Application of dynamic fuzzy rule interpolation for intrusion detection: D-FRI-Snort

Application of fuzzy rule interpolation (FRI) has been escalating for making intelligent systems viable in many areas. However, requirements of such systems may change over time and the supporting static rule base may not be able to provide accurate interpolation results in the long run. Dynamic fuzzy rule interpolation (D-FRI) is one of the potential solutions for this problem, a such has been developed in the last few years to fulfil the requirements of dynamic and pertinent rule bases for intelligent systems. Nevertheless, applications of the proposed D-FRI approach need further investigation. One potential application is for network security that is one of the biggest concerns of any organisation irrespective of their size and nature of business. Intrusion detection systems (IDSs) are considered as one of the most popular and effective security tools for generating alerts to systems or network administrators to inform possible or existing threats. A standard IDS may not be very effective or even unsuitable for an organisational or individual's requirements. This paper presents an application of D-FRI for building an effective IDS. In this implementation, the most popular open source IDS, Snort is used and the resultant intelligent IDS is named D-FRI-Snort. Experimental analysis shows that the integration of D-FRI with the IDS Snort provides an additional level of intelligence to predict the level/sensitivity of possible threats. It also provides a dynamic rule base by promoting new rules based on the current network traffic conditions, which helps Snort to reduce both false positives and false negatives.