Dissertation Defense by E. Allison Newcomb
Title: A Fuzzy Logic Approach for Effective Prioritization of Network Intrusion Alerts
Date & Time: November 18, 2016; 1:30-3:30pm
Location: YR 401, Towson University
Abstract: Defending computer networks against infiltrations is a complex task. Intrusion detection systems alert analysts to activity that breaches security policy, but the alerts must be investigated to determine whether the activity was benign, suspicious or malicious. The attack surface is vast, the network components are heterogeneous, and the wide array of software applications complicate the analyst’s investigation. Experience has shown that decreasing the time between an alert firing and starting an investigation (lag time) is essential to improving the security of the network.
This dissertation addresses the issue of shortening the lag time through the implementation of a fuzzy logic construct, the novel use of a military targeting methodology, and a related business process improvement. Models were developed and simulations executed to validate the efficacy of the fuzzy logic construct and experiments using datasets from cyber defense competitions were performed to validate its efficacy. Results demonstrate that the method of identifying network critical assets and the resulting fuzzy logic rules significantly decrease lag time. These results also show that the increased granularity in the fuzzy logic rules leads to greater understanding of the network environments for which the computer and information security staff are responsible.