Data Reduction Based on Local Hausdorff Measures for Forensic Data
|
|
- Kimberly Hudson
- 8 years ago
- Views:
Transcription
1 Data Reduction Based on Local Hausdorff Measures for Forensic Data Peng Tao 1,2, Chen 1 Xiaoshu 1, Liu Huiyu 1, Chen Kai 1 1 Huazhong University of Science & Technology 2 Wuhan Textile University pt0403@163.com doi: /jcit.vol6.issue5.31 Abstract Currently, in many domains (e.g. multispectral images, text categorization, biometrics, retrieval of multimedia database, computer forensics), the size of the data sets is so extremely large that real-time systems cannot afford the time and storage requirements to process them. Data reduction techniques are approaches in charge of diminish the quantity of information in order to reduce both memory and execution time. In this paper, we proposed a schema to reduce the quantity of instances using local Hausdorff measures. In the schema, we divide the original data set to subsets and use the Hausdorff measures on the subsets, the instances in the set which doesn t change or change the hausdorff distance slightly will be removed, which can reduce the quantity of the original set. The schema assures the topology of the original set and can supply a good data set for next proceeding. 1. Introduction Keywords: Data Reduction, Hausdorff Measures, Local, Forensic Data Data reduction techniques are approaches in charge of diminish the quantity of information in order to reduce both memory and execution time. Traditionally, the concept of data reduction have received several names: e.g. editing, condensing, filtering, thinning, etc, depending on the objective of the data reduction task. There are two different possibilities depending on the object of the reduction. The first one is to reduce the quantity of instances, while the second one is to select a subset of features from available ones. The later, feature selection, is not considered in this paper, but just the former: prototype selection. The term network forensics was introduced by the computer security expert Marcus Ranum in the early 90 s [1], and is borrowed from the legal and criminology fields where forensics pertains to the investigation of crimes. According to Simson Garfinkel, network forensic systems can be implemented in two ways: catch it as you can and stop look and listen systems [2]. Most network forensic systems are based on audit trails. Systems relying on audit trails try to detect known attack patterns, deviations from normal behavior, or security policy violations. They also try to reduce large volumes of audit data to small volumes for interesting data. One of the main problems with these systems is the overhead, which can become unacceptably high. To analyze logs, the system must keep information regarding all the actions performed, which invariably results in huge amounts of data, requiring disk space and CPU resources. Next, the logs must be processed to convert them into a manageable format, and then compared with the set of recognized misuse and attack patterns to identify possible security violations. Further, the stored patterns need to be continually updated, which would normally involve human expertise. An intelligent, adaptable and cost-effective tool that is capable of this is the goal of the researchers in cyber forensics. 2. Related Works The many existing proposals in relation to reduce data can be categorized into two main groups. First, the schemes that merely select a subset of the original instances, Hart s algorithm [3] represent the first reduction for the 1-NN rule. In this initial approximation, the idea of reducing with respect to the training set is used. The weakness of the hart s method lies in the impossibility of judging whether the resulting reduced set is the smallest set. Chen & Jozwik[4] proposed a simple reduce schema which allows one to control the resulting condensed set size; the schema defined the diameter of a
2 training, the strategy relies on dividing the initial training set into successive subsets which are defined based on the notion diameter. This process is repeated until the number of subsets reaches the number previously established as the reduced set size. Sanchez introduced the family of RSP(Reduction by Space Partition) algorithms[5], which are based on the idea Chen s algorithm. The Main difference between the Chen s and one of the RSP approaches, RSP3, is that in the former, any subset containing a mixture of instances belonging to different classes can be chosen to divided. There also some other researches about the data reduction [11~13]. 