On Detecting Port Scanning Using Fuzzy Based Intrusion Detection System
Source: American University of Sharjah
Intrusion detection is a mechanism used to detect various attacks on a wired or wireless network. Port scanning is one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous Network Intrusion Detection System (NIDS), detects a port scanning attack by combining and analyzing various traffic parameters. Because these parameters cannot be easily combined using a mathematical formula, fuzzy logic can be used to combine them; fuzzy logic can also reduce the number of false alarms. This paper presents a novel approach, based on fuzzy logic, to detect port scanning attacks. A fuzzy logic controller is designed and integrated with Snort in order to enhance the functionality of port scanning detection. Experiments are carried out in both wired and wireless networks.