A REVIEW OF MACHINE LEARNING BASED ANOMALY DETECTION. By Mohamed Elfadly
|
|
- Kellie Hines
- 8 years ago
- Views:
Transcription
1 A REVIEW OF MACHINE LEARNING BASED ANOMALY DETECTION By Mohamed Elfadly
2 Outline Introduction CyberSecurity Systems Review of CyberSecurity Solutions Machine Learning Machine Learning for Anomaly Detection Machine Learning Based Techniques Machine Learning Applications
3 Introduction As technology moves forward, users became more technical aware than before. People communicate and cooperate efficiently through the Internet using their personal computers, PDAs or mobile phones. Through these digital devices linked by the Internet, hackers also attack personal privacy using a variety of weapons, such as viruses, Trojans, worms, botnet attacks, rootkits, adware, spam, and social engineering platforms.
4 Introduction Those different forms of attacks are considered a cyber-threat which can be categorized into one of three groups according to the intruder s purpose: Stealing confidential information Manipulating the components of cyber infrastructure Denying the functions of the infrastructure
5 CyberSecurity System
6 CyberSecurity Systems However, Building defense systems for discovered attacks is not easy because of the constantly evolving cyber attacks That s why, higher-level and adaptive methodologies are required to discover the embedded cyber intrusions
7 Many higher-level adaptive cyber defense systems can be partitioned into component[1]
8 Data-capturing tools, such as Libpcap for Linux and Winpcap for Windows, capture events from the audit trails of resource information sources (e.g., network). The data-preprocessing module filters out the attacks for which good signatures have been learned. A feature extractor derives basic features that are useful in event analysis engines, including a sequence of system calls, start time, duration of a network flow, source IP and source port, destination IP and destination port, protocol, number of bytes, and number of packets. In an analysis engine, various intrusion detection methods are implemented to investigate the behavior of the cyber-infrastructure, which may or may not have appeared before in the record, e.g., to detect anomalous traffic.
9 Solutions to cybersecurity problems: Proactive Approaches: anticipate and eliminate vulnerabilities in the cyber system, while remaining prepared to defend effectively and rapidly against attacks Reactive Approaches: such as intrusion detection systems (IDSs). IDSs detect intrusions based on the information from log files and network flow, so that the extent of damage can be determined, hackers can be tracked down, and similar attacks can be prevented in the future.
10 Review of Cyber Security Solutions Proactive security solutions are designed to maintain the overall security of a system, even if individual components of the system have been compromised by an attack. Researchers consider data-mining algorithms from the viewpoint of privacy preservation. This new research, introduced by Verykios et al., called PPDM (the Privacy preservation technique)[4].
11 Reactive Security Systems An IDS intelligently monitors activities that occur in a computing resource, e.g., network traffic and computer usage, to analyze the events and to generate reactions. The intrusion detection can be classified into the following modules [1]: Misuse/Signature detection Anomaly Detection Hybrid Detection Scan detector and Profiling modules.
12 IDS Modules Misuse/Signature Detection: is an IDS triggering method that generates alarms when a known cyber misuse occurs. Anomaly Detection: Anomaly detection triggers alarms when the detected object behaves significantly differently from the predefined normal patterns Hybrid Detection: Combining both anomaly and misuse detection techniques to overcome their drawbacks Scan Detection and Profiling Module: Scan detection generates alerts when attackers scan services or computer components in network systems before launching attacks. The Profiling modules group similar network connections and search for dominant behaviors using clustering algorithms.
13 Purpose Most of the reactive security solutions depends heavily on Machine learning approach to find solutions to cyber security problems. That s why, a literature review will be conducted on the anomaly detection using machine learning
14 Machine Learning Machine learning is one of the corner stone fields in Artificial Intelligence, where machines learn to act autonomously, and react to new situations without being pre-programmed. It is about designing algorithms that allow computers to learn.
15 Machine Learning Machine learning algorithms are categorized, based on the desired outcome of the algorithm Supervised Learning Unsupervised Learning
16 Machine Learning for Anomaly Detection Lust for victory will not give you the victory. You must receive the victory from your opponent. He has no choice but to give it to you because he will sense your heart as better or truer. Nature is your friend; it helps you to win. Your enemy will have unnatural movement; therefore you will be able to know what he is going to do before he does it. Masaaki Hatsumi Secret Ninjutsu
17 Anomaly Detection The goal of anomaly detection is to target any event falling outside of a predefined set of normal behaviors. Anomaly detection first defines a profile of normal behaviors, which reflects the health and sensitivity of a cyber-infrastructure. Correspondingly, an anomaly behavior is defined as a pattern in data that does not conform to the expected behaviors.
