Computational intelligence in intrusion detection systems



Similar documents
An Artificial Immune Model for Network Intrusion Detection

Artificial Immune Systems and Applications for Computer Security

Projects - Neural and Evolutionary Computing

Name (print) Name (signature) Period. (Total 30 points)

Overview. Swarms in nature. Fish, birds, ants, termites, Introduction to swarm intelligence principles Particle Swarm Optimization (PSO)

D A T A M I N I N G C L A S S I F I C A T I O N

specific B cells Humoral immunity lymphocytes antibodies B cells bone marrow Cell-mediated immunity: T cells antibodies proteins

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM

A Survey on Intrusion Detection System with Data Mining Techniques

The Use of Computational Intelligence in Intrusion Detection Systems: A Review

Credit Card Fraud Detection Using Self Organised Map

A DETECTOR GENERATING ALGORITHM FOR INTRUSION DETECTION INSPIRED BY ARTIFICIAL IMMUNE SYSTEM

The Immune System: A Tutorial

Chapter 43: The Immune System

Keywords - Algorithm, Artificial immune system, Classification, Non-Spam, Spam

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Microbiology AN INTRODUCTION EIGHTH EDITION

Practical Applications of Evolutionary Computation to Financial Engineering

One of the more complex systems we re looking at. An immune response (a response to a pathogen) can be of two types:

Manjeet Kaur Bhullar, Kiranbir Kaur Department of CSE, GNDU, Amritsar, Punjab, India

Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.

Intrusion Detection for Grid and Cloud Computing

A survey on Data Mining based Intrusion Detection Systems

Immunity. Humans have three types of immunity innate, adaptive, and passive: Innate Immunity

Robust Preprocessing and Random Forests Technique for Network Probe Anomaly Detection

Bio 20 Chapter 11 Workbook Blood and the Immune System Ms. Nyboer

The Immune System. 2 Types of Defense Mechanisms. Lines of Defense. Line of Defense. Lines of Defense

USING GENETIC ALGORITHM IN NETWORK SECURITY

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

Procedia Computer Science

A Systemic Artificial Intelligence (AI) Approach to Difficult Text Analytics Tasks

MACHINE LEARNING & INTRUSION DETECTION: HYPE OR REALITY?

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

The Body s Defenses CHAPTER 24

Adaptive Anomaly Detection for Network Security

Application of Data Mining Techniques in Intrusion Detection

A Software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection

Call for Paper Journal of Medical Imaging and Health Informatics Special issue on

AN APPROACH FOR SOFTWARE TEST CASE SELECTION USING HYBRID PSO

Data Security Strategy Based on Artificial Immune Algorithm for Cloud Computing

A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING

An ACO Approach to Solve a Variant of TSP

Honey Bee Intelligent Model for Network Zero Day Attack Detection

The Multi-Agents Immune System for Network Intrusions Detection (MAISID)

The Human Immune System

How To Prevent Network Attacks

Selective IgA deficiency (slgad)

A hybrid Approach of Genetic Algorithm and Particle Swarm Technique to Software Test Case Generation

An Efficient Three-phase Spam Filtering Technique

Building accurate intrusion detection systems. Diego Zamboni Global Security Analysis Lab IBM Zürich Research Laboratory

ANIMALS FORM & FUNCTION BODY DEFENSES NONSPECIFIC DEFENSES PHYSICAL BARRIERS PHAGOCYTES. Animals Form & Function Activity #4 page 1

Network Intrusion Detection Systems

FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION

1) Siderophores are bacterial proteins that compete with animal A) Antibodies. B) Red blood cells. C) Transferrin. D) White blood cells. E) Receptors.

SURVEY OF INTRUSION DETECTION SYSTEM

Basics of Immunology

Keywords - Intrusion Detection System, Intrusion Prevention System, Artificial Neural Network, Multi Layer Perceptron, SYN_FLOOD, PING_FLOOD, JPCap

A Neural Network Based System for Intrusion Detection and Classification of Attacks

Research Article EFFICIENT TECHNIQUES TO DEAL WITH BIG DATA CLASSIFICATION PROBLEMS G.Somasekhar 1 *, Dr. K.

10. T and B cells are types of a. endocrine cells. c. lymphocytes. b. platelets. d. complement cells.

DECISION TREE INDUCTION FOR FINANCIAL FRAUD DETECTION USING ENSEMBLE LEARNING TECHNIQUES

Intrusion Detection via Machine Learning for SCADA System Protection

Intrusion Detection Systems using Genetic Algorithms

Identifying Online Credit Card Fraud using Artificial Immune Systems

Dan French Founder & CEO, Consider Solutions

Increasing the Accuracy of a Spam-Detecting Artificial Immune System

Immunity Unit Test Z

Lymph capillaries, Lymphatic collecting vessels, Valves, Lymph Duct, Lymph node, Vein

System Specification. Author: CMU Team

Data Mining Application for Cyber Credit-card Fraud Detection System

Performance Evaluation of Intrusion Detection Systems using ANN

Conclusions and Future Directions

The Immune System. How your immune system works. Organs of the Immune System

Asthma (With a little SCID to start) Disclosures Outline Starting with the Immune System The Innate Immune System The Adaptive Immune System

Extraction of Satellite Image using Particle Swarm Optimization

Artificial Intelligence (AI)

