have become much dependent on computers for banking, healthcare, shopping,
telecommunication Security has now become a basic requirement because computers
and other resources have become inherently insecure. Security issues like
Denial of Service, TCP SYN Flooding attack, Packet Dropping attacks and Distributed
Denial of Service attacks are some of the methods by which unauthorized users
make the resource unavailable to authorized users. There are several security
mechanisms like Intrusion Detection System, Anomaly detection, Trust models by
which we can be able to detect and prevent misuse of computer resources by
unauthorized users. This paper presents a survey of several security mechanisms
which have been implemented using Fuzzy. Fuzzy logic is one of the rapidly
developing technology which is used in sophisticated control system. Fuzzy
logic deals about the degree of truth rather than the Boolean logic which
carries the values of either true or false. So instead of providing only two
values we will be able to define intermediate values.
logic; Security;Denial of Service; Distributed Denial of Service; Intrusion
Detection System; Trust Management
There is a need to protect information from unauthorized
access while also still allowing access to those who need it. It is also a need
for a system in places which guarantees the availability of resources at all
time. An organization has to protect the data it collects and uses. So there
have been the need to provide security mechanism which can be used to detect
and prevent disclosure, leaking of data to unauthorized parties.
In general, there are three main objectives for computer
security. They are Confidentiality, Integrity and Availability. Confidentiality
is the steps taken to ensure that the sensitive information is not disclosed or
accessed by wrong people. Confidentiality is similar to privacy. Integrity
ensures that the data is not altered by unauthorized persons. Also, Integrity
is to ensure that the accuracy, consistency and trustworthiness of data is
maintained at all time. Availability is to make sure that the resources are
available to users at all times. If availability is not maintained this will
lead to denial of service attacks.
The term fuzzy logic was first coined by Lotfi Zadeh in
the year 1965. But Fuzzy logic had been studied as infinite-valued logic 1920s.
Before the advent of Fuzzy logic there was Classical logic. It was known to be
as bivalent logic which means that it can accept only two possible truth values
either true or false.
Whereas Fuzzy logic is a multi-valued logic which can
allow intermediate values. Since it can be used to accept multi values it has
the ability to accept the concept of partial truth. Fuzzy logic in general will
deal about the degree of truth. Approaches other than fuzzy logic need accurate
equations to model real world behaviour whereas a fuzzy based design can
accommodate the ambiguities of real world human language and logic.
of security mechanisms
As mentioned in
previous section there are three main objectives for a computer security namely
Confidentiality, Integrity and Availability. They are commonly referred to as
CIA Triad as mentioned in Fig. 1.
Objectives of Computer security.
different methods by which the Confidentiality of the data be maintained. The
first method is authentication. Authentication will ensure that only authorized
users who have user identification and password are allowed access the data. The
other method to maintain the confidentiality is to enforce access control and
file permissions. The other most common method is by the process of encryption
and decryption. Encryption is the process of converting from plain text to
cipher text and decryption is the process of converting from Cipher text to
used to make sure that the data is not being altered by unauthorized parties.
The best method to protect the integrity of data is by hashing the data. In a
hash function, the sender generates a hash function of the message and appends
it with the original message. At the receiver end the receiver splits the
message and hash function. The receiver then recalculates the hash value for
the message. If this hash value matches with the hash value sent by the sender
matches, then the message received is unaltered else it is altered.
to make sure that the computer resources are available to authorized users at
all times. The best available method for availability is by redundancies. Some
of the other means to protect availability is using ant-virus software and
Intrusion Detection System.
are some of the security mechanisms followed by Users, Organizations to protect
their sensitive data from unauthorized users.
An Intrusion Detection System is a software application or
a hardware device that will be used to monitor the network traffic for malicious
activity and reports the same to the system or the network administrator. The
main difference between a firewall and IDs is that firewall cannot stop an
attack which occurs within the network whereas an IDS can be able to detect attacks
that originate from within a system. This is possible since it will examine the
network communications. An example of IDS is shown in Fig.2 below.
Fig.2. Intrusion Detection System.
There are two common types of Intrusion Detection Systems
available. The first type is called as Network Intrusion Detection System(NIDS).
NIDS is used to monitor the network traffic of all the devices that are
connected within the network. For instance, if a NIDS is installed near a
firewall, the NIDS can raise an alarm if someone tries to break a firewall.
The second type is known as Host Intrusion Detection
System (HIDS). An HIDS is a type of IDS where the incoming and outgoing packets
of a particular device is monitored If a suspicious activity is detected, then HIDS
will alert the user or the administrator.