3. Hausdorff measures and KDD CUP 99 Data Set 3.1. KDD CUP 99 Data Set In 1998, the United States Defense Advanced Research Projects Agency (DARPA)funded an Intrusion Detection Evaluation Program (IDEP) administered by the Lincoln Laboratory at the Massachusetts Institute of Technology. The goal of this program was to build a data set that would help evaluate different intrusion detection systems (IDS) in order to assess their strengths and weaknesses. The objective was to survey and evaluate research in the field of intrusion detection. The computer network topology employed for the IDEP program involved two sub networks: an inside network consisting of victim machines and an outside network consisting of simulated real-world Internet traffic. The victim machines ran Linux, SunOS TM, and Solaris TM operating systems. Seven weeks of training data and two weeks of testing data were collected. Testing data contained a total of 38 attacks, 14 of which did not exist in the training data. This was done to facilitate the evaluation of potential IDSs with respect to their anomaly detection performance. Three kinds of data was collected: transmission control protocol (TCP) packets using the tcpdump utility, basic security module (BSM) audit records using the Sun Solaris TM BSM utility, and system file dumps. This data set is popularly known as DARPA 1998 data set [6]. One of the participants in the 1998 DARPA IDEP [7], used only TCP packets to build a processed version of the DARPA 1998 data set [3]. This data set, named in the literature as KDD intrusion detection data set [8], was used for the 1999 KDD Cup competition [9], which allowed participants to employ it for developing IDSs. Both training and testing data subsets cover four major attack ategories: Probing (information gathering attacks), Denial-of-Service (deny legitimate requests to a system), User-to-Root (unauthorized access to local super-user or root), and Remote-to-Local (unauthorized local access from a remote machine). Each record consists of 41 features [10], where 38 are numeric and 3 are symbolic, defined to characterize individual TCP sessions Hausdorff Measures In mathematics, the Hausdorff distance, or Hausdorff metric, measures how far two subsets of a metric space are from each other. It turns the set of non-empty compact subsets of a metric space into a metric space in its own right. It is named after Felix Hausdorff. Informally, two sets are close in the Hausdorff distance if every point of either set is close to some point of the other set. The Hausdorff distance is the longest distance you can be forced to travel by an adversary who chooses a point in one of the two sets, from where you then must travel to the other set. Let X and Y be two non-empty subsets of a metric space (M, d). We define their Hausdorff distance d H(X, Y) by (1) Where sup represents the supremum and inf the infimum. d(x, y) denotes the euclidean distance between x and y. The properties of the Hausdorff distance as follows:
3 (1) In general may be infinite. If both X and Y are bounded, then is guaranteed to be finite; (2) We have =0 if and only if X and Y have the same closure; (3) On the set of all non-empty subsets of M, d H yields an extended pseudometric. (4) On the set F(M) of all non-empty compact subsets of M, d H is a metric. If M is complete, then so is F(M). If M is compact, then so is F(M). The topology of F(M) depends only on the topology of M, not on the metric d. The geometry description of Hausdorff Distance can be shown in fig 1: Figure 1. Components of the calculation of the Hausdorff distance between the green line X and the blue line Y. The definition of the Hausdorff distance can be derived by a series of natural extensions of the distance function d(x, y) in the underlying metric space M, as follows: (1) Define a distance function between any point x of M and any non-empty set Y of M by: (2) (2) For example, d(1, [3,6]) = 2 and d(7, [3,6]) = 1. (3) Define a distance function between any two non-empty sets X and Y of M by: (4) (3) (5) For example, d([1,7], [3,6]) = d(1, [3,6]) = 2. (6) If X and Y are compact then d(x,y) will be finite; d(x,x)=0; and d inherits the triangle inequality property from the distance function in M. As it stands, d(x,y) is not a metric because d(x,y) is not always symmetric, and d(x,y) = 0 does not imply that X = Y (It does imply that ). For example, d([1,3,6,7], [3,6]) = 2, but d([3,6], [1,3,6,7]) = 0. However, we can create a metric by defining the Hausdorff distance to be: (4)
4 4. Data Reduction Algorithm Based on Hausdorff Distance The schema of data reduction has proposed were destroyed the topology of the original dataset, which will reduce the classification accuracy. In order to maintain the topology of the original dataset, Hausdorff Distance is used Local Hausdorff Distance Algorithm In section III, we can get that, the Hausdorff Distance( ) can be used to measure the similarity of two sets. The smaller of two set, the similarity of them is higher. The data reduction based on Hausdorff Distance can be described as: Algorithm 1: Pseudo-code for Local dataset Original data set X. ArrayDh[k]; ArrayZero[k/2]; For x X, S=k-NN(x); For y S S = S-y; ArrayDh [i]=d H (S,S ); If(ArrayDh [i]> ) Add(y) to B; If(ArrayDh [i]==0) Flag=Find(y, ArrayZero); If(!Flag) Add(y) to B: Add(y) to ArrayZero; End if End if End for Add(ArrayZero) to B; X=X-S; End for For instance x X, X is the original dataset, and the k nearest neighbor of x is gotten, which combined the local sub set S, for very instance y S, S =S-y, the Hausdorff distance (Hd) of S and S is computed: (1) if Hd< ( is the threshold), means that the instance y doesn t affect the topology of data set S, so, y can be removed from S, otherwise, y cannot be removed from S. (2) if Hd=0; which means that, there at least exist a instance have the same location with y or almost the same location with y, y should remain in S, and other instance(s) can be removed from S;
