Multi-Level Monitoring and Fuzzy Clustering to detect Cyber Attacks
Dipankar Dasgupta, (The University of Memphis), email@example.com,
Jonatan Gomez, (The University of Memphis), firstname.lastname@example.org, and
Fabio Gonzalez, (The University of Memphis), email@example.com
The paper investigates behavior-based techniques for detecting intrusion/anomalies. Specifically, this approach monitors data at multiple levels (from packet to user-level) in order to determine correlation among the observed parameters for efficiently detecting cyber attacks. In particular, we developed an efficient clustering and recognition techniques that can characterize the abnormal behavior to determine cyber attacks.
We applied techniques based on modeling the normal behavior (positive characterization) based on a set of normal usage data. Then, we used normal usage data to build models for abnormal behavior (negative characterization) in complement space inspired by the natural immune system.
Our work attempts to handle the uncertainty inherent in the usage data and in the decision making process using fuzzy sets to describe the input parameter space, and the normal behavior patterns. Then used fuzzy rules to build a decision support system for the detection of cyber attacks.
In particular, we investigated clustering methods that allow the data to belong to several clusters with different fuzzy membership degrees, can yield an accurate model even in the presence of noise or outliers, can automatically determine the number of clusters, and can yield elastic models that can easily adapt to fluctuations in the monitored system behavior.