CHAPTER VII CONCLUSIONS
|
|
- Chastity Farmer
- 8 years ago
- Views:
Transcription
1 CHAPTER VII CONCLUSIONS To do successful research, you don t need to know everything, you just need to know of one thing that isn t known. -Arthur Schawlow In this chapter, we provide the summery of the thesis and discuss the possible extensions as future work. 7.1 Summery The thesis tries to answer the problem, stated earlier as How to make the IDS fast enough to process data on-line and detect attacks early and in case of anomaly-based IDS, how to reduce the false positives to an accepted level, with a high detection rate. Consequently, we propose some techniques, which individually, constitute the answer of the problem. We study the existing techniques and algorithms to understand their strength and weakness and to get motivation. As a result, we provide a detailed survey on the IDS techniques and methods. In this thesis, our focus has been on anomaly-based IDS. We propose techniques for host- and network-based IDS. For host-based systems, we analyze the system calls, invoked by the processes and for network-based systems, we analyze network packets. we study the behavior of unix processes in terms of system calls and observe that not all of the system calls, invoked by the processes, are necessary to define its behavior as normal or abnormal. Considering such system calls as redundant or noise, we make use of a linear algebraic techniques, called singular value decomposition to reduce the noise. The idea is inspired by an information retrieval technique - latent semantic indexing. Though the SVD reduces the dimension of the data by projecting it to some space of lower dimension, it is very difficult to interpret the new dimensions. In order to show the appropriateness of the idea of using SVD, we produce empirical results. We show that SVD removes only the 152
2 not-so-important system calls, like mmap, from the data. We also compare our results with already established scheme to show that reduction in data does not lead to a degradation in accuracy. We show results in terms of ROC curve and AUC score. Such methods are useful in making IDS fast by reducing the data, to be analysed. Motivated by the work, described in [120], we study the knn based classifier with cosine metric and find the cases where knn based scheme may produce some erroneous results. We, therefore, propose a new similarity measure, termed as binary weighted cosine (BWC) metric. BWC is based on the frequency and number of common system calls between two processes. BWC metric is used to calculate the similarity and knn is used to classify the process as normal or abnormal. This scheme represents an example of distance weighted knn classifier. We also think of applying SVD approach further to reduce the data, but as our scheme involves two matrices, it is not feasible to do so. We extend the above scheme by including the partial information about the order of occurrence of individual system calls in the process. For this purpose, we make use of Kendall Tau distance, which is used in rank aggregation [51]. We provide experimental results for each of the schemes on DARPA 98 data, as ROC curve and AUC score. The results are compared with relevant scheme, proposed in the literature. However, the calculating the Kendall Tau distance is computationally very expensive. Also, we observe that on the expense of more computational time, the rise in the accuracy is not in that proportion. This point sets the ground and motivation for our next work. In order to capture the ordering information of system calls, we should use the small sequences of system calls, as they are appearing in the process. We also notice that not whole of the process is abnormal, as compared to normal process. Only a small part (or parts) of an abnormal process is abnormal, while most of it is similar to normal process. We, therefore, project an IDS as a decision table and apply rough set [151] based techniques to extract the feature for normal and abnormal processes. The processes corresponding to some attacks and normal ones are represented in a decision table. The lower approximation is calculated to discard the overlapping (common) subsequences between normal and abnormal processes. In this way, we get the positive region of the given data. We apply a 153
3 rough set based rule learning algorithm - LEM2 [72] to generate IF-THEN type rules. These rules are used to classify the processes as normal or abnormal. In this way, we are able to analyze the process while it is in running state, thereby making it suitable for on-line intrusion detection system. We experiment on DARPA 98 data, using RSES tool. We are unable to provide AUC score for this scheme as in this case, classification of processes does not produce any ranking. Also, we faced problem while working with RSES, as only GUI is available for use. Therefore, there is no flexibility of customizing it as per the requirement of experiments. Although, through out our work, we concentrated on host-based IDS, the multiscaling property of wavelets in analyzing network traffic motivated us to explore its usability in IDS. The idea is inspired by the work described in [66][13]. The self-similarity, which is exhibited in network traffic, is taken as the characteristics of normal traffic. The selfsimilarity is characterized by estimating Hurst parameter H. The loss of self-similarity in the network data can be attributed to the presence of some anomaly. We extend the energyscale plot based scheme for estimating H, by enabling it to detect the locality of the anomaly and the scale on which the anomaly is exhibited. For this purpose, we use wavelet theory and definition of self-similarity. The proposed scheme performs well on KDDcup 99 data. We further provide the extension of the above mentioned scheme. The algorithm proposed herein integrates the wavelet transform with singular value decomposition (SVD) for the analysis of self-similar network traffic data. The algorithm makes use of the properties of the SVD of a matrix of local energies of wavelet coefficients, to determine the scales over which the data have possibly normal behaviour and locations at which the data have possible anomalous behaviour. We concentrate more on the theoretical aspects of our work. To show applicability of our method, we have taken a very small known self-similar data. However, to justify our approach empirically, we apply it on real network data, captured from an operational financial network INFINET [84] and kdd data set [89]. We next discuss some of the possible future extensions of the work summarized above. 154
4 7.2 Future Work In this thesis, we present various techniques that, in one or other way, contribute to make IDS more efficient. There are several interesting future directions, out of which few are mentioned below. We used SVD to reduce the dimension of the data. But it is difficult to interpret the result. We can use other techniques that reduce the dimension by discarding the features that are not much discriminatory i.e. which system calls are really important to understand the normal behavior of process. In this context, entropy based approaches like information gain and rough based techniques like reduct can also be used. One good thing about such approaches is that they can calculate explicitly the importance of each system call, and therefore, are easy to interpret the results. Almost all of the process behavior-based anomaly approaches are proposed for Unix based system. It should be interesting to apply such approaches on Windows based OS. In BWC metric, we consider the frequency of individual system call. Instead of taking single system call, a combination of two or more system calls can be taken. In this way, we can capture co-occurrence of system calls as well, which may produce better results. There is a lack of formal analysis methods for IDS. This requires a mathematical model and reasoning based on that. In this direction, one possibility is to consider a process as POMSET P (partially order multiset), by defining a relation < as s i < s j, i j system call s i is followed by s j, where s i, s j P. This is just an idea and requires further investigation. We used wavelets to analyze network data. Wavelets can be also be used on system calls data. Once we construct the incidence matrix A, defined in section 3.3, we can apply wavelet transformation to get each system call s spectrum in frequency-time domain. This should provide some insight into the way a system call appears, along 155
5 with other system calls, in a process. This may be useful in monitoring and profiling a process. 7.3 Concluding Remarks During the years, spent on the work reported in this thesis, I experienced moments of joy and sorrow, excitement and resentment. Each of the failures forced me to think more and work hard, and of course, knock my supervisors more frequently. Though it is the end of this thesis, but I find it is the beginning of the journey as a researcher to contribute to and serve the society more. The woods are lovely, dark and deep, But I have promises to keep, And miles to go before I sleep, And miles to go before I sleep. From Stopping by Woods on a Snowy Evening - Robert Frost ( ) * * * * * 156
Conclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
More informationAn Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus
An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus Tadashi Ogino* Okinawa National College of Technology, Okinawa, Japan. * Corresponding author. Email: ogino@okinawa-ct.ac.jp
More informationDetecting Network Anomalies. Anant Shah
Detecting Network Anomalies using Traffic Modeling Anant Shah Anomaly Detection Anomalies are deviations from established behavior In most cases anomalies are indications of problems The science of extracting
More informationW. Heath Rushing Adsurgo LLC. Harness the Power of Text Analytics: Unstructured Data Analysis for Healthcare. Session H-1 JTCC: October 23, 2015
W. Heath Rushing Adsurgo LLC Harness the Power of Text Analytics: Unstructured Data Analysis for Healthcare Session H-1 JTCC: October 23, 2015 Outline Demonstration: Recent article on cnn.com Introduction
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationINTRUSION PREVENTION AND EXPERT SYSTEMS
