Fuzzy Analysis of Network Incidents

M. Shajari and A.A. Ghorbani (Canada)


Intrusion Detection, Signaturebased Detection, Anomaly based Detection, Fuzzy logic


Current approaches to network intrusion detection suffer from two major problems. Unknown attacks go undetected, and moreover, any attempt to detect new attacks results in excessive false alarms. We propose fuzzy signatures to deal with these problems. A fuzzy signature can be defined in a general form to detect a group of attacks that belong to the same family. Partial knowledge about an attack is usually sufficient to write a generalized fuzzy signature that can detect different variations of a known network attack (including new ones). The major strength of a fuzzy signature is its capability to reveal the degrees of suspicion and threat of an ongoing attack. This detailed analysis of the attack is useful for estimating the severity of the ongoing attack as well as avoiding false positives. It also enables the system to launch a cost-effective response. An example that shows the results of a network attack analysis by using a general fuzzy signature is also presented.

Important Links:

Go Back