5 We use UCI machine learning database repository to test our algorithm. The Glass dataset is chosen, in the Glass Identification database there are 214 instance that represent 6 different types of glass(defined in terms of their oxide content:na, Fe, K,etc). Each class is represented by 70,76,17,13,9 and 29 examples respectively. It has 9 numeric-valued features, and it comes from the USA Forensic Science Service. There features are chosen, figure 1 is the Representation of the Glass: In Figure 2 is the subset of Glass which includes 30 instance, symbol + in figure 2 is the instances that make the Hausdorff distance to zero, the symbol o is the instance that make the max Hausdorff distance. From figure 2, we can get that, the instance of max Hausdorff distance is the instance that will affect the topology of the set. The larger Hausdorff distance, the more effect of topology. So we remove some instances which Hausdorff distance is smaller than threshold, the figure 3 is the reduced subset with =0.06 and the reduction rate is 40% Data Reduction for KDD CUP 99 Data Set In section 3, we know that each record of the Data set consists of 41 features where 38 are numeric and 3 are symbolic, at the same time, the dimension of each features are different. For example, the follow is a normal record: 0,tcp,http,SF,181,5450,0,0,0,0,0, 1,0,0,0,0, 0,0,0,0,0,0,8, 8,0.0,0,0.00,0.00,0.00,1.00,0.00,0.00,9,9,1.00,0.00,0.11,0.00,0.00,0.00,0.00,0.00. Fig 1. Representation of the Glass Fig 2. Max Hd and min Hd of Sub set in Glass Fig 3. Remove some instance from Subset in Glass The first feature is Length (# of seconds) of the connection, the fifth feature is data bytes from source to destination, the seventh feature is a flag that 1 if connection is from/to the same host/port;
6 0 otherwise. In order to find the attack data in the data set, we should apply the clustering algorithm on the data set. Before clustering, we must pre-process the data set: Replacing the Symbolic with Numeric The feature 2(Type of the protocol, e.g. tcp, udp, etc.), feature 3(Network service on the destination, e.g., http, telnet, etc.), feature 4(Normal or error status of the connection) features of the record are symbolic, there are three type of the protocol, 66 type of network service and 11 type of status in the data set. A simple way is used to replace the symbolic, 1 replace tcp, 2 replace udp and 3 replace icmp.do the same work for next 2 features. So we get the numerical record: 0,1,21,10,181,5450, 0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,8,0.00,0.00,0.00,0.00,1.00,0.00,0.00,9,9,1.00,0.00,0.11,0.00,0.00,0.00,0.00, Standardizing the Data Set In the data set, the value of sixth features is much larger than the value of the second feature, which will affect the clustering, so we should eliminate the effect of the dimension. (k)= (5) Formula (4) is a way to standardize the data set, which make the average is zero and the variance is one. With the formula(4), we can get the record: , ,0.7746,0, ,0.5836,0,0,0, ,0,0.7746,0, ,0,0,0,0,0,0,0,0, , , , ,0,0,0,0, , , ,0,0, , , , Reduce the KDD CUP99 Data set With the previous works, we can get the algorithm of data reduction. The algorithm described as follow: Algorithm 2: Data reduction for KDD CUP 99 Input: Dataset S n D, number of neighbors K, Threshold Output: Dataset of reduction Y. Step 1: replaces the symbolic with numeric in Dataset S; Step 2: standardizing the Dataset S with formula (5); Step 3: applying the algorithm 1 on dataset S; 4 Algorithm complexities The algorithm complexity of data reduction including the complexity of K nearest neighbors (O (n)), complexity of Hausdorff distance (O(n 2 )); The storage consume including: Original Dataset (N*D), Reduction dataset (N *D) and the temporary dataset K*D*2, so, the total storage consume is D*(N+N +2*K), the N is the number of instances in original dataset and the N is the number of instances in Reduction dataset. 5. Experiments Result and Future Work In order to test the validity of the reduction, the clustering algorithm is used to analyze the original data set and the reduction dataset. We extract part records of DoS,PROBE,R2L,U2R and NORMAL in the data set from original dataset randomly, 5 test dataset were gotten, namely, NORMAL and DoS(ND), NORMAL and PROBE(NP), NORMAL and R2L,(NR) NORMAL and U2R(NU), DoS,PROBE,R2L,U2R and NORMAL, each dataset contain records
7 Table 1. Reduction Rate and the effect of classification accuracy Origin 90.2% 88.6% 86.1% 84.5% 82.1% 78.6% 75% 70% ND 99.4% 99% 98.3% 97.6% 97% 95.8% 94.4% 93.1% 90.3% NP 99.6% 99.1% 98.4% 97.3% 97.1% 95.8% 94.2% 93% 90.5% NR 99.4% 99.3% 98.5% 97.3% 97.2% 95.9% 94.4% 93.1% 89.1% NU 99.1% 98.7% 98.2% 97.1% 97% 95.8% 94.1% 93.9% 88.5% AVR % 99.02% 98.35% 97.32% 97.07% 96.82% 96.27% 96.02% 88.22% In table 1, we can get that, with the increase of reduction, the classification accuracy is decreasing. The tradeoff of reduction rate and the classification accuracy can be gotten from the table1. When the reduction rate increases from 10% to 15%, the decreasing of classification accuracy is small. When the reduction rate is up to 15%, the classification accuracy will decrease greatly. This paper proposed a way to reduce the data set using local Hausdorff distance, which can maintain the geometrical distribution of original dataset. The schema can supply a good tradeoff between the reduction rate and the classification accuracy. At the same time, there is lot of room for improvement. One could take a closer look at the effects of the parameter sets. It would be useful to find a way to get the pretty parameter for the threshold to remove the instance from original data set. 6. Reference [1] Marcus Ranum, Network Flight Recorder. [2] Simson Garfinkel, Web Security, Privacy & Commerce, 2nd Edition. /pub/a/network /2002/04/26/nettap.html [3] P.E.Hart, The Condensed Nearest Neighbor Rule, IEEE Tans. On Infromation Theory 14 no.5 (1968) [4] C.H. Chen and A.Jozwik, A Simple Set Condensation Algorithm for the Class Sensitive Artifical Neural Network, Pattern Recognition Letters. 