INTRUSION PREVENTION AND EXPERT SYSTEMS By Avi Chesla avic@v-secure.com Introduction Over the past few years, the market has developed new expectations from the security industry, especially from the intrusion
More informationAuditing EMR System Usage. You Chen Jan, 17, 2013 You.chen@vanderbilt.edu
Auditing EMR System Usage You Chen Jan, 17, 2013 You.chen@vanderbilt.edu Health data being accessed by hackers, lost with laptop computers, or simply read by curious employees Anomalous Usage You Chen,
More informationThe Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack Asnita Hashim, University of Technology MARA, Malaysia April 14-15, 2011 The Integration of SNORT with K-Means Clustering
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationData Mining - Evaluation of Classifiers
Data Mining - Evaluation of Classifiers Lecturer: JERZY STEFANOWSKI Institute of Computing Sciences Poznan University of Technology Poznan, Poland Lecture 4 SE Master Course 2008/2009 revised for 2010
More informationDetection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationdm106 TEXT MINING FOR CUSTOMER RELATIONSHIP MANAGEMENT: AN APPROACH BASED ON LATENT SEMANTIC ANALYSIS AND FUZZY CLUSTERING
dm106 TEXT MINING FOR CUSTOMER RELATIONSHIP MANAGEMENT: AN APPROACH BASED ON LATENT SEMANTIC ANALYSIS AND FUZZY CLUSTERING ABSTRACT In most CRM (Customer Relationship Management) systems, information on
More informationOn Entropy in Network Traffic Anomaly Detection
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015 Jayro Santiago-Paz, Deni Torres-Roman. 1/19 On Entropy in Network
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationA Study on Behavior Patternize in BYOD Environment Using Bayesian Theory
A Study on Behavior Patternize in BYOD Environment Using Bayesian Theory Dongwan Kang, Myoungsun Noh, Chaetae Im Abstract Since early days, businesses had started introducing environments for mobile device
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationCSC574 - Computer and Network Security Module: Intrusion Detection
CSC574 - Computer and Network Security Module: Intrusion Detection Prof. William Enck Spring 2013 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus
More informationIdentifying SPAM with Predictive Models
Identifying SPAM with Predictive Models Dan Steinberg and Mikhaylo Golovnya Salford Systems 1 Introduction The ECML-PKDD 2006 Discovery Challenge posed a topical problem for predictive modelers: how to
More informationA Partially Supervised Metric Multidimensional Scaling Algorithm for Textual Data Visualization
A Partially Supervised Metric Multidimensional Scaling Algorithm for Textual Data Visualization Ángela Blanco Universidad Pontificia de Salamanca ablancogo@upsa.es Spain Manuel Martín-Merino Universidad
More informationBUILDING A PREDICTIVE MODEL AN EXAMPLE OF A PRODUCT RECOMMENDATION ENGINE
BUILDING A PREDICTIVE MODEL AN EXAMPLE OF A PRODUCT RECOMMENDATION ENGINE Alex Lin Senior Architect Intelligent Mining alin@intelligentmining.com Outline Predictive modeling methodology k-nearest Neighbor
More informationData, Measurements, Features
Data, Measurements, Features Middle East Technical University Dep. of Computer Engineering 2009 compiled by V. Atalay What do you think of when someone says Data? We might abstract the idea that data are
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationA survey on Data Mining based Intrusion Detection Systems
International Journal of Computer Networks and Communications Security VOL. 2, NO. 12, DECEMBER 2014, 485 490 Available online at: www.ijcncs.org ISSN 2308-9830 A survey on Data Mining based Intrusion
More informationCONTENTS PREFACE 1 INTRODUCTION 1 2 DATA VISUALIZATION 19
PREFACE xi 1 INTRODUCTION 1 1.1 Overview 1 1.2 Definition 1 1.3 Preparation 2 1.3.1 Overview 2 1.3.2 Accessing Tabular Data 3 1.3.3 Accessing Unstructured Data 3 1.3.4 Understanding the Variables and Observations
More informationSocial Media Mining. Data Mining Essentials
Introduction Data production rate has been increased dramatically (Big Data) and we are able store much more data than before E.g., purchase data, social media data, mobile phone data Businesses and customers
More informationSecure Because Math: Understanding ML- based Security Products (#SecureBecauseMath)
Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath) Alex Pinto Chief Data Scientist Niddel / MLSec Project @alexcpsec @MLSecProject @NiddelCorp MLSec Project / Niddel MLSec
More informationNetwork traffic: Scaling
Network traffic: Scaling 1 Ways of representing a time series Timeseries Timeseries: information in time domain 2 Ways of representing a time series Timeseries FFT Timeseries: information in time domain
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationBEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES
BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES 123 CHAPTER 7 BEHAVIOR BASED CREDIT CARD FRAUD DETECTION USING SUPPORT VECTOR MACHINES 7.1 Introduction Even though using SVM presents
More informationEvaluating Host-based Anomaly Detection Systems: Application of The One-class SVM Algorithm to ADFA-LD
Evaluating Host-based Anomaly Detection Systems: Application of The One-class SVM Algorithm to ADFA-LD Miao Xie, Jiankun Hu and Jill Slay School of Engineering and Information Technology University of
