Prioritization of Detected Intrusion in Biometric Template Storage for Prevention using Neuro-Fuzzy...

7/29/2019 Prioritization of Detected Intrusion in Biometric Template Storage for Prevention using Neuro-Fuzzy Approach

1/9

PRIORITIZATION OF DETECTED INTRUSIONIN BIOMETRIC TEMPLATE STORAGE FOR

PREVENTION USING NEURO-FUZZY

APPROACHProf. Maithili Arjunwadkar , Prof. Dr. R. V. Kulkarni

AbstractThe biometric authentication process is vulnerable to attacks, which can decline its security. To enhance the security of

biometric process, Intrusion detection and prevention techniques are significantly useful. In this paper, a Neuro-Fuzzy approach is used

to decide priorities for detected intrusions in biometric template storage to implement preventive actions. A Neuro-Fuzzy approach is

used. We used FuzzyJess and Java to achieve this prioritization. Priority table is produced as output which is useful to security

administrator to implement preventive actions for detected intrusion in biometric template storage.

Keywords:Biometric template, intelligent agent, Java Expert System Shell(JESS), FuzzyJess, fuzzy logic

1 INTRODUCTION

Biometric process or biometric encryption process isdivided into two processes namely enrollment &authentication process. During the enrollmentprocess, the users physiological & behavioralcharacteristics are captured by the sensor. Thedifferent feature extractor or key binding algorithmsare used to create biometric template. The template

is stored during enrollment process to be comparedin the future to the one produced during anauthenticate process. The stored template & the oneproduced during authentication process iscompared by matching algorithm that producesmatching result (response Yes/NO). The matchresponse then sends to the application, on which adecision algorithm is implemented for grantingaccess or not to the user. Ratha et al. [1] analyzedthese attacks and grouped them into eight classes.Dimitriadis [2] also suggests different attacks onbiometric process. The biometric template stores insmart card, central repository, sensing device.

Attacks on the biometric template storage can leadto the vulnerabilities like insertion of a faketemplate, modification of an existing template,removal of an existing template, and replicate thetemplate which can be replayed to the matcher togain unauthorized access. Maithili et al [3] proposedan intelligent tool which assists in detection ofintrusions in biometric template storage.

In this paper authors propose an intelligent agentwhich assists to decide the priority for prevention ofintrusion in the biometric template storage usingNeuro-Fuzzy. Neural Network (NN) can be learnfrom data but cannot be interpreted. They are blackboxes to the user. A fuzzy system consists ofinterpretable linguistic rules but they cannot learn.A fuzzy rule-based model constructed using NN toconstruct its fuzzy partition of the input space. Weuse learning algorithm from the domain of neuralnetworks to create fuzzy system from data. Thelearning algorithm can learn both fuzzy sets andfuzzy rules and can also use prior knowledge.A Neuro-Fuzzy system is a fuzzy system that uses alearning algorithm derived from or inspired byneural network theory to determine its parameters(fuzzy sets and fuzzy rules) by processing datasamples. A Neuro-Fuzzy system can be viewed as a3-layer feedforward neural network. The first layerrepresents input variables, the middle (hidden) layerrepresents fuzzy rules and the third layer representsoutput variables. Fuzzy sets are encoded as (fuzzy)connection weights. It is not necessary to represent afuzzy system like this to apply a learning algorithmto it. However, it can be convenient, because itrepresents the data flow of input processing andlearning within the model. Neural networks canlearn from data, but cannot be interpreted; they areblack boxes to the user. Fuzzy Systems consist of

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 12, DECEMBER 2012, ISSN (Online) 2151-9617

https://sites.google.com/site/journalofcomputing

WWW.JOURNALOFCOMPUTING.ORG 17

2012 Journal of Computing Press, NY, USA, ISSN 2151-9617


2/9

interpretable linguistic rules, but they cannot learn.The learning algorithms can learn both fuzzy sets,and fuzzy rules, and can also use prior knowledge.Membership functions can either be chosen by theuser arbitrarily, based on the users experience (MFchosen by two users could be different depending

upon their experiences, perspectives, etc.) Or bedesigned using machine learning methods (e.g.,artificial neural networks, genetic algorithms, etc.)There are different shapes of membership functions;triangular, trapezoidal, piecewise-linear, Gaussian,bell-shaped, etc.