17(1996) [5] J.S.Sanchez, High Training Set Size Reduction by Space Partitioning and Prototype Abstraction, Pattern Recogniton 37,no 7(2004) [6] DARPA 1998 data set, edu /IST/ideval/data/1998/1998_data_index. html, cited August [7] W. Lee, S. J. Stolfo, and K. W. Mok, A Data Mining Framework for Building Intrusion Detection Models, IEEE Symposium on Security and Privacy, Oakland, California (1999), [8] KDD 1999 data set, kddcup99/ kddcup99.html, cited August [9] I. Levin, KDD-99 Classifier Learning Contest LLSoft s Results Overview, ACM SIGKDD Explorations 1(2) (2000), [10] Tenenbaum, J. B., de Silva, V., & Langford, J. C. (2000) A global geometric framework for nonlinear dimensionality reduction, Science, 290, pp [11] Dimensionality Reduction for Association Rule Mining, B Nath, D K Bhattacharyya, A Ghosh, International Journal of Intelligent Information Processing, Vol. 2, No. 1, pp. 9 ~ 21, 2011 [12] A Dimension Reduction Approach Using Shrinking for Multi-Dimensional Data Analysis, Yong Shi, International Journal of Intelligent Information Processing, Vol. 1, No. 2, pp. 86 ~ 98, 2010 [13] A Feature Selection Algorithm Based on Tolerant Granule, Shifei Ding, Yu Zhang, Li Xu, Jun Qian, JCIT: Journal of Convergence Information Technology, Vol. 6, No. 1, pp. 191 ~ 195,
A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS
Journal homepage: www.mjret.in ISSN:2348-6953 A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS P.V.Sawant 1, M.P.Sable 2, P.V.Kore 3, S.R.Bhosale 4 Department
More informationDenial of Service Attack Detection Using Multivariate Correlation Information and Support Vector Machine Classification
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Denial of Service Attack Detection Using Multivariate Correlation Information and
More informationSystem for Denial-of-Service Attack Detection Based On Triangle Area Generation
System for Denial-of-Service Attack Detection Based On Triangle Area Generation 1, Heena Salim Shaikh, 2 N Pratik Pramod Shinde, 3 Prathamesh Ravindra Patil, 4 Parag Ramesh Kadam 1, 2, 3, 4 Student 1,
More informationHybrid Intrusion Detection System Using K-Means Algorithm
International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Hybrid Intrusion Detection System Using K-Means Algorithm Darshan K. Dagly 1*, Rohan
More informationApplication of Data Mining Techniques in Intrusion Detection
Application of Data Mining Techniques in Intrusion Detection LI Min An Yang Institute of Technology leiminxuan@sohu.com Abstract: The article introduced the importance of intrusion detection, as well as
More informationKEITH LEHNERT AND ERIC FRIEDRICH
MACHINE LEARNING CLASSIFICATION OF MALICIOUS NETWORK TRAFFIC KEITH LEHNERT AND ERIC FRIEDRICH 1. Introduction 1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They
More informationAn Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation
An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation Shanofer. S Master of Engineering, Department of Computer Science and Engineering, Veerammal Engineering College,
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationBandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System
Bandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System 1 M.Yasodha, 2 S. Umarani 1 PG Scholar, Department of Information Technology, Maharaja Engineering College,
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationNetwork Intrusion Simulation Using OPNET
Network Intrusion Simulation Using OPNET Shabana Razak, Mian Zhou, Sheau-Dong Lang* School of Electrical Engineering & Computer Science and National Center for Forensic Science* University of Central Florida,
More informationAn analysis of suitable parameters for efficiently applying K-means clustering to large TCPdump data set using Hadoop framework
An analysis of suitable parameters for efficiently applying K-means clustering to large TCPdump data set using Hadoop framework Jakrarin Therdphapiyanak Dept. of Computer Engineering Chulalongkorn University
More informationEfficient Security Alert Management System
Efficient Security Alert Management System Minoo Deljavan Anvary IT Department School of e-learning Shiraz University Shiraz, Fars, Iran Majid Ghonji Feshki Department of Computer Science Qzvin Branch,
More informationA Frequency-Based Approach to Intrusion Detection
A Frequency-Based Approach to Intrusion Detection Mian Zhou and Sheau-Dong Lang School of Electrical Engineering & Computer Science and National Center for Forensic Science, University of Central Florida,
More informationIndex Terms Domain name, Firewall, Packet, Phishing, URL.
