Model Decision Rules to Detect Anomalies in Information Systems

Abstract

The disadvantage of modern intrusion detection systems, built on the principle of identifying the abnormal condition is that they are mainly focused on the use of mathematical models that require a lot of time to prepare statistics. Mathematical models based on expert approaches in this regard are more effective, but for the performance of its functions require the use of appropriate decision rules. For solving this problem, we propose a model of decision rules on fuzzy logic, which through the use of a plurality of pairs of "invasion: the value" and "Invasion: the set of conjugate pairs", as well as models of reference values allows you to display an abnormal condition, generates a certain type of cyber attack in computer network. Based on this model there have been developed examples of rules to detect such intrusions as scanning, spoofing and Dos-attacks that can practically be used to improve real systems intrusion detection mechanism is used to identify anomalies generated by the actions of attacking computer systems.