More informationPerformance Metrics for Graph Mining Tasks
Performance Metrics for Graph Mining Tasks 1 Outline Introduction to Performance Metrics Supervised Learning Performance Metrics Unsupervised Learning Performance Metrics Optimizing Metrics Statistical
More informationJava Modules for Time Series Analysis
Java Modules for Time Series Analysis Agenda Clustering Non-normal distributions Multifactor modeling Implied ratings Time series prediction 1. Clustering + Cluster 1 Synthetic Clustering + Time series
More informationEvaluation & Validation: Credibility: Evaluating what has been learned
Evaluation & Validation: Credibility: Evaluating what has been learned How predictive is a learned model? How can we evaluate a model Test the model Statistical tests Considerations in evaluating a Model
More informationDetecting Anomalies in Network Traffic Using Maximum Entropy Estimation
Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Yu Gu, Andrew McCallum, Don Towsley Department of Computer Science, University of Massachusetts, Amherst, MA 01003 Abstract We develop
More informationSystem for Denial-of-Service Attack Detection Based On Triangle Area Generation
System for Denial-of-Service Attack Detection Based On Triangle Area Generation 1, Heena Salim Shaikh, 2 N Pratik Pramod Shinde, 3 Prathamesh Ravindra Patil, 4 Parag Ramesh Kadam 1, 2, 3, 4 Student 1,
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationAPPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION
18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK
More informationIntrusion Detection via Machine Learning for SCADA System Protection
Intrusion Detection via Machine Learning for SCADA System Protection S.L.P. Yasakethu Department of Computing, University of Surrey, Guildford, GU2 7XH, UK. s.l.yasakethu@surrey.ac.uk J. Jiang Department
More informationConceptual Integration of Flow-based and Packet-based Network Intrusion Detection
Conceptual Integration of Flow-based and Packet-based Network Intrusion Detection Gregor Schaffrath, Burkhard Stiller Department of Informatics IFI, University of Zürich Communication Systems Group CSG
More informationTwo State Intrusion Detection System Against DDos Attack in Wireless Network
Two State Intrusion Detection System Against DDos Attack in Wireless Network 1 Pintu Vasani, 2 Parikh Dhaval 1 M.E Student, 2 Head of Department (LDCE-CSE) L.D. College of Engineering, Ahmedabad, India.
More informationDetecting Anomaly IDS in Network using Bayesian Network
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 1, Ver. III (Jan. 2014), PP 01-07 Detecting Anomaly IDS in Network using Bayesian Network [1] Mrs.SumathyMuruganAsst.
More informationHow To Cluster
Data Clustering Dec 2nd, 2013 Kyrylo Bessonov Talk outline Introduction to clustering Types of clustering Supervised Unsupervised Similarity measures Main clustering algorithms k-means Hierarchical Main
More informationMahalanobis Distance Map Approach for Anomaly Detection
Edith Cowan University Research Online Australian Information Security Management Conference Security Research Institute Conferences 2010 Mahalanobis Distance Map Approach for Anomaly Detection Aruna Jamdagnil
More informationA General Approach to Incorporate Data Quality Matrices into Data Mining Algorithms
A General Approach to Incorporate Data Quality Matrices into Data Mining Algorithms Ian Davidson 1st author's affiliation 1st line of address 2nd line of address Telephone number, incl country code 1st
More informationStatistics in Retail Finance. Chapter 7: Fraud Detection in Retail Credit
Statistics in Retail Finance Chapter 7: Fraud Detection in Retail Credit 1 Overview > Detection of fraud remains an important issue in retail credit. Methods similar to scorecard development may be employed,
More informationThe Scientific Data Mining Process
Chapter 4 The Scientific Data Mining Process When I use a word, Humpty Dumpty said, in rather a scornful tone, it means just what I choose it to mean neither more nor less. Lewis Carroll [87, p. 214] In
More informationText Mining in JMP with R Andrew T. Karl, Senior Management Consultant, Adsurgo LLC Heath Rushing, Principal Consultant and Co-Founder, Adsurgo LLC
Text Mining in JMP with R Andrew T. Karl, Senior Management Consultant, Adsurgo LLC Heath Rushing, Principal Consultant and Co-Founder, Adsurgo LLC 1. Introduction A popular rule of thumb suggests that
More informationApplying Data Mining of Fuzzy Association Rules to Network Intrusion Detection
Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection Authors: Aly El-Semary, Janica Edmonds, Jesús González-Pino, and Mauricio Papa Center for Information Security Department
More informationEffective Intrusion Detection
Effective Intrusion Detection A white paper by With careful configuration and management, intrusion detection systems can make a valuable contribution to IT infrastructure security s Global network of
More informationMACHINE LEARNING IN HIGH ENERGY PHYSICS
MACHINE LEARNING IN HIGH ENERGY PHYSICS LECTURE #1 Alex Rogozhnikov, 2015 INTRO NOTES 4 days two lectures, two practice seminars every day this is introductory track to machine learning kaggle competition!