BDD for Implementation of Packet Filter Firewall and Detecting Phishing Websites Naresh Shende Vidyalankar Institute of Technology Prof. S. K. Shinde Lokmanya Tilak College of Engineering Abstract Packet
More informationAnalyzing TCP Traffic Patterns Using Self Organizing Maps
Analyzing TCP Traffic Patterns Using Self Organizing Maps Stefano Zanero D.E.I.-Politecnico di Milano, via Ponzio 34/5-20133 Milano Italy zanero@elet.polimi.it Abstract. The continuous evolution of the
More informationDenial-Of-Service Attack Detection Based On Multivariate Correlation Analysis and Triangle Area Map Generation
Denial-Of-Service Attack Detection Based On Multivariate Correlation Analysis and Triangle Area Map Generation Heena Salim Shaikh, Parag Ramesh Kadam, N Pratik Pramod Shinde, Prathamesh Ravindra Patil,
More informationPerformance Evaluation of Intrusion Detection Systems using ANN
Performance Evaluation of Intrusion Detection Systems using ANN Khaled Ahmed Abood Omer 1, Fadwa Abdulbari Awn 2 1 Computer Science and Engineering Department, Faculty of Engineering, University of Aden,
More informationBisecting K-Means for Clustering Web Log data
Bisecting K-Means for Clustering Web Log data Ruchika R. Patil Department of Computer Technology YCCE Nagpur, India Amreen Khan Department of Computer Technology YCCE Nagpur, India ABSTRACT Web usage mining
More informationAn Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus
An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus Tadashi Ogino* Okinawa National College of Technology, Okinawa, Japan. * Corresponding author. Email: ogino@okinawa-ct.ac.jp
More informationAn Overview of Knowledge Discovery Database and Data mining Techniques
An Overview of Knowledge Discovery Database and Data mining Techniques Priyadharsini.C 1, Dr. Antony Selvadoss Thanamani 2 M.Phil, Department of Computer Science, NGM College, Pollachi, Coimbatore, Tamilnadu,
More informationA Dynamic Flooding Attack Detection System Based on Different Classification Techniques and Using SNMP MIB Data
International Journal of Computer Networks and Communications Security VOL. 2, NO. 9, SEPTEMBER 2014, 279 284 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S A Dynamic Flooding Attack Detection
More informationSTUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS
STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS SACHIN MALVIYA Student, Department of Information Technology, Medicaps Institute of Science & Technology, INDORE (M.P.)
More informationEntropy-Based Collaborative Detection of DDoS Attacks on Community Networks
Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks Krishnamoorthy.D 1, Dr.S.Thirunirai Senthil, Ph.D 2 1 PG student of M.Tech Computer Science and Engineering, PRIST University,
More informationALGORITHM FOR DISTRIBUTED AGENT BASED NETWORK INTRUSION DETECTION SYSTEM (NIDS)
ALGORITHM FOR DISTRIBUTED AGENT BASED NETWORK INTRUSION DETECTION SYSTEM (NIDS) Aleksandar Sokolovski Faculty Of Informatics, European University Skopje, Macedonia Saso Gelev Faculty Of Informatics, European
More informationDesign call center management system of e-commerce based on BP neural network and multifractal
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(6):951-956 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Design call center management system of e-commerce
More informationCLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA
CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA Professor Yang Xiang Network Security and Computing Laboratory (NSCLab) School of Information Technology Deakin University, Melbourne, Australia http://anss.org.au/nsclab
More informationA survey on Data Mining based Intrusion Detection Systems
International Journal of Computer Networks and Communications Security VOL. 2, NO. 12, DECEMBER 2014, 485 490 Available online at: www.ijcncs.org ISSN 2308-9830 A survey on Data Mining based Intrusion
More informationA Statistical Method for Profiling Network Traffic
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the Proceedings of the Workshop on Intrusion Detection and Network Monitoring Santa Clara, California, USA, April
More informationClustering Technique in Data Mining for Text Documents
Clustering Technique in Data Mining for Text Documents Ms.J.Sathya Priya Assistant Professor Dept Of Information Technology. Velammal Engineering College. Chennai. Ms.S.Priyadharshini Assistant Professor
More informationKnowledge Based System for Detection and Prevention of DDoS Attacks using Fuzzy logic
Knowledge Based System for Detection and Prevention of DDoS Attacks using Fuzzy logic Amit Khajuria 1, Roshan Srivastava 2 1 M. Tech Scholar, Computer Science Engineering, Lovely Professional University,
More informationA new Approach for Intrusion Detection in Computer Networks Using Data Mining Technique
A new Approach for Intrusion Detection in Computer Networks Using Data Mining Technique Aida Parbaleh 1, Dr. Heirsh Soltanpanah 2* 1 Department of Computer Engineering, Islamic Azad University, Sanandaj
More informationClustering on Large Numeric Data Sets Using Hierarchical Approach Birch
Global Journal of Computer Science and Technology Software & Data Engineering Volume 12 Issue 12 Version 1.0 Year 2012 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global
More informationFirewalls & Intrusion Detection
Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion
More informationOn Entropy in Network Traffic Anomaly Detection
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015 Jayro Santiago-Paz, Deni Torres-Roman. 1/19 On Entropy in Network
More information131-1. Adding New Level in KDD to Make the Web Usage Mining More Efficient. Abstract. 1. Introduction [1]. 1/10
1/10 131-1 Adding New Level in KDD to Make the Web Usage Mining More Efficient Mohammad Ala a AL_Hamami PHD Student, Lecturer m_ah_1@yahoocom Soukaena Hassan Hashem PHD Student, Lecturer soukaena_hassan@yahoocom
More informationOn A Network Forensics Model For Information Security
On A Network Forensics Model For Information Security Ren Wei School of Information, Zhongnan University of Economics and Law, Wuhan, 430064 renw@public.wh.hb.cn Abstract: The employment of a patchwork
More informationA Novel Approach for Network Traffic Summarization
A Novel Approach for Network Traffic Summarization Mohiuddin Ahmed, Abdun Naser Mahmood, Michael J. Maher School of Engineering and Information Technology, UNSW Canberra, ACT 2600, Australia, Mohiuddin.Ahmed@student.unsw.edu.au,A.Mahmood@unsw.edu.au,M.Maher@unsw.
