Mining DoS attack sequences on Network Traffic using Fuzzy Time Interval

Intrusion of network which couldn't be analyzed, detected and prevented may make whole network system paralyze while the abnormal detection can prevent it by detecting the known and unknown character of data. Many intrusions aren’t composed by single events, but by a series of attack steps in chronological order. Analyzing the order in which events occur can improve the attack detection accuracy and reduce false alarms. Intrusion is a multi step process in which a number of events must occur sequentially in order to launch a successful attack. Although conventional sequential patterns can reveal the order of attack events, the time between events can also be determined but it causes the sharp boundary problem. That is, when a time interval is near the boundary of two predetermined time ranges, one either ignore or overemphasize it. Therefore, this paper uses the concept of fuzzy sets so that Dos attack sequential patterns are discovered on network traffic in fuzzy time interval. In this paper, an apriori based candidate generation algorithm has been implemented with Fuzzy time intervals to detect Dos attack sequences. The experimental results are also compared with the dataset which is generated by the SPMF sequential dataset generator.