of service attacks—a case study in security management,” Journal of Network and Systems Management, vol. 10, no. 2, pp. 225-254, 2002. [Online]. Available: https://doi.org/10.1023/A:1015910917349

J. Yu, H. Kang, D. Park, H.-C. Bang, and D. W. Kang, “An in-depth analysis on traffic flooding attacks detection and system using data mining techniques,” Journal of Systems Architecture, vol. 59, no. 10, pp. 1005-1012, 2013. [Online]. Available: https://doi.org/10.1016/j.sysarc.2013.08.008

H.-W. Hsiao, C. S. Lin, and S.-Y. Chang, “Constructing an arp attack detection system with snmp traffic data mining,” in Proceedings of the 11th international conference on electronic commerce. ACM, 2009, pp. 341-345. [Online]. Available:http: //doi.acm.org/10.1145/1593254.1593309

W. Cerroni, G. Moro, R. Pasolini, and M. Ramilli, “Decentralized detection of network attacks through p2p data clustering of snmp data,” Computers & Security, vol. 52, pp. 1-16, 2015. [Online]. Available: https://doi.org/10.1016/j.cose.2015.03.006

W. Cerroni, G. Moro, T. Pirini, and M. Ramilli, “Peer-to-peer data mining classifiers for decentralized detection of network attacks,” in Proceedings of the Twenty-Fourth Australasian Database Conference-Volume 137. Australian Computer Society, Inc., 2013, pp. 101-107. [Online]. Available: http://dl.acm.org/citation.cfm?id= 2525416.2525427

S. Namvarasl and M. AHMADZADEH, “A dynamic flooding attack detection system based on different classification techniques and using snmp mib data,” International Journal of Computer Networks and Communications Security, vol. 2, no. 9, pp. 279-284, 2014. [Online]. Available: https://www.ijcncs.org

L. Garber, “Denial-of-service attacks rip the internet,” Computer, vol. 33, no. 4, pp. 12-17, April 2000. [Online]. Available: https://doi.org/10.1109/MC.2000.839316

M. Al-Kasassbeh and M. Adda, “Network fault detection with wiener filter-based agent,” Journal of Network and Computer Applications, vol. 32, no. 4, pp. 824-833, 2009. [Online]. Available: http://dx.doi.org/10.1016/j.jnca.2009.02.001

M. Al-Kasassbeh, “Network intrusion detection with wiener filterbased agent,” World Appl. Sci. J, vol. 13, no. 11, pp. 2372-2384, 2011.

M. Al-Kasassbeh and M. Adda, “Analysis of mobile agents in network fault management,” Journal of Network and Computer Applications, vol. 31, no. 4, pp. 699-711, 2008. [Online]. Available: https://doi.org/10.1016/j.jnca.2007.11.005

M. Al-Kasassbeh, G. Al-Naymat, and E. Al-Hawari, “Towards generating realistic snmp-mib dataset for network anomaly detection,” International Journal of Computer Science and Information Security, vol. 14, no. 9, p. 1162, 2016.

M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016. [Online]. Available: https://doi.org/10.1016/j.jnca.2015.11.016

J. Mirkovic and P. Reiher, “A taxonomy of ddos attack and ddos defense mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39-53, 2004. [Online]. Available: http://doi.acm.org/10.1145/997150.997156

A. H. Alqahtani and M. Iftikhar, “Tcp/ip attacks, defenses and security tools,” International Journal of Science and Modern Engineering (IJISME), vol. 1, no. 10, 2013.

M. Salunke, R. Kabra, and A. Kumar, “Layered architecture for dos attack detection system by combined approach of naive bayes and improved k-means clustering algorithm,” International Research Journal of Engineering And Technology, vol. 2, no. 3, pp. 372-377, 2015.

S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks,” IEEE communications surveys & tutorials, vol. 15, no. 4, pp. 2046-2069, 2013. [Online]. Available: https://doi.org/10.1109/ SURV.2013.031413.00127

L. A. Zadeh, “Fuzzy sets,” Information and control, vol. 8, no. 3, pp. 338-353, 1965. [Online]. Available: https://doi.org/10.1016/ S0019-9958(65)90241-X

S. Dhopte and N. Tarapore, “Design of intrusion detection system using fuzzy class-association rule mining based on genetic algorithm,” International Journal of Computer Applications, vol. 53, no. 14, 2012. [Online]. Available: https://doi.org/10.5120/8489-2436

Z. C. Johanyak and A. Szabo, “Tool life modelling using rbe-dss´ method and lesfri inference mechanism,” A GAMF Kozlem¨ enyei,´ Kecskemet´ , vol. 22, pp. 17-28, 2008.

Sz. Kovacs, “New aspects of interpolative reasoning,” in´Proceedings of the 6th. International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, Granada, Spain, 1996, pp. 477-482.

Sz. Kovacs and L. T. Koczy, “The use of the concept of vague´ environment in approximate fuzzy reasoning,” Fuzzy Set Theory and Applications, Tatra Mountains Mathematical Publications, Mathematical Institute Slovak Academy of Sciences, Bratislava, Slovak Republic, vol. 12, pp. 169-181, 1997.

F. Klawonn, “Fuzzy sets and vague environments,” Fuzzy Sets and Systems, vol. 66, no. 2, pp. 207 - 221, 1994. [Online]. Available: https://doi.org/10.1016/0165-0114(94)90311-5

Z. C. Johanyak, “Sparse fuzzy model identification matlab toolox-´ rulemaker toolbox,” in Computational Cybernetics, 2008. ICCC 2008. IEEE International Conference on. IEEE, 2008, pp. 69-74. [Online]. Available: https://doi.org/10.1109/ICCCYB.2008.4721381

M. ALKASASSBEH, “An empirical evaluation for the intrusion detection features based on machine learning and feature selection methods,” Journal of Theoretical and Applied Information Technology, vol. 95, no. 22, 2017.

Z. C. Johanyak and Sz. Kovacs, “Sparse fuzzy system generation by rule base extension,” in Intelligent Engineering Systems, 2007. INES 2007. 11th International Conference on. IEEE, 2007, pp. 99-104. [Online]. Available: https://doi.org/10.1109/INES.2007.4283680

Z. C. Johanyak, D. Tikk, Sz. Kovacs, and K. W. Wong, “Fuzzy rule interpolation matlab toolbox-fri toolbox,” In Fuzzy Systems, IEEE International Conference on, IEEE, pp. 351-357, 2006. [Online]. Available: https://doi.org/10.1109/FUZZY.2006.1681736

S. Sivanandam, S. Sumathi, S. Deepa et al., Introduction to fuzzy logic using MATLAB. Springer, 2007, vol. 1. [Online]. Available: https://doi.org/10.1007/978-3-540-35781-0

M. Almseidin, M. Alzubi, Sz. Kovacs, and M.Alkasassbeh, “Evaluation of machine learning algorithms for intrusion detection system,” in 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), Sept 2017, pp. 000277-000282. [Online]. Available: https://doi.org/10.1109/SISY.2017.8080566

Sz. Kovacs, “Extending the fuzzy rule interpolation "FIVE" by fuzzy observation”, Advances in Soft Computing, Computational Intelligence, Theory and Applications, Bernd Reusch (Ed.), Springer Germany, pp. 485-497, (2006).

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).