Fuzzy Aided Application Layer Semantic Intrusion Detection System - FASIDS

TL;DR

This paper presents FASIDS, a novel intrusion detection system combining semantic and fuzzy logic approaches to identify application layer intrusions in HTTP traffic, improving detection of complex malicious patterns.

Contribution

The paper introduces a hybrid Fuzzy and Semantic IDS specifically designed for application layer security, enhancing detection of subtle and repeated malicious activities.

Findings

Effective detection of repeated short-interval malicious patterns

Improved accuracy in identifying application layer intrusions

Integration of fuzzy logic with semantic rules enhances detection capabilities

Abstract

The objective of this is to develop a Fuzzy aided Application layer Semantic Intrusion Detection System (FASIDS) which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time interval. For detecting such malicious activities, FASIDS is proposed in this paper. At application layer, HTTP traffic's header and payload are analyzed for possible intrusion. In the proposed misuse detection module, the semantic intrusion detection system works on the basis of rules that define various application layer misuses that are found in the network. An attack identified by the IDS is based on a corresponding rule in the rule-base. An event that doesn't make a 'hit' on the rule-base is given to a Fuzzy Intrusion Detection System (FIDS) for further analysis.