Fuzzy IDS as a service on the cloud for malicious TCP port scanning traffic detection

Firas Saidi, Zouheir Trabelsi, Henda Ben Ghazela

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Port scanning is a first common discovering step which allows cyber malicious actors to gather valuable information about target hosts namely defense, governmental and banks servers by trying to identify instantly open ports, which correspond to specific services on the cloud, such as HTTP, DNS, and email. This paper aims to introduce a detection and evaluation approach for port scanning attacks in various contexts and levels of criticity based on fuzzy reasoning method. A new fuzzy logic controller, which uses fuzzy rules base and the Mamdani inference method is proposed as Intrusion Detection System as a Service, which dynamically detect and evaluate the criticity of port scanning. This SaaS enables network administrators and cyber security specialists to follow in real time the network traffic behavior, i.e., the Port Scanning Criticity Level (PSCL). A Dynamic dashboard is implemented to quickly and efficiently identify malicious port scanning activities. Experimentations and evaluations showed the efficiency of the proposed system in multilevel port scanning detection compared to Snort and the related IDS systems.

Original languageEnglish
Pages (from-to)171-180
Number of pages10
JournalIntelligent Decision Technologies
Volume14
Issue number2
DOIs
Publication statusPublished - 2020

Keywords

  • IDS
  • PSCL
  • fuzzy IDS as a service
  • fuzzy logic controller
  • mamdani inference
  • port scanning

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Fuzzy IDS as a service on the cloud for malicious TCP port scanning traffic detection'. Together they form a unique fingerprint.

Cite this