More informationAdaptive Anomaly Detection for Network Security
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 5, Number 1 (2013), pp. 1-9 International Research Publication House http://www.irphouse.com Adaptive Anomaly Detection for
More informationA Study of Web Log Analysis Using Clustering Techniques
A Study of Web Log Analysis Using Clustering Techniques Hemanshu Rana 1, Mayank Patel 2 Assistant Professor, Dept of CSE, M.G Institute of Technical Education, Gujarat India 1 Assistant Professor, Dept
More informationDetection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationMining and Detecting Connection-Chains in Network Traffic
Mining and Detecting Connection-Chains in Network Traffic Ahmad Almulhem and Issa Traore ISOT Research Lab, ECE Department, University of Victoria, Victoria, CANADA Summary. A connection-chain refers to
More informationMobile Phone APP Software Browsing Behavior using Clustering Analysis
Proceedings of the 2014 International Conference on Industrial Engineering and Operations Management Bali, Indonesia, January 7 9, 2014 Mobile Phone APP Software Browsing Behavior using Clustering Analysis
More informationEvaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation
Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation R. K. Cunningham, R. P. Lippmann, D. J. Fried, S. L. Garfinkel, I. Graf, K. R. Kendall,
More informationAdaptive Framework for Network Traffic Classification using Dimensionality Reduction and Clustering
IV International Congress on Ultra Modern Telecommunications and Control Systems 22 Adaptive Framework for Network Traffic Classification using Dimensionality Reduction and Clustering Antti Juvonen, Tuomo
More informationEM Clustering Approach for Multi-Dimensional Analysis of Big Data Set
EM Clustering Approach for Multi-Dimensional Analysis of Big Data Set Amhmed A. Bhih School of Electrical and Electronic Engineering Princy Johnson School of Electrical and Electronic Engineering Martin
More informationNetwork Intrusion Detection using Semi Supervised Support Vector Machine
Network Intrusion Detection using Semi Supervised Support Vector Machine Jyoti Haweliya Department of Computer Engineering Institute of Engineering & Technology, Devi Ahilya University Indore, India ABSTRACT
More informationKeywords - Intrusion Detection System, Intrusion Prevention System, Artificial Neural Network, Multi Layer Perceptron, SYN_FLOOD, PING_FLOOD, JPCap
Intelligent Monitoring System A network based IDS SONALI M. TIDKE, Dept. of Computer Science and Engineering, Shreeyash College of Engineering and Technology, Aurangabad (MS), India Abstract Network security
More informationIntrusion Detection System using Log Files and Reinforcement Learning
Intrusion Detection System using Log Files and Reinforcement Learning Bhagyashree Deokar, Ambarish Hazarnis Department of Computer Engineering K. J. Somaiya College of Engineering, Mumbai, India ABSTRACT
More informationMachine Learning using MapReduce
Machine Learning using MapReduce What is Machine Learning Machine learning is a subfield of artificial intelligence concerned with techniques that allow computers to improve their outputs based on previous
More informationTOWARDS SIMPLE, EASY TO UNDERSTAND, AN INTERACTIVE DECISION TREE ALGORITHM
TOWARDS SIMPLE, EASY TO UNDERSTAND, AN INTERACTIVE DECISION TREE ALGORITHM Thanh-Nghi Do College of Information Technology, Cantho University 1 Ly Tu Trong Street, Ninh Kieu District Cantho City, Vietnam
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationNetwork Intrusion Detection Systems
Network Intrusion Detection Systems False Positive Reduction Through Anomaly Detection Joint research by Emmanuele Zambon & Damiano Bolzoni 7/1/06 NIDS - False Positive reduction through Anomaly Detection
More informationSPATIAL DATA CLASSIFICATION AND DATA MINING
, pp.-40-44. Available online at http://www. bioinfo. in/contents. php?id=42 SPATIAL DATA CLASSIFICATION AND DATA MINING RATHI J.B. * AND PATIL A.D. Department of Computer Science & Engineering, Jawaharlal
More informationIEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 38, NO. 5, SEPTEMBER 2008 649
IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 38, NO. 5, SEPTEMBER 2008 649 Random-Forests-Based Network Intrusion Detection Systems Jiong Zhang, Mohammad Zulkernine,
More informationA NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS
A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS Sumanta Saha, Md. Safiqul Islam, Md. Sakhawat Hossen School of Information and Communication Technology The Royal Institute of Technology (KTH) Stockholm,