18 Anomaly Detection Anomaly detection relies on a clear boundary between normal and anomalous behaviors, where the profile of normal behaviors is defined as different from anomaly events. The profile must fit a set of criteria as explained by Gong[10]. For example, if a user who usually logs in around 10 am from university dormitory logs in at 5:30 am from an IP address of China, then an anomaly has occurred
19 Challenges 1. The key challenge is that the huge volume of data with high-dimensional feature space is difficult to manually analyze and monitor. Such analysis and monitoring requires highly efficient computational algorithms in data processing and pattern learning. 2. In the huge volume of network data, the same malicious data repeatedly occur while the number of similar malicious data is much smaller than the number of normal data. 3. Much of the data is streaming data, which requires online analysis 4. The concept of an anomaly/outlier varies among application domains; the labeled anomalies are not available for training/validation.
20 Machine Learning for Anomaly Detection Workflow of anomaly detection system
21 However, anomaly detection approaches has a major drawback, since it may trigger high rates of false alarm. Because it can flag any significant deviation from the baseline as an intrusion Hackers often modify malicious codes or data to make them similar to normal patterns. So when such an attack occurs, it will detect it as part of the normal profile and the attack will be missed because it was judged to be part of normal profile, a false negative occur. The problem always remain is how to minimize the false negative and false positive rates.
22 Machine Learning Based Techniques
23 Technique Pros/Cons Fuzzy Logic - Reasoning is approximate rather than precise - Effective, especially against port scans and probes - High resource consumption involved Genetic Algorithm - Biologically inspired and employs evolutionary algorithm. - Uses the properties like Selection, Crossover, and Mutation - Capable of deriving classification rules and selecting optimal parameters Neural Network - Ability to generalize from limited, noisy and incomplete data. - Has potential to recognize future unseen patterns Bayesian Network - Encodes probabilistic relationships among the variables of interest. - Ability to incorporate both prior knowledge and data
24 Machine Learning Applications 1. Fusion of BVM and ELM for Anomaly Detection 2. Anomaly Detection Using Neural Network Optimized with GSA Algorithm
25 Fusion of BVM and ELM for Anomaly Detection Changning et al., in their paper Fusion of BVM and ELM for Anomaly Detection in Computer Networks stated that fusion or ensemble of classifiers is generally better than a single classifier. Therefore, the fusion of classifiers for anomaly detection not only improves the accuracy but also sustains the low false alarm rates with a high reliability and scalability. [13]. they utilizes the extreme learning machine (ELM) and ball vector machine (BVM) as two kinds of single classifiers.
26 Extracting a suitable features for representing the network traffic flow can be divided into three groups: The content features: containing information about the data content of packets that could be relevant to anomaly or intrusion. The intrinsic features are some general information related to the connection. Traffic features: for example, statistics related to past connection similar to the current one.
27 Fusion Method Step 1: Prepare three kinds of features that should be labeled. Step 2: Every kinds of features is trained by BVM and ELM separately. The classifier is denoted as bvm(i) and elm(i) i =1, 2,3. Lable(i) i =1,...,6 is each classifier s output. Step 3: Train a single hidden layer BP neural network with 6 input nodes, 30 hidden nodes and 6 output nodes using labeled data of BVM and ELM from step 2. (Using Lable(i) of bvm(i) and elm(i) as BP neural network s input) Step 4: Then using acquired Lable(i) as the input of neural network, to train a BP neural network, and then we obtain Train U as the output. In the predicting process, BP neural network receives the labels from trained ELM and BVM classifier, obtains the Lable(i) and w(i) i = 1,...,6.Then using major weighted vote to process the value of weight, if
28 Experiments & Results They randomly selected examples from the whole dataset to compose an experiment dataset. The features are divided into three parts: the content features, which have 13 attributes, intrinsic features, which have 9 attributes, and the traffic features, which have 19 attributes. BVM ELM BVM+ELM+BP Accuracy 97.7% 93.32% 99.06% False alarm rates 0.28% 0.36% 0.13%
29 Fusion Method VS SVM A comparison between fusion method with other fusion method, like SVM and BP neural network as single classifier with same fusion scheme. ELM+BVM+BP SVM+BP Training Time 86s 102s Accuracy 98.06% 98.02% False alarm rates 0.13% 0.11%
30 Anomaly Detection Using Neural Network Optimized with GSA Algorithm In their paper Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm [11] the authors proposes an anomaly-based Network IDS which is an important tool to protect computer networks from attacks.