2 PROPOSED SYSTEM

The proposed Neuro-Fuzzy model used isfeedforward architecture with five layers of neurons.A feedforward neural network is an artificial neuralnetwork where connections between the units donot form a directed cycle. It maps a fuzzy system to

a neural network that will simulate the inferenceprocess executed in the fuzzy system. Maithili et al3developed intelligent agent as Biometric TemplateStorage Intrusion Detection Assistant which shownin fig.1. The screen of the Biometric TemplateStorage Intrusion Detection Assistant whichdisplays two tables namely User Intrusion whichcontains suspicious activities of normal users andDBA intrusion which contains suspicious activitiesof DBA. Three tables which are used as suspicioususer frequency, suspicious host frequency andsuspicious host frequency used by DBA login. Thesetables are used to find out most suspicious user or

host and that knowledge is used for taking anypreventive actions. One bar graph shows whichtransaction is done repeatedly as suspicious activityby normal user while another one that of DBA.We use the first layer of the fuzzy neural systemreceives input values and feeds them to the secondlevel, so it has four inputs namely type of user,suspicious host frequency, suspicious userfrequency and transaction type. The second layerdetermines the degree of membership of eachvariable to the fuzzy sets to which it belongs. Thethird layer represents the fuzzy rules that willcombine the input variables using rules of the type

if-then. In the next layer, each node will representone fuzzy set from the consequent elements of therules, the output variables. The architecture ofproposed model is shown in fig.2.Fuzzy concepts are represented using fuzzyvariables, fuzzy sets and fuzzy values. AFuzzyVariable is used to describe a general fuzzyconcept. It consists of a name (for example,

Suspicious Host Frequency, Suspicious UserFrequency, a range (for example, from 0 to Maxvalue), and a set of fuzzy terms that can be used todescribe specific fuzzy concepts for this variable.The fuzzy terms are defined using a term name suchas Very High, High, Low, and Very Low together

with a Fuzzy Set that identifies the degree ofmembership of the term over the range of the fuzzyvariable.

Jess, the Java Expert System Shell, provides a richand flexible environment for creating rule-basedExpert systems. The rules of jess allow one to buildsystems. However these facts and rules cannotcapture any uncertainty or ambiguity which ispresent in the domain. But extension of Jess thatallows some form of uncertainty to be captured andrepresented using fuzzy sets and fuzzy reasoning.The NRC FuzzyJ Toolkit can be used to create Javaprograms that encode fuzzy operations and fuzzy

reasoning. However, a rule based expert systemshell (Jess) provides a convenient and suitable wayto encode many types of applications. Fuzzy logicprograms fit nicely into the rule based paradigm. Anintegration of the FuzzyJ Toolkit and Jess isFuzzyJess [4]-[5]. FuzzyJess provides a great dealmore flexibility in the fuzzy patterns and does notrequire internal changes to any Jess parsingtechnique. When fuzzy facts are asserted in therules, FuzzyJess automatically takes care of theglobal contribution issue. As identical fuzzy facts areasserted from different rules the contribution fromeach rule is accumulated. A fuzzy rule fires in Jess

when the fuzzy (and crisp) patterns on the left handside of the rule match. The fuzzy matching iscontrolled by the use of the fuzzy-match function.However when the right hand side of the rule isexecuted it is often necessary to know what fuzzyvalues matched the fuzzy patterns specified in thefuzzy match function calls. In particular, thisinformation is required when a fuzzy fact is beingasserted since the shape of the fuzzy value beingasserted depends on the degree of matching of thefuzzy patterns on the right hand side.

2.1Fuzzy Inference EngineThe inference engine makes use of FuzzyJess toevaluate fuzzy logic rules. The inputs to the FuzzyInference Engine are Fuzzification of the inputVariables i.e. FuzzyVariable in FuzzyJess, The fuzzyrules fired within the FuzzyJess environment andthe records, which are asserted as facts in FuzzyJess.FuzzyJess can be configured to use Mamdani orLarsen inference mechanisms to compute the firingstrength of each rule applied to each fact. Mamdani




http://en.wikipedia.org/wiki/Artificial_neural_networkhttp://en.wikipedia.org/wiki/Artificial_neural_networkhttp://en.wikipedia.org/wiki/Directed_cyclehttp://en.wikipedia.org/wiki/Directed_cyclehttp://en.wikipedia.org/wiki/Artificial_neural_networkhttp://en.wikipedia.org/wiki/Artificial_neural_network


3/9

Method uses the minimum operation as fuzzyimplications and the max-min operator for thecomposition. Larsen method uses the productoperation as a fuzzy implication and the max-product operator for the composition. Theevaluation of rules begins with the analysis of the

antecedent. Rules fire until no more rules match thefacts in working memory. Only one rule fires percycle. The inference engine will match the factsagainst fuzzy rules, fire rules and execute theassociated actions shown in fig 3.

