INTRUSION DETECTION IN NETWORKS UNDER CONDITIONS OF UNCERTAINTY
DOI:
https://doi.org/10.18372/2410-7840.27.21184Keywords:
intrusion detection, information security, uncertainty, fuzzy logic, risk, IDS, ROC curveAbstract
The article addresses the problem of intrusion detection in computer networks under conditions of uncertainty caused by incomplete and inaccurate data, the dynamic nature of network traffic, the concealed character of modern attacks,
and the use of encryption mechanisms. The limitations of traditional signature-based intrusion detection systems are demonstrated, as they fail to provide sufficient effectiveness in the absence of complete attack descriptions and lead to an increased number of false positives and missed threats. A conceptual model of a hybrid intrusion detection system is proposed, combining signaturebased, anomaly-based, and fuzzy-logic approaches. To formalize uncertainty, fuzzy set theory is employed, including fuzzification of network traffic parameters and defuzzification to obtain an integral threat indicator. An uncertainty coefficient is
introduced, enabling a quantitative assessment of the impact of incomplete information on the level of intrusion risk. A mathematical model describing the dependence of risk on uncertainty is proposed and its properties are analyzed.
The approach is based on mathematical modeling and methods for processing imprecise information, which enhances the adaptability of intrusion detection systems (IDS) and their ability to operate effectively under uncertainty. The application of
fuzzy logic, probabilistic models, and machine learning algorithms provides a foundation for reducing false alarms and achieving more accurate identification of potential threats. An algorithmic approach to constructing an IDS with an adaptive detection threshold that varies according to the level of environmental uncertainty is developed. A methodology for evaluating the
probability of attack detection and the false positive rate using ROC curves is presented, along with numerical examples demonstrating the effectiveness of the proposed approach. The results confirm that the use of fuzzy logic and probabilistic models
improves intrusion detection accuracy, reduces the number of false alarms, and ensures the adaptability of protection systems to new and previously unknown attack scenarios.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