More informationA new Approach for Intrusion Detection in Computer Networks Using Data Mining Technique
A new Approach for Intrusion Detection in Computer Networks Using Data Mining Technique Aida Parbaleh 1, Dr. Heirsh Soltanpanah 2* 1 Department of Computer Engineering, Islamic Azad University, Sanandaj
More informationFUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT MINING SYSTEM
International Journal of Innovative Computing, Information and Control ICIC International c 0 ISSN 34-48 Volume 8, Number 8, August 0 pp. 4 FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT
More informationPredicting earning potential on Adult Dataset
MSc in Computing, Business Intelligence and Data Mining stream. Business Intelligence and Data Mining Applications Project Report. Predicting earning potential on Adult Dataset Submitted by: xxxxxxx Supervisor:
More informationIT services for analyses of various data samples
IT services for analyses of various data samples Ján Paralič, František Babič, Martin Sarnovský, Peter Butka, Cecília Havrilová, Miroslava Muchová, Michal Puheim, Martin Mikula, Gabriel Tutoky Technical
More informationPSG College of Technology, Coimbatore-641 004 Department of Computer & Information Sciences BSc (CT) G1 & G2 Sixth Semester PROJECT DETAILS.
PSG College of Technology, Coimbatore-641 004 Department of Computer & Information Sciences BSc (CT) G1 & G2 Sixth Semester PROJECT DETAILS Project Project Title Area of Abstract No Specialization 1. Software
More informationMUTI-KEYWORD SEARCH WITH PRESERVING PRIVACY OVER ENCRYPTED DATA IN THE CLOUD
MUTI-KEYWORD SEARCH WITH PRESERVING PRIVACY OVER ENCRYPTED DATA IN THE CLOUD A.Shanthi 1, M. Purushotham Reddy 2, G.Rama Subba Reddy 3 1 M.tech Scholar (CSE), 2 Asst.professor, Dept. of CSE, Vignana Bharathi
More informationHybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume1 Issue 3 Dec 2012 Page No. 151-155 Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
More informationDNIDS: A Dependable Network Intrusion Detection System Using the CSI-KNN Algorithm
DNIDS: A Dependable Network Intrusion Detection System Using the CSI-KNN Algorithm by Liwei (Vivian) Kuang A thesis submitted to the School of Computing in conformity with the requirements for the degree
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationKEITH LEHNERT AND ERIC FRIEDRICH
MACHINE LEARNING CLASSIFICATION OF MALICIOUS NETWORK TRAFFIC KEITH LEHNERT AND ERIC FRIEDRICH 1. Introduction 1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They
More informationCollaborative Filtering. Radek Pelánek
Collaborative Filtering Radek Pelánek 2015 Collaborative Filtering assumption: users with similar taste in past will have similar taste in future requires only matrix of ratings applicable in many domains
More information1. Classification problems
Neural and Evolutionary Computing. Lab 1: Classification problems Machine Learning test data repository Weka data mining platform Introduction Scilab 1. Classification problems The main aim of a classification
More informationIntrusion Detection: Game Theory, Stochastic Processes and Data Mining
Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic
More informationWhy is Internal Audit so Hard?