More informationNetwork Intrusion Detection Using a HNB Binary Classifier
2015 17th UKSIM-AMSS International Conference on Modelling and Simulation Network Intrusion Detection Using a HNB Binary Classifier Levent Koc and Alan D. Carswell Center for Security Studies, University
More informationA Neural Network Based System for Intrusion Detection and Classification of Attacks
A Neural Network Based System for Intrusion Detection and Classification of Attacks Mehdi MORADI and Mohammad ZULKERNINE Abstract-- With the rapid expansion of computer networks during the past decade,
More informationAn Improved Algorithm for Fuzzy Data Mining for Intrusion Detection
An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection German Florez, Susan M. Bridges, and Rayford B. Vaughn Abstract We have been using fuzzy data mining techniques to extract patterns that
More informationHYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK
HYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK 1 K.RANJITH SINGH 1 Dept. of Computer Science, Periyar University, TamilNadu, India 2 T.HEMA 2 Dept. of Computer Science, Periyar University,
More informationNetwork TrafficBehaviorAnalysisby Decomposition into Control and Data Planes
Network TrafficBehaviorAnalysisby Decomposition into Control and Data Planes Basil AsSadhan, Hyong Kim, José M. F. Moura, Xiaohui Wang Carnegie Mellon University Electrical and Computer Engineering Department
More informationA Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds
International Journal of Research Studies in Science, Engineering and Technology Volume 1, Issue 9, December 2014, PP 139-143 ISSN 2349-4751 (Print) & ISSN 2349-476X (Online) A Novel Distributed Denial
More informationIntrusion Detection via Machine Learning for SCADA System Protection
Intrusion Detection via Machine Learning for SCADA System Protection S.L.P. Yasakethu Department of Computing, University of Surrey, Guildford, GU2 7XH, UK. s.l.yasakethu@surrey.ac.uk J. Jiang Department
More informationINTRUSION DETECTION SYSTEM USING SELF ORGANIZING MAP
Acta Electrotechnica et Informatica No. 1, Vol. 6, 2006 1 INTRUSION DETECTION SYSTEM USING SELF ORGANIZING MAP Liberios VOKOROKOS, Anton BALÁŽ, Martin CHOVANEC Technical University of Košice, Faculty of
More informationUse of Data Mining Techniques to Improve the Effectiveness of Sales and Marketing
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 4, April 2015,
More informationA Web-based Interactive Data Visualization System for Outlier Subspace Analysis
A Web-based Interactive Data Visualization System for Outlier Subspace Analysis Dong Liu, Qigang Gao Computer Science Dalhousie University Halifax, NS, B3H 1W5 Canada dongl@cs.dal.ca qggao@cs.dal.ca Hai
More informationFlexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks
Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Prashil S. Waghmare PG student, Sinhgad College of Engineering, Vadgaon, Pune University, Maharashtra, India. prashil.waghmare14@gmail.com
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationVulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 12 (2014), pp. 1167-1173 International Research Publications House http://www. irphouse.com Vulnerability
More informationModeling Intrusion Detection Systems Using Linear Genetic Programming Approach
Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach Srinivas Mukkamala, Andrew H. Sung, Ajith Abrham* Department of Computer Science, New Mexico Tech, Socorro, NM 87801 *Department
More informationHybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume1 Issue 3 Dec 2012 Page No. 151-155 Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.
More informationPreventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
More information2 Technologies for Security of the 2 Internet
2 Technologies for Security of the 2 Internet 2-1 A Study on Process Model for Internet Risk Analysis NAKAO Koji, MARUYAMA Yuko, OHKOUCHI Kazuya, MATSUMOTO Fumiko, and MORIYAMA Eimatsu Security Incidents
More informationUsing Data Mining for Mobile Communication Clustering and Characterization
Using Data Mining for Mobile Communication Clustering and Characterization A. Bascacov *, C. Cernazanu ** and M. Marcu ** * Lasting Software, Timisoara, Romania ** Politehnica University of Timisoara/Computer
More informationApplied Mathematical Sciences, Vol. 7, 2013, no. 112, 5591-5597 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ams.2013.