2.2Our approachA simple implementation of knowledge basedBiometric Template storage Intrusion Detectionassistant is portrayed3. This intelligent agent islocated on the Biometric Template storage database.The intrusion detection is executed in back-ground.When it detects suspicious or illegal activities, itnotifies the security administrator. For detectingintrusive activities, IDS can use audit file data. Weconsider Distributed HOST-based IDS which arein-charge of monitoring several hosts. It performsintrusion detection using Operating Systems audittrail, RDBMS audit trail or information frommultiple monitored hosts. Using this intelligentassistant tool we got user role either DBA or normaluser, suspicious user name and number of times thatuser tried for intrusion, suspicious host machinename and number of times that host machine usedfor intrusion and data about how many times anyuser tried transactions like modify existing biometric

template, Insert a fake biometric template, deleteexisting biometric template and copy the biometrictemplate for another use. All these values arealready stored in facts.We retrieve these values from fact to decidepriorities of detected intrusions in biometrictemplate storage for preventive actions.

(i) Identity the four parameters or features of theproblem statement.a.Type of user which decides intrusion made

by DBA or other normal user.

b.Suspicious Host frequency which determinesnumber of times intrusion made from

suspicious host machine.c.Suspicious User frequency which determinesnumber of times intrusion made bysuspicious user.

d.Type of transaction which suggest intrusionmade by using Update, Delete, Insert or CopyBiometric Template.

(ii)Classify the parameters or features dependingon their uncertainty or crisp nature.a. USERTYPE and TRANSACTION both are

crisp variables because values are crispnature.

b. SUSPICIOUS HOST FREQ andSUSPICIOUS USER FREQ are the fuzzyvariables because of uncertainty.

(iii)Once the parameters are classified use fuzzylogic for modeling the uncertain parameters orfeatures referred as fuzzification.a. We classified fuzzy variables in VeryLow,

Low, High, VeryHigh fuzzy values aslinguistic expressions to describe fuzzyconcepts in an English-like manner.

b. SUSPICIOUS HOST FREQ andSUSPICIOUS USER FREQ ; fuzzy variablesranges are decided by automated learningmethod. We use RFuzzySet for VeryLow,

two TriangularFuzzySet for Low and Highand LFuzzySet for VeryHigh(corresponding to names defined in theFuzzy Jess Library). Here we show exampleof SUSPICIOUS HOST FREQFuzzyVariable. Similarly we defineSUSPICIOUS USER FREQ FuzzyVariable.

c. Logic used for fuzzification of the inputvariables (shown in fig. 3)

1. Collect SUSPICIOUS HOST FREQ andSUSPICIOUS USER FREQ into array

2. Find out minimum number (min) andmaximum number(max) of array

3. Assume X1 as 0.0.4. Calculate difference between max andmin.

5. Store X2 as difference between maxand min.

6. Store X3 as twice the differencebetween max and min.

7. Store X4 as thrice the differencebetween max and min.

8. Store X5 as max.9. Calculate X23 as (X2+X3)/2 and X34

as (X3+X4)/2

(Fig 4: membership functions and linguistic expression)






4/9

(Fig 4: membership functions and linguistic expression)

(iv)Encode FuzzyRules after fuzzification ofuncertain variables. The FuzzyRule holds threesets of FuzzyValues representing theantecedents, conclusions and input values of therule.a. As per literature survey we developed more

than 128 fuzzy rules to deicide priorities forpreventive actions. Some of the rules areshown in Table 1.

b. We develop control rule using salienceproperty. By setting salience property to -100 it will fire only after the other ruleshave fired. It is necessary to perform specialprocessing of fuzzy facts being asserted. Arule might perform the following assert onits right hand side:

These rules are converted into FuzzyJess. Forexample Rule 1 is as follows.

The fuzzy-match function compares a fuzzy value inthe fact (slot ?t) to a fuzzy value defined in thesecond parameter of the fuzzy match function. Thefuzzy-match function takes two arguments: eitherboth FuzzyValue objects or a FuzzyValue object anda string that represents a valid fuzzy expression. Ifone of the arguments is a string then it will be

converted to a FuzzyValue using the FuzzyVariableassociated with the other FuzzyValue argument.When fuzzy facts are asserted in the rules, FuzzyJessautomatically takes care of the global contributionissue. As identical fuzzy facts are asserted fromdifferent rules the contribution from each rule isaccumulated. Because of this it is necessary to allowall of these rules to fire before the final globalconclusion is used. This is done using the salienceproperty in the control rule. Salience is an intrinsicrule property that specifies a rule's priority relativeto all other rules. The default salience for all rules iszero. Setting a rule's salience to a large positive

value will give that rule a higher priority above allrules of lesser salience. Likewise, giving a rule alarge negative value will demote it in priority belowall rules of greater salience. By setting it to a valueof 100 it will fire only after the other rules havefired.

2.3 Result Screen

Resultant output screen shown in fig 5.

