Design and Analysis of Probe Detection Systems for TCP Networks
Se-Yul Lee*, and Yong-Soo Kim**
*Dept. of Computer Science, Chungwoon University, San29 Namjang-Ri, Hongseong-Eup, Hongseong-Gun, Chungnam 350-701, Korea
**Division of Computer Engineering, Daejeon University, 96-3 Yongun-Dong, Dong-Gu, Daejeon 300-716, Korea
Advanced computer network technology enables the connectivity of computers in an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and cannot detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We propose a network-based intrusion detection model using fuzzy cognitive maps (FCM) that detects intrusion by Denial of Service (DoS) attack detection using packet analysis. A DoS attack typically appears as a Probe and Syn Flooding attack. Syn Flooding Preventer using Fuzzy cognitive maps (SPuF) model captures and analyzes packet information to detect Syn flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulation using the “KDD’99 Competition Data Set” for the SPuF model shows that Probe detection exceeded 97%.