Applied Mathematical Sciences, Vol. 7, 2013, no. 112, 5591-5597 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ams.2013.38457 Accuracy Rate of Predictive Models in Credit Screening Anirut Suebsing
More informationDistributed Firewall with Intrusion Detection System
3110 JOURNAL OF COMPUTERS, VOL. 7, NO. 12, DECEMBER 2012 Distributed Firewall with Intrusion Detection System Linquan Xie School of Science, Jiangxi University of Science and Technology, 341000 Ganzhou,
More informationMultidimensional Network Monitoring for Intrusion Detection
Multidimensional Network Monitoring for Intrusion Detection Vladimir Gudkov and Joseph E. Johnson Department of Physics and Astronomy University of South Carolina Columbia, SC 29208 gudkov@sc.edu; jjohnson@sc.edu
More informationA Survey on Intrusion Detection System with Data Mining Techniques
A Survey on Intrusion Detection System with Data Mining Techniques Ms. Ruth D 1, Mrs. Lovelin Ponn Felciah M 2 1 M.Phil Scholar, Department of Computer Science, Bishop Heber College (Autonomous), Trichirappalli,
More informationVisualization of General Defined Space Data
International Journal of Computer Graphics & Animation (IJCGA) Vol.3, No.4, October 013 Visualization of General Defined Space Data John R Rankin La Trobe University, Australia Abstract A new algorithm
More informationRobust Preprocessing and Random Forests Technique for Network Probe Anomaly Detection
International Journal of Soft Computing and Engineering (IJSCE) Robust Preprocessing and Random Forests Technique for Network Probe Anomaly Detection G. Sunil Kumar, C.V.K Sirisha, Kanaka Durga.R, A.Devi
More informationNetwork Intrusion Detection Using an Improved Competitive Learning Neural Network
Network Intrusion Detection Using an Improved Competitive Learning Neural Network John Zhong Lei and Ali Ghorbani Faculty of Computer Science University of New Brunswick Fredericton, NB, E3B 5A3, Canada
More informationData Mining for Network Intrusion Detection
Data Mining for Network Intrusion Detection S Terry Brugger UC Davis Department of Computer Science Data Mining for Network Intrusion Detection p.1/55 Overview This is important for defense in depth Much
More informationA WEB APPLICATION DETECTING DOS ATTACK USING MCA AND TAM
A WEB APPLICATION DETECTING DOS ATTACK USING MCA AND TAM Pratik Sawant 1, Minal Sable 2, Pooja Kore 3, Shital Bhosale 4 1 BE Student, JSPM s Imperial College Of Engineering And Research, Pune,, India 2
More informationDetection of Distributed Denial of Service Attack with Hadoop on Live Network
Detection of Distributed Denial of Service Attack with Hadoop on Live Network Suchita Korad 1, Shubhada Kadam 2, Prajakta Deore 3, Madhuri Jadhav 4, Prof.Rahul Patil 5 Students, Dept. of Computer, PCCOE,
More informationCredit Card Fraud Detection Using Self Organised Map
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 13 (2014), pp. 1343-1348 International Research Publications House http://www. irphouse.com Credit Card Fraud
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationHIDS and NIDS Hybrid Intrusion Detection System Model Design Zhenqi Wang 1, a, Dankai Zhang 1,b
Advanced Engineering Forum Online: 2012-09-26 ISSN: 2234-991X, Vols. 6-7, pp 991-994 doi:10.4028/www.scientific.net/aef.6-7.991 2012 Trans Tech Publications, Switzerland HIDS and NIDS Hybrid Intrusion
More informationMedical Information Management & Mining. You Chen Jan,15, 2013 You.chen@vanderbilt.edu
Medical Information Management & Mining You Chen Jan,15, 2013 You.chen@vanderbilt.edu 1 Trees Building Materials Trees cannot be used to build a house directly. How can we transform trees to building materials?
More informationMACHINE LEARNING & INTRUSION DETECTION: HYPE OR REALITY?
MACHINE LEARNING & INTRUSION DETECTION: 1 SUMMARY The potential use of machine learning techniques for intrusion detection is widely discussed amongst security experts. At Kudelski Security, we looked
More informationMultivariate Correlation Analysis Technique BasedonEuclideanDistanceMapfor Network Traffic Characterization
Multivariate Correlation Analysis Technique BasedonEuclideanDistanceMapfor Network Traffic Characterization Zhiyuan Tan 1,2, Aruna Jamdagni 1,2,XiangjianHe 1, Priyadarsi Nanda 1, and Ren Ping Liu 2 1 Research
More informationAn Introduction to Data Mining. Big Data World. Related Fields and Disciplines. What is Data Mining? 2/12/2015
An Introduction to Data Mining for Wind Power Management Spring 2015 Big Data World Every minute: Google receives over 4 million search queries Facebook users share almost 2.5 million pieces of content
More informationTraffic Anomaly Detection Using K-Means Clustering
Traffic Anomaly Detection Using K-Means Clustering Gerhard Münz, Sa Li, Georg Carle Computer Networks and Internet Wilhelm Schickard Institute for Computer Science University of Tuebingen, Germany Abstract
More informationConclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
More informationDATA MINING TECHNIQUES AND APPLICATIONS
DATA MINING TECHNIQUES AND APPLICATIONS Mrs. Bharati M. Ramageri, Lecturer Modern Institute of Information Technology and Research, Department of Computer Application, Yamunanagar, Nigdi Pune, Maharashtra,
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of
More informationAutomated Malware Detection Based on Novel Network Behavioral Signatures
Automated Malware Detection Based on Novel Network Behavioral Signatures Maros Barabas, Ivan Homoliak, Michal Drozd, and Petr Hanacek 112 metrics divided into five categories according to their nature.
More informationNetwork Intrusion Detection using Random Forests
Network Intrusion Detection using Random Forests Jiong Zhang and Mohammad Zulkernine School of Computing Queen s University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract Network
More information