(assert(shostf(new nrc.fuzzy.FuzzyValue?*shostfrqFvar*(new nrc.fuzzy.TriangleFuzzySet ?t ?t ?t ))))

(defrule pr1?a1


5/9

In the output screen shows table which containscolumn like Priority, type of User, Username,Suspicious User Frequency, Host Name, SuspiciousHost Frequency and Transaction type. Here thistable will display as intelligent agent which can benotifies by security administrator to implement

preventive actions. The priority column showsvalues like VeryLow, Low, Medium High andVeryHigh. The User Type column shows user isDBA or other normal user. User Name columnshows user name of both type of user. Thesuspicious User Frequency column shows numberof times that user performs suspicious transaction;name of suspicious transaction is also display in thecolumn User Action. Similarly Suspicious Userfrequency shows number of times host machineused for suspicious activity; machine-id is alsodisplay in the column Host Name. Table can be sorton any column. As per organization policy security

administrator can implement preventive actioneither using triggers for transactions, blocksuspicious user or suspicious host.

3 CONCLUSION

In this paper, a Neuro-Fuzzy approach is used toprioritization for detected intrusion to implementpreventive actions. A Neuro-Fuzzy approach is usedfor automatic learning to decide ranges of fuzzyvariables and fuzzifications. We achieved this usingFuzzyJess and Java. Priority table is produced asoutput which is useful to security administrator toimplement preventive actions.

4 FUTURE WORK

In this paper we develop prioritization for detectedintrusion to implement preventive actions using

Neuro-Fuzzy approach. In future the authors wouldlike to expand research to detect other intelligent

agents to detect intrusions in biometric system.

5 REFERENCES[1] Ratha, N.K., J.H. Connell, and R..M.. Bolle, Enhancing

security and privacy in biometrics-based authenticationsystems, IBM Systems Journal, vol. 40, no. 3[2] Biometric risk and controls by Christos K. Dimitriadis in

Information Systems control Journal Vol 4 2004[3] Maithili Arjunwadkar and Dr. R.V. Kulkarni The

Intelligent Intrusion Detection Tool For BiometricTemplate Storage published in Journal of ArtificialIntelligence ISSN: 22293965 & E-ISSN: 22293973,Volume 3, Issue 1, 2012, pp.-42-48

[4] L. A. Zadeh, Fuzzy sets, Information and Control, pp.338-353, 1965.

[5] Orchard, R. Fuzzy Reasoning in Jess: The FuzzuJ Toolkitand FuzzyJess Proceedings of the ICEIS 2001, ThirdInternational Conference on Enterprise InformationSystems, Setubal, Portugal. Jully 7-10,2001. Pp 533-542.NRC 44882.

Ms. Maithili Arjunwadkar B.Sc. (Electronics) , MCA,Pursuing PhD. from Symbiosis International Universityunder faculty of Computer Studies. She is working as

Assistant Professor in P.E.Ss Modern College ofEngineering, Pune-5 , Maharashtra , India

Dr. R.V. Kulkarni PhD. , working as professor inSIBER, Kolhapur, Maharashtra , India , Registeredguide in various Universities of India






6/9

(Fiq. 1 shows screen of intelligent agent)






7/9

(Fig. 2 Proposed neuro-fuzzy approach)

(Fig. 3 Fuzzy Production System)

Facts

Rules

1. Match Facts against Fuzzy rules.

2. Recognize rules that can fire

3. Act: Fire top rank rule.

Knowledgebase

Working

Memor

Inference Engine






8/9

TABLE 1

Few Examples of Fuzzy Rules

RULE - 1:

IF USERTYPE IS DBA AND

SUSPICIOUS HOST FREQ IS VeryHigh AND

SUSPICIOUS USER FREQ IS VeryHigh

TRANSCATION IS Modification

THEN PRIORITY IS VeryHigh

RULE -41:

IF USERTYPE IS NormalUser AND


SUSPICIOUS USER FREQ IS VeryHigh AND

TRANSCATION IS Insertion

THEN PRIORITY IS High

RULE -50:



SUSPICIOUS USER FREQ IS Low AND

TRANSCATION IS DeletionTHEN PRIORITY IS Medium

RULE -102:


SUSPICIOUS HOST FREQ IS Low AND

SUSPICIOUS USER FREQ IS VeryHigh AND

TRANSCATION IS Copy

THEN PRIORITY IS Low

RULE -108:

IF USERTYPE IS DBA AND

SUSPICIOUS HOST FREQ IS VeryLow AND

SUSPICIOUS USER FREQ IS VeryLow AND

TRANSCATION IS Copy

THEN PRIORITY IS VeryLow

RULE -128:


SUSPICIOUS HOST FREQ IS VeryLow AND

SUSPICIOUS USER FREQ IS VeryLow AND

TRANSCATION IS Copy

THEN PRIORITY IS VeryLow






9/9

(Fig 5 : Output screen)





Prioritization of Detected Intrusion in Biometric Template Storage for Prevention using Neuro-Fuzzy...

Documents

Transcript of Prioritization of Detected Intrusion in Biometric Template Storage for Prevention using Neuro-Fuzzy...