Feature Subset Selection in Spam Detection

Network Machine Learning Research Group. Intended status: Informational October 19, 2015 Expires: April 21, 2016

International Journal of Computer Science Trends and Technology (IJCST) Volume 2 Issue 3, May-Jun 2014

Introduction. Swarm Intelligence - Thiemo Krink EVALife Group, Dept. of Computer Science, University of Aarhus

Using Genetic Algorithm for Network Intrusion Detection

Ant Colony Optimization and Constraint Programming

STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS

Neural Networks for Intrusion Detection and Its Applications

Activation and effector functions of HMI

Machine Learning. Chapter 18, 21. Some material adopted from notes by Chuck Dyer

Machine Learning: Overview

CS Master Level Courses and Areas COURSE DESCRIPTIONS. CSCI 521 Real-Time Systems. CSCI 522 High Performance Computing

CHAPTER 1 INTRODUCTION

Core Topic 2. The immune system and how vaccines work

Research on Network Security Situation Awareness Technology based on AIS SunJun Liu 1 1 Department of Computer Science

Transcription:

Computational intelligence in intrusion detection systems --- An introduction to an introduction Rick Chang @ TEIL

Reference The use of computational intelligence in intrusion detection systems : A review Shelly Xiaonan Wu, Wolfgang Banzhaf Applied Soft Computing 2009

Intrusion prevention techniques Intrusion detection systems (IDS) Fire walls Access control Encryption Data collection Data preprocessing Intrusion recognition Reporting Response

History of IDS 1987 early 1990s late 1990s D.E. Denning proposed an intrusion detection model Combinations of expert systems and statistical approaches Automated knowledge acquisition Combine with computational intelligence

Computational intelligence J.C. Bezdek (1994) : A system is computational intelligent when it: deals with only numerical (low-level) data, has pattern recognition components does not use knowledge in the artificial intelligence sense; and additionally when it (begins to) exhibit (i) computational adaptivity, (ii) computational fault tolerance, (iii) speed approaching human-like turnaround, and (iv) error rates that approximate human performance.

Computational intelligence Artificial neural networks Fuzzy sets Evolutionary computation methods Artificial immune systems Swarm intelligence Soft computing.

Roadmap Introduction to intrusion detection systems (IDS) Evolutionary computation methods Artificial immune systems Swarm intelligence Discussion

Intrusion detection system Solid lines : data/control flow Dashed lines : responses to intrusive activities.

Intrusion detection system IDS Misuse detection Anomaly detection Predefined descriptions of intrusive behaviors Supervised learning Fail easily when facing unknown intrusions Hypothesize that abnormal behavior is rare and different from normal behavior Unsupervised learning Difficulties: deficiency of abnormal samples, adaption to constantly changing normal behavior

Evolutionary computation

Evolutionary computation Genetic algorithms Automatic model structure design Classifiers Genetic programming Classifiers

Automatic model structure design Artificial neural networks need optimal structures. Clustering algorithms need the number of clusters. Use GA to search the right structure or parameters

Classifiers Classification rules Transformation functions GA: search the parameters GP: search the functions

Niching and fitness function Niching techniques are adopted. Fitness sharing, crowding, voting, token competition Fitness function Detection rate False positive rate Conciseness

Challenges No reasonable termination criterion Niching Distributed EC models Unbalanced data distribution

Artificial immune system

Human immune system Innate immune system Adaptive immune system

Innate immune system 1. Skin 2. Respiratory tract 3. Gastrointestinal tract 4. Urogenital tract ***CORPORATION 1. Phagocytosis 2. Inflammation 3. Complement 4. Interferon

Adaptive immune system 1. Skin 2. Respiratory tract 3. Gastrointestinal tract 4. Urogenital tract ***CORPORATION 1. Phagocytosis 2. Inflammation 3. Complement 4. Interferon

***CORPORATION Adaptive immune system

T-cell helper IL-1 IL-2 killer supressor memory M T4 IL-6 Plasm cell B-cell Ig ***CORPORATION memory

Normally, lymphocytes do not attack normal cells, why? Lymphocytes must be mature before leaving red bone marrow.

Maturation To avoid autoimmunity, T cells and B cells must pass a negative selection stage, where lymphocytes which match self cells are killed. (These mature lymphocytes have never encountered antigens.)

Artificial immune system (AIS) Anomaly detection Instead of building models for the normal, they generate non-self (anomalous) patterns by giving normal data.

Negative selection

Self non-self discrimination model

Lifespan model

An evolutionary AIS model Three stages : gene library evolution negative selection clonal selection Immature detectors, rather than generated randomly, are created by selecting and rearranging useful genes. The library evolves. The clonal selection detects various intrusions with a limited number of detectors, generates memory detectors, and drives the gene library evolution.

Challenges Fitting to real-world environments Avoid the scaling problem Detect and fill holes Estimate the coverage of rule sets Deal with a high volume and dimensional data Adapting to changes in self data Integrating immune responses

Swarm intelligence

Ant colony optimization Use ACO to keep track of intruder trails Identify affected paths of intrusion in a sensor network by investigating the pheromone concentration Clustering local strategy rules

Particle swarm optimization Learn classification rules divide-and-conquer : Use PSO to find the best rule covering current training set Remove those covered points

Discussion

Performance

Research

Challenges Good benchmark datasets Old and unrealistic Ability of adaptation to constantly changing environments intrusive behavior legitimate behavior systems networks

Thanks

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information