Why is Internal Audit so Hard? 2 2014 Why is Internal Audit so Hard? 3 2014 Why is Internal Audit so Hard? Waste Abuse Fraud 4 2014 Waves of Change 1 st Wave Personal Computers Electronic Spreadsheets
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More informationMeasuring Intrusion Detection Capability: An Information-Theoretic Approach
Measuring Intrusion Detection Capability: An Information-Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Boris Škorić Wenke Lee Philips Research Laboratories, Netherlands Georgia Institute of
More informationAn Overview of Knowledge Discovery Database and Data mining Techniques
An Overview of Knowledge Discovery Database and Data mining Techniques Priyadharsini.C 1, Dr. Antony Selvadoss Thanamani 2 M.Phil, Department of Computer Science, NGM College, Pollachi, Coimbatore, Tamilnadu,
More informationThe Base Rate Fallacy and its Implications for the Difficulty of Intrusion Detection
The Base Rate Fallacy and its Implications for the Difficulty of Intrusion Detection Stefan Axelsson Presented by Kiran Kashalkar Agenda 1. 1. General Overview of of IDS 2. 2. Bayes Theorem and Base-Rate
More informationApplying Image Analysis Methods to Network Traffic Classification
Applying Image Analysis Methods to Network Traffic Classification Thorsten Kisner, and Firoz Kaderali Department of Communication Systems Faculty of Mathematics and Computer Science FernUniversität in
More informationAPPM4720/5720: Fast algorithms for big data. Gunnar Martinsson The University of Colorado at Boulder
APPM4720/5720: Fast algorithms for big data Gunnar Martinsson The University of Colorado at Boulder Course objectives: The purpose of this course is to teach efficient algorithms for processing very large
More informationNetwork Big Data: Facing and Tackling the Complexities Xiaolong Jin
Network Big Data: Facing and Tackling the Complexities Xiaolong Jin CAS Key Laboratory of Network Data Science & Technology Institute of Computing Technology Chinese Academy of Sciences (CAS) 2015-08-10
More informationIntrusion Detection using Sequences of System Calls. Steven A. Hofmeyr Stephanie Forrest Anil Somayaji
Intrusion Detection using Sequences of System Calls Steven A. Hofmeyr Stephanie Forrest Anil Somayaji Dept. of Computer Science University of New Mexico Albuquerque, NM 87131-1386 {steveah,forrest,soma}@cs.unm.edu
More informationTime-Frequency Detection Algorithm of Network Traffic Anomalies
2012 International Conference on Innovation and Information Management (ICIIM 2012) IPCSIT vol. 36 (2012) (2012) IACSIT Press, Singapore Time-Frequency Detection Algorithm of Network Traffic Anomalies
More informationNetwork Intrusion Detection Systems
Network Intrusion Detection Systems False Positive Reduction Through Anomaly Detection Joint research by Emmanuele Zambon & Damiano Bolzoni 7/1/06 NIDS - False Positive reduction through Anomaly Detection
More informationNonlinear Iterative Partial Least Squares Method
Numerical Methods for Determining Principal Component Analysis Abstract Factors Béchu, S., Richard-Plouet, M., Fernandez, V., Walton, J., and Fairley, N. (2016) Developments in numerical treatments for
More informationCombining Statistical and Spectral Analysis Techniques in Network Traffic Anomaly Detection
Combining Statistical and Spectral Analysis Techniques in Network Traffic Anomaly Detection by Stevan Novakov, B. Eng. (CSE) A thesis submitted to the Faculty of Graduate and Postdoctoral Affairs in partial
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationApplication of Data Mining Techniques in Intrusion Detection
Application of Data Mining Techniques in Intrusion Detection LI Min An Yang Institute of Technology leiminxuan@sohu.com Abstract: The article introduced the importance of intrusion detection, as well as
More informationPrincipled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems
Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems Guofei Gu College of Computing Georgia Institute of Technology Atlanta, GA 3332, USA guofei@cc.gatech.edu
More informationDenial of Service Attack Detection Using Multivariate Correlation Information and Support Vector Machine Classification
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Denial of Service Attack Detection Using Multivariate Correlation Information and
More informationDiscussion Paper On the validation and review of Credit Rating Agencies methodologies
Discussion Paper On the validation and review of Credit Rating Agencies methodologies 17 November 2015 ESMA/2015/1735 Responding to this paper The European Securities and Markets Authority (ESMA) invites
More informationSpam Filtering Based on Latent Semantic Indexing
Spam Filtering Based on Latent Semantic Indexing Wilfried N. Gansterer Andreas G. K. Janecek Robert Neumayer Abstract In this paper, a study on the classification performance of a vector space model (VSM)
More informationClassification of Fingerprints. Sarat C. Dass Department of Statistics & Probability
Classification of Fingerprints Sarat C. Dass Department of Statistics & Probability Fingerprint Classification Fingerprint classification is a coarse level partitioning of a fingerprint database into smaller
More informationSPATIAL DATA CLASSIFICATION AND DATA MINING
, pp.-40-44. Available online at http://www. bioinfo. in/contents. php?id=42 SPATIAL DATA CLASSIFICATION AND DATA MINING RATHI J.B. * AND PATIL A.D. Department of Computer Science & Engineering, Jawaharlal
More informationExample: Credit card default, we may be more interested in predicting the probabilty of a default than classifying individuals as default or not.