31 Traditional packet-based NIDSs are time-intensive as they analyze all network packets. A state-of-the-art NIDS should be able to handle a high volume of traffic in real time. Flow-based intrusion detection is an effective method for high speed networks since it inspects only packet headers. Anomaly-based intrusion detection is a well-known method capable of detecting unknown attacks. So they offered a GSA-based flow anomaly detection system (GFADS), a multi-layer perceptron neural network with one hidden layer (MLP)
32 They used GSA to overcome the slow convergence and the local minima caused by the backpropagation used to train the MLPs. GSA is memory-less and uses distance to agents in its updating procedure. It has an adaptive learning rate and it also has faster convergence.
33
34 Performance They compared GSA with five gradient descent algorithms and PSO: 1. Gradient descent momentum and an adaptive learning rate (Train Gdx) 2. Gradient descent backpropagation (Train gd) 3. Gradient descent with adaptive learning rate backpropagation (Train Gda) 4. Gradient descent with momentum backpropagation (Train gdm) 5. Sequential order incremental training with learning function (Trains) 6. Particle Swarm Optimization Algorithm (PSO)
35
36 Future Work Review researches on Hybird approaches where Anomaly and misuse (Signature Based) are combined together. Since each of these methods has cons and pros. One of the most important disadvantages of anomaly detection is high false alarm ratio; however misuse detection is incapable in recognizing new attacks. Thus if they are combined in smart way, the proposed model could use the combination of the qualities of two mentioned methods to cover the weakness of each one.
37 Reference 1. Sumeet Dua and Xian Du. Data Mining and Machine Learning in cybersecurity. April 25, 2011 by Auerbach Publications 2. Canetti, R., R. Gennaro, A. Herzberg, and D. Naor. Proactive security: Long-term protection against break-ins. CryptoBytes 3 (1997): Barak, B., A. Herzberg, D. Naor, and E. Shai. The proactive security toolkit and applications. In: Proceedings of the 6th ACM Conference on Computer and Communications Security,Singapore, 1999, pp Verykios, V.S., E. Bertino, I.N Fovino, L.P. Provenza, Y, Saygin, and Y. Theodoridis. State of-the-art in privacy preserving data mining. ACM SIGMOD Record 33, 2004: Denning, D. An intrusion-detection model. IEEE Transactions on Software Engineering 13 (2) (1987): Tom M Mitchell. Machine Learning, volume 4. Burr Ridge, IL: McGraw Hill, June Phil Simon. Too Big to Ignore: The Business Case for Big Data. Wiley, Taiwo Oladipupo Ayodele. New Advances in Machine Learning. InTech, Harjinder Kaur, Gurpreet Singh, Jaspreet Minhas, A Review of Machine Learning based Anomaly Detection Techniques 10. Gong, F. Deciphering detection techniques: Part II. Anomaly-based intrusion detection. white paper, Mcafee Network Security Technologies Group, Zahra Jadidi, Mansour Sheikhan, Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm 12. Eskin, E., A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo. A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security, edited by S. Jajodia and D. Barbara. Dordrecht:Kluwer, 2002, Chap Changning Cai, Guojian Cheng, Huaxian Pan, Fusion of BVM and ELM for Anomaly Detection in Computer Networks
A Survey on Intrusion Detection System with Data Mining Techniques
A Survey on Intrusion Detection System with Data Mining Techniques Ms. Ruth D 1, Mrs. Lovelin Ponn Felciah M 2 1 M.Phil Scholar, Department of Computer Science, Bishop Heber College (Autonomous), Trichirappalli,
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationA survey on Data Mining based Intrusion Detection Systems
International Journal of Computer Networks and Communications Security VOL. 2, NO. 12, DECEMBER 2014, 485 490 Available online at: www.ijcncs.org ISSN 2308-9830 A survey on Data Mining based Intrusion
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationAUTONOMOUS NETWORK SECURITY FOR DETECTION OF NETWORK ATTACKS
AUTONOMOUS NETWORK SECURITY FOR DETECTION OF NETWORK ATTACKS Nita V. Jaiswal* Prof. D. M. Dakhne** Abstract: Current network monitoring systems rely strongly on signature-based and supervised-learning-based
More informationHybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume1 Issue 3 Dec 2012 Page No. 151-155 Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
More informationDetection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationHYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK
HYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK 1 K.RANJITH SINGH 1 Dept. of Computer Science, Periyar University, TamilNadu, India 2 T.HEMA 2 Dept. of Computer Science, Periyar University,
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationA SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM
A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM MS. DIMPI K PATEL Department of Computer Science and Engineering, Hasmukh Goswami college of Engineering, Ahmedabad, Gujarat ABSTRACT The Internet
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationKeywords - Intrusion Detection System, Intrusion Prevention System, Artificial Neural Network, Multi Layer Perceptron, SYN_FLOOD, PING_FLOOD, JPCap
Intelligent Monitoring System A network based IDS SONALI M. TIDKE, Dept. of Computer Science and Engineering, Shreeyash College of Engineering and Technology, Aurangabad (MS), India Abstract Network security
More informationIntegration Misuse and Anomaly Detection Techniques on Distributed Sensors
Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal
More informationThe Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack Asnita Hashim, University of Technology MARA, Malaysia April 14-15, 2011 The Integration of SNORT with K-Means Clustering
More informationHybrid Intrusion Detection System Using K-Means Algorithm
International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Hybrid Intrusion Detection System Using K-Means Algorithm Darshan K. Dagly 1*, Rohan
More informationFUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION
FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION Susan M. Bridges Bridges@cs.msstate.edu Rayford B. Vaughn vaughn@cs.msstate.edu 23 rd National Information Systems Security Conference
More informationIntrusion Detection via Machine Learning for SCADA System Protection
Intrusion Detection via Machine Learning for SCADA System Protection S.L.P. Yasakethu Department of Computing, University of Surrey, Guildford, GU2 7XH, UK. s.l.yasakethu@surrey.ac.uk J. Jiang Department
More informationHoney Bee Intelligent Model for Network Zero Day Attack Detection
Honey Bee Intelligent Model for Network Zero Day Attack Detection 1 AMAN JANTAN, 2 ABDULGHANI ALI AHMED School of Computer Sciences, Universiti Sains Malaysia (USM), Penang, Malaysia 1 aman@cs.usm.my,
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationLearning is a very general term denoting the way in which agents:
What is learning? Learning is a very general term denoting the way in which agents: Acquire and organize knowledge (by building, modifying and organizing internal representations of some external reality);
More informationTwo State Intrusion Detection System Against DDos Attack in Wireless Network
Two State Intrusion Detection System Against DDos Attack in Wireless Network 1 Pintu Vasani, 2 Parikh Dhaval 1 M.E Student, 2 Head of Department (LDCE-CSE) L.D. College of Engineering, Ahmedabad, India.
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationDetecting Anomaly IDS in Network using Bayesian Network
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 1, Ver. III (Jan. 2014), PP 01-07 Detecting Anomaly IDS in Network using Bayesian Network [1] Mrs.SumathyMuruganAsst.
More informationUsing Artificial Intelligence in Intrusion Detection Systems
Using Artificial Intelligence in Intrusion Detection Systems Matti Manninen Helsinki University of Technology mimannin@niksula.hut.fi Abstract Artificial Intelligence could make the use of Intrusion Detection
More informationA Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationEfficient Security Alert Management System
Efficient Security Alert Management System Minoo Deljavan Anvary IT Department School of e-learning Shiraz University Shiraz, Fars, Iran Majid Ghonji Feshki Department of Computer Science Qzvin Branch,
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationWEB APPLICATION FIREWALL
WEB APPLICATION FIREWALL CS499 : B.Tech Project Final Report by Namit Gupta (Y3188) Abakash Saikia (Y3349) under the supervision of Dr. Dheeraj Sanghi submitted to Department of Computer Science and Engineering
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationSome Research Challenges for Big Data Analytics of Intelligent Security
Some Research Challenges for Big Data Analytics of Intelligent Security Yuh-Jong Hu hu at cs.nccu.edu.tw Emerging Network Technology (ENT) Lab. Department of Computer Science National Chengchi University,
More informationKEITH LEHNERT AND ERIC FRIEDRICH
MACHINE LEARNING CLASSIFICATION OF MALICIOUS NETWORK TRAFFIC KEITH LEHNERT AND ERIC FRIEDRICH 1. Introduction 1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They
More informationApplication of Data Mining Techniques in Intrusion Detection
Application of Data Mining Techniques in Intrusion Detection LI Min An Yang Institute of Technology leiminxuan@sohu.com Abstract: The article introduced the importance of intrusion detection, as well as
More informationSTUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS
STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS SACHIN MALVIYA Student, Department of Information Technology, Medicaps Institute of Science & Technology, INDORE (M.P.)
