Fuzzy Rule Interpolation and SNMP-MIB for Emerging Network Abnormality

TL;DR

This paper presents a novel intrusion detection approach that combines Fuzzy Rule Interpolation with SNMP-MIB parameters, avoiding raw traffic analysis and binary decision issues, achieving high detection accuracy.

Contribution

It introduces a new method integrating SNMP-MIB parameters with FRI for intrusion detection, reducing computational complexity and overcoming incomplete fuzzy rule definitions.

Findings

Achieved 93% detection rate on open source dataset

Outperformed support vector machine and neural network methods

Eliminated need for raw traffic processing and complete fuzzy rules

Abstract

It is difficult to implement an efficient detection approach for Intrusion Detection Systems (IDS) and many factors contribute to this challenge. One such challenge concerns establishing adequate boundaries and finding a proper data source. Typical IDS detection approaches deal with raw traffics. These traffics need to be studied in depth and thoroughly investigated in order to extract the required knowledge base. Another challenge involves implementing the binary decision. This is because there are no reasonable limits between normal and attack traffics patterns. In this paper, we introduce a novel idea capable of supporting the proper data source while avoiding the issues associated with the binary decision. This paper aims to introduce a detection approach for defining abnormality by using the Fuzzy Rule Interpolation (FRI) with Simple Network Management Protocol (SNMP) Management Information Base (MIB) parameters. The strength of the proposed detection approach is based on adapting the SNMP-MIB parameters with the FRI. This proposed method eliminates the raw traffic processing component which is time consuming and requires extensive computational measures. It also eliminates the need for a complete fuzzy rule based intrusion definition. The proposed approach was tested and evaluated using an open source SNMP-MIB dataset and obtained a 93% detection rate. Additionally, when compared to other literature in which the same test-bed environment was employed along with the same number of parameters, the proposed detection approach outperformed the support vector machine and neural network. Therefore, combining the SNMP-MIB parameters with the FRI based reasoning could be beneficial for detecting intrusions, even in the case if the fuzzy rule based intrusion definition is incomplete (not fully defined).