Statistical Learning: Chapter 4 Classification 4.1 Introduction Supervised learning with a categorical (Qualitative) response Notation: - Feature vector X, - qualitative response Y, taking values in C
More informationKnowledge Discovery from patents using KMX Text Analytics
Knowledge Discovery from patents using KMX Text Analytics Dr. Anton Heijs anton.heijs@treparel.com Treparel Abstract In this white paper we discuss how the KMX technology of Treparel can help searchers
More informationIEEE JAVA Project 2012
IEEE JAVA Project 2012 Powered by Cloud Computing Cloud Computing Security from Single to Multi-Clouds. Reliable Re-encryption in Unreliable Clouds. Cloud Data Production for Masses. Costing of Cloud Computing
More informationTheoretical Perspective
Preface Motivation Manufacturer of digital products become a driver of the world s economy. This claim is confirmed by the data of the European and the American stock markets. Digital products are distributed
More informationNetwork Intrusion Simulation Using OPNET
Network Intrusion Simulation Using OPNET Shabana Razak, Mian Zhou, Sheau-Dong Lang* School of Electrical Engineering & Computer Science and National Center for Forensic Science* University of Central Florida,
More informationDetecting Flooding Attacks Using Power Divergence
Detecting Flooding Attacks Using Power Divergence Jean Tajer IT Security for the Next Generation European Cup, Prague 17-19 February, 2012 PAGE 1 Agenda 1- Introduction 2- K-ary Sktech 3- Detection Threshold
More informationHow To Prevent Network Attacks
Ali A. Ghorbani Wei Lu Mahbod Tavallaee Network Intrusion Detection and Prevention Concepts and Techniques )Spri inger Contents 1 Network Attacks 1 1.1 Attack Taxonomies 2 1.2 Probes 4 1.2.1 IPSweep and
More informationSyllabus for MATH 191 MATH 191 Topics in Data Science: Algorithms and Mathematical Foundations Department of Mathematics, UCLA Fall Quarter 2015
Syllabus for MATH 191 MATH 191 Topics in Data Science: Algorithms and Mathematical Foundations Department of Mathematics, UCLA Fall Quarter 2015 Lecture: MWF: 1:00-1:50pm, GEOLOGY 4645 Instructor: Mihai
More informationSTUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS
STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS SACHIN MALVIYA Student, Department of Information Technology, Medicaps Institute of Science & Technology, INDORE (M.P.)
More informationExperiments in Web Page Classification for Semantic Web
Experiments in Web Page Classification for Semantic Web Asad Satti, Nick Cercone, Vlado Kešelj Faculty of Computer Science, Dalhousie University E-mail: {rashid,nick,vlado}@cs.dal.ca Abstract We address
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationEfficient Security Alert Management System
Efficient Security Alert Management System Minoo Deljavan Anvary IT Department School of e-learning Shiraz University Shiraz, Fars, Iran Majid Ghonji Feshki Department of Computer Science Qzvin Branch,
More informationThe Data Mining Process
Sequence for Determining Necessary Data. Wrong: Catalog everything you have, and decide what data is important. Right: Work backward from the solution, define the problem explicitly, and map out the data
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More information