More informationA new Approach for Intrusion Detection in Computer Networks Using Data Mining Technique
A new Approach for Intrusion Detection in Computer Networks Using Data Mining Technique Aida Parbaleh 1, Dr. Heirsh Soltanpanah 2* 1 Department of Computer Engineering, Islamic Azad University, Sanandaj
More informationA Survey on Machine Learning Techniques for Intrusion Detection Systems
A Survey on Machine Learning Techniques for Intrusion Detection Systems Jayveer Singh 1, Manisha J. Nene 2 Department of Computer Engineering, DIAT, Pune, India, 411025 1, 2 Abstract: The rapid development
More informationNetwork packet payload analysis for intrusion detection
Network packet payload analysis for intrusion detection Sasa Mrdovic Abstract This paper explores possibility of detecting intrusions into computer networks using network packet payload analysis. Quick
More informationImpact of Feature Selection on the Performance of Wireless Intrusion Detection Systems
2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Impact of Feature Selection on the Performance of ireless Intrusion Detection Systems
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationSystem Specification. Author: CMU Team
System Specification Author: CMU Team Date: 09/23/2005 Table of Contents: 1. Introduction...2 1.1. Enhancement of vulnerability scanning tools reports 2 1.2. Intelligent monitoring of traffic to detect
More informationNetwork Intrusion Detection Systems
Network Intrusion Detection Systems False Positive Reduction Through Anomaly Detection Joint research by Emmanuele Zambon & Damiano Bolzoni 7/1/06 NIDS - False Positive reduction through Anomaly Detection
More informationAdaptive Anomaly Detection for Network Security
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 5, Number 1 (2013), pp. 1-9 International Research Publication House http://www.irphouse.com Adaptive Anomaly Detection for
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationGLOBAL VIRTUAL. Global Virtual Conference April, 8. - 12. 2013. SECTION 19. Information Technology
Computerized risk detection towards Critical Infrastructure Protection: An Introduction of CockpitCI Project Jianmin Jiang Department of Computing, University of Surrey, Guildford, GU2 7XH, United Kingdom.
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 2 Issue 3, May-Jun 2014
RESEARCH ARTICLE OPEN ACCESS A Survey of Data Mining: Concepts with Applications and its Future Scope Dr. Zubair Khan 1, Ashish Kumar 2, Sunny Kumar 3 M.Tech Research Scholar 2. Department of Computer
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationCity Research Online. Permanent City Research Online URL: http://openaccess.city.ac.uk/1737/
Modi, C., Patel, D., Patel, H., Borisaniya, B., Patel, A. & Rajarajan, M. (2013). A survey of intrusion detection techniques in Cloud. Journal of Network and Computer Applications, 36(1), pp. 42-57. doi:
More informationData Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila
Data Mining For Intrusion Detection Systems Monique Wooten Professor Robila December 15, 2008 Wooten 2 ABSTRACT The paper discusses the use of data mining techniques applied to intrusion detection systems.
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More informationNetwork Security Management
Network Security Management TWNIC 2003 Objective Have an overview concept on network security management. Learn how to use NIDS and firewall technologies to secure our networks. 1 Outline Network Security
More informationSpeedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques
www.ijcsi.org 387 Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques Utkarsh Dixit 1, Shivali Gupta 2 and Om Pal 3 1 School of Computer Science, Centre
More informationNetwork Intrusion Detection Using an Improved Competitive Learning Neural Network
Network Intrusion Detection Using an Improved Competitive Learning Neural Network John Zhong Lei and Ali Ghorbani Faculty of Computer Science University of New Brunswick Fredericton, NB, E3B 5A3, Canada
More informationA Neural Network Based System for Intrusion Detection and Classification of Attacks
A Neural Network Based System for Intrusion Detection and Classification of Attacks Mehdi MORADI and Mohammad ZULKERNINE Abstract-- With the rapid expansion of computer networks during the past decade,
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationIntrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org
More informationIntrusion Detection System using Log Files and Reinforcement Learning
Intrusion Detection System using Log Files and Reinforcement Learning Bhagyashree Deokar, Ambarish Hazarnis Department of Computer Engineering K. J. Somaiya College of Engineering, Mumbai, India ABSTRACT
More informationHow To Prevent Network Attacks
Ali A. Ghorbani Wei Lu Mahbod Tavallaee Network Intrusion Detection and Prevention Concepts and Techniques )Spri inger Contents 1 Network Attacks 1 1.1 Attack Taxonomies 2 1.2 Probes 4 1.2.1 IPSweep and
