{"title":"入侵检测系统决策模型的模糊逻辑","authors":"A. Orfila, J. Rubiera, A. Ribagorda","doi":"10.1109/FUZZ.2003.1206608","DOIUrl":null,"url":null,"abstract":"Nowadays one of the main problems of Intrusion Detection Systems (IDS) is the high rate of false positives that they show. The number of alerts that an IDS launches are clearly higher than the number of real attacks. This paper tries to introduce a measure of the IDS prediction skill in close relationship with these false positives. So the prediction skill of an IDS is then computed according to the false positives produced. The problem faced is how to make an accurate prediction from the results of different IDS. The fraction of IDS over the total number of them that predicts a given event will determine whether such event is predicted or not. The performance obtained from the application of fuzzy thresholds over such fraction is compared with the corresponding crisp thresholds. The results of these comparisons allow us to conclude a relevant improvement when fuzzy thresholds are involved.","PeriodicalId":212172,"journal":{"name":"The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03.","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Fuzzy logic on decision model for IDS\",\"authors\":\"A. Orfila, J. Rubiera, A. Ribagorda\",\"doi\":\"10.1109/FUZZ.2003.1206608\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays one of the main problems of Intrusion Detection Systems (IDS) is the high rate of false positives that they show. The number of alerts that an IDS launches are clearly higher than the number of real attacks. This paper tries to introduce a measure of the IDS prediction skill in close relationship with these false positives. So the prediction skill of an IDS is then computed according to the false positives produced. The problem faced is how to make an accurate prediction from the results of different IDS. The fraction of IDS over the total number of them that predicts a given event will determine whether such event is predicted or not. The performance obtained from the application of fuzzy thresholds over such fraction is compared with the corresponding crisp thresholds. The results of these comparisons allow us to conclude a relevant improvement when fuzzy thresholds are involved.\",\"PeriodicalId\":212172,\"journal\":{\"name\":\"The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03.\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-05-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FUZZ.2003.1206608\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FUZZ.2003.1206608","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Nowadays one of the main problems of Intrusion Detection Systems (IDS) is the high rate of false positives that they show. The number of alerts that an IDS launches are clearly higher than the number of real attacks. This paper tries to introduce a measure of the IDS prediction skill in close relationship with these false positives. So the prediction skill of an IDS is then computed according to the false positives produced. The problem faced is how to make an accurate prediction from the results of different IDS. The fraction of IDS over the total number of them that predicts a given event will determine whether such event is predicted or not. The performance obtained from the application of fuzzy thresholds over such fraction is compared with the corresponding crisp thresholds. The results of these comparisons allow us to conclude a relevant improvement when fuzzy thresholds are involved.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