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationDevelopment of a Network Intrusion Detection System
Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/
More informationAn Intelligent Firewall to Detect Novel Attacks
An Intelligent Firewall to Detect Novel Attacks An Integrated Approach based on Anomaly Detection Against Virus Attacks InSeon Yoo and Ulrich Ultes-Nitsche Department of Electronics and Computer Science,
More informationComputational intelligence in intrusion detection systems
Computational intelligence in intrusion detection systems --- An introduction to an introduction Rick Chang @ TEIL Reference The use of computational intelligence in intrusion detection systems : A review
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationCYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
More informationCoimbatore-47, India. Keywords: intrusion detection,honeypots,networksecurity,monitoring
Volume 4, Issue 8, August 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Investigate the
More informationIntrusion Detection for Grid and Cloud Computing
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal University of Santa Catarina, Brazil Content Type
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationIntrusion Forecasting Framework for Early Warning System against Cyber Attack
Intrusion Forecasting Framework for Early Warning System against Cyber Attack Sehun Kim KAIST, Korea Honorary President of KIISC Contents 1 Recent Cyber Attacks 2 Early Warning System 3 Intrusion Forecasting
More informationNeural Networks for Intrusion Detection and Its Applications
, July 3-5, 2013, London, U.K. Neural Networks for Intrusion Detection and Its Applications E.Kesavulu Reddy, Member IAENG Abstract: With rapid expansion of computer networks during the past decade, security
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 1, Jan-Feb 2015
RESEARCH ARTICLE A Review of Hybrid Intrusion Detection System Pushpak Singha 1, Anup Sheth 2, Rahul Lakkadwala 3 Akshay D. Gaikwad 4, Megha V. Kadam 5 UG Research Scholar 1, 2, 3 & 4, Assistant Professor
More informationAn Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation
An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation Shanofer. S Master of Engineering, Department of Computer Science and Engineering, Veerammal Engineering College,
More informationIndex Terms: Intrusion Detection System (IDS), Training, Neural Network, anomaly detection, misuse detection.
Survey: Learning Techniques for Intrusion Detection System (IDS) Roshani Gaidhane, Student*, Prof. C. Vaidya, Dr. M. Raghuwanshi RGCER, Computer Science and Engineering Department, RTMNU University Nagpur,
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationUSING GENETIC ALGORITHM IN NETWORK SECURITY
USING GENETIC ALGORITHM IN NETWORK SECURITY Ehab Talal Abdel-Ra'of Bader 1 & Hebah H. O. Nasereddin 2 1 Amman Arab University. 2 Middle East University, P.O. Box: 144378, Code 11814, Amman-Jordan Email:
More informationOpen Access Research on Application of Neural Network in Computer Network Security Evaluation. Shujuan Jin *
Send Orders for Reprints to reprints@benthamscience.ae 766 The Open Electrical & Electronic Engineering Journal, 2014, 8, 766-771 Open Access Research on Application of Neural Network in Computer Network
More informationConclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationIntrusion Detection Systems. Overview. Evolution of IDSs. Oussama El-Rawas. History and Concepts of IDSs
Intrusion Detection Systems Oussama El-Rawas History and Concepts of IDSs Overview A brief description about the history of Intrusion Detection Systems An introduction to Intrusion Detection Systems including:
More informationData Mining for Network Intrusion Detection
Data Mining for Network Intrusion Detection S Terry Brugger UC Davis Department of Computer Science Data Mining for Network Intrusion Detection p.1/55 Overview This is important for defense in depth Much
More informationIntrusion Detection Systems vs. Intrusion Prevention Systems. Sohkyoung (Michelle) Cho ACC 626
Intrusion Detection Systems vs. Intrusion Prevention Systems Sohkyoung (Michelle) Cho ACC 626 1.0 INTRODUCTION An increasing number of organizations use information systems to conduct their core business
More informationA Content based Spam Filtering Using Optical Back Propagation Technique
A Content based Spam Filtering Using Optical Back Propagation Technique Sarab M. Hameed 1, Noor Alhuda J. Mohammed 2 Department of Computer Science, College of Science, University of Baghdad - Iraq ABSTRACT
More informationIEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 38, NO. 5, SEPTEMBER 2008 649
IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 38, NO. 5, SEPTEMBER 2008 649 Random-Forests-Based Network Intrusion Detection Systems Jiong Zhang, Mohammad Zulkernine,
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationFirewalls & Intrusion Detection
Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More information