Intrusion Detection. Jeffrey J.P. Tsai. Imperial College Press. A Machine Learning Approach. Zhenwei Yu. University of Illinois, Chicago, USA



Similar documents
Network Machine Learning Research Group. Intended status: Informational October 19, 2015 Expires: April 21, 2016

Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup

The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Federico Rajola. Customer Relationship. Management in the. Financial Industry. Organizational Processes and. Technology Innovation.

Intrusion Detection for Mobile Ad Hoc Networks

KEITH LEHNERT AND ERIC FRIEDRICH

How To Prevent Network Attacks

Data Mining for Network Intrusion Detection

Data Mining Part 5. Prediction

WINSOME: a Middleware Platform for the Provision of Secure Monitoring Services over Wireless Sensor Networks

Data Mining for Customer Service Support. Senioritis Seminar Presentation Megan Boice Jay Carter Nick Linke KC Tobin

Welcome. Data Mining: Updates in Technologies. Xindong Wu. Colorado School of Mines Golden, Colorado 80401, USA

Learning is a very general term denoting the way in which agents:

Hybrid Model For Intrusion Detection System Chapke Prajkta P., Raut A. B.

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Machine Learning: Overview

Application of Data Mining Techniques in Intrusion Detection

Master of Science in Computer Science

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

Observation and Findings

Practical Applications of DATA MINING. Sang C Suh Texas A&M University Commerce JONES & BARTLETT LEARNING

A Review of Data Mining based Intrusion Detection Techniques

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection

A survey on Data Mining based Intrusion Detection Systems

INTRUSION DETECTION SYSTEM ON MOBILE AD HOC NETWORK

Machine Learning. Chapter 18, 21. Some material adopted from notes by Chuck Dyer

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM

NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL

A Hybrid Intrusion Detection System of Cluster-based Wireless Sensor Networks

CHAPTER 1 INTRODUCTION

How To Detect An Attack On A Storage Area Network (San)

Development of a Network Intrusion Detection System

Hybrid Intrusion Detection System Model using Clustering, Classification and Decision Table

Master s Program in Information Systems

Data Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila

Performance Evaluation of Intrusion Detection Systems

Contents. Dedication List of Figures List of Tables. Acknowledgments

A Model-based Methodology for Developing Secure VoIP Systems

Data Mining and Neural Networks in Stata

Introduction to Cyber Security / Information Security

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

A Partially Supervised Metric Multidimensional Scaling Algorithm for Textual Data Visualization

Efficient Security Alert Management System

Data Mining: Concepts and Techniques. Jiawei Han. Micheline Kamber. Simon Fräser University К MORGAN KAUFMANN PUBLISHERS. AN IMPRINT OF Elsevier

A Survey on Intrusion Detection System with Data Mining Techniques

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

How To Get A Computer Engineering Degree

Network Intrusion Detection using Semi Supervised Support Vector Machine

Security Issues in SCADA Networks

Doctor of Philosophy in Computer Science

Introduction to Machine Learning Lecture 1. Mehryar Mohri Courant Institute and Google Research

Network Intrusion Detection Systems

Access Control And Intrusion Detection For Security In Wireless Sensor Network

Developing Network Security Strategies

Data Mining. 1 Introduction 2 Data Mining methods. Alfred Holl Data Mining 1

Mining. Practical. Data. Monte F. Hancock, Jr. Chief Scientist, Celestech, Inc. CRC Press. Taylor & Francis Group

HYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK

International Journal of Computer Science Trends and Technology (IJCST) Volume 2 Issue 3, May-Jun 2014

Integration Misuse and Anomaly Detection Techniques on Distributed Sensors

A Survey on Intrusion Detection using Data Mining Technique

FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION

SURVEY OF INTRUSION DETECTION SYSTEM

SOME CLUSTERING ALGORITHMS TO ENHANCE THE PERFORMANCE OF THE NETWORK INTRUSION DETECTION SYSTEM

STANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS

IDS / IPS. James E. Thiel S.W.A.T.

Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks

DATA MINING TECHNIQUES AND APPLICATIONS

Weighted Total Mark. Weighted Exam Mark

Azure Machine Learning, SQL Data Mining and R

An analysis of suitable parameters for efficiently applying K-means clustering to large TCPdump data set using Hadoop framework

DATA MINING USING INTEGRATION OF CLUSTERING AND DECISION TREE

CSCE 465 Computer & Network Security

Software Development Training Camp 1 (0-3) Prerequisite : Program development skill enhancement camp, at least 48 person-hours.

A Technical Review on Intrusion Detection System

Essential Components of an Integrated Data Mining Tool for the Oil & Gas Industry, With an Example Application in the DJ Basin.

CONTENTS PREFACE 1 INTRODUCTION 1 2 DATA VISUALIZATION 19

CNA 432/532 OSI Layers Security

Wireless Intrusion Detection Systems (WIDS)

Testing Of Network Intrusion Detection System

Intrusion Detection System using Log Files and Reinforcement Learning

REVIEW OF ENSEMBLE CLASSIFICATION

INTRUSION DETECTION SYSTEMS and Network Security

Data Mining. Concepts, Models, Methods, and Algorithms. 2nd Edition

A Dynamic Flooding Attack Detection System Based on Different Classification Techniques and Using SNMP MIB Data

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

R s and Predictive Modeling Boot Camp Nov. 8-9, Session #1: Predictive Modeling: An Overview Syed Muzayan Mehmud, ASA, FCA, MAAA

Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques

BIOINF 585 Fall 2015 Machine Learning for Systems Biology & Clinical Informatics

An Introduction to Data Mining

Semi-Supervised and Unsupervised Machine Learning. Novel Strategies

A Review on Hybrid Intrusion Detection System using TAN & SVM

Intrusion Detection Systems, Advantages and Disadvantages

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

A New Method for Traffic Forecasting Based on the Data Mining Technology with Artificial Intelligent Algorithms

Review Article Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor Networks

Role of Anomaly IDS in Network

International Journal of Computer Science and Applications Vol. 6, No. 3, pp 20 32, 2009

Transcription:

SERIES IN ELECTRICAL AND COMPUTER ENGINEERING Intrusion Detection A Machine Learning Approach Zhenwei Yu University of Illinois, Chicago, USA Jeffrey J.P. Tsai Asia University, University of Illinois, Taiwan Chicago, USA Imperial College Press

Contents Preface vii 1. Introduction 1 1.1 Background 1.2 Existing Problems 3 1.2.1 Alarm management 3 1.2.2 Performance maintenance 4 1 2. Attacks and Countermeasures in Computer Security 7 2.1 General Security Objectives 7 2.1.1 Accountability 7 2.1.2 Assurance 8 2.1.3 Authentication 8 2.1.4 Authorization 8 2.1.5 Availability 8 2.1.6 Confidentiality 9 2.1.7 Integrity 9 2.1.8 Non-repudiation 9 2.2 Types of Attacks 10 2.2.1 Attacks against availability.... 10 2.2.2 Attacks against confidentiality... 11 2.2.3 Attacks against integrity 12 2.2.4 Attacks against miscellaneous security objectives 13 2.3 Countermeasures of Attacks 14 2.3.1 Authentication 15 2.3.2 Access control 16 2.3.3 Audit and intrusion detection 20 ix

x Intrusion Detection: A Machine Learning Approach 2.3.4 Extrusion detection 22 2.3.5 Cryptography 23 2.3.6 Firewall 26 2.3.7 Anti-virus software 28 3. Machine Learning Methods 31 3.1 Background 31 3.2 Concept Learning 31 3.3 Decision Tree 32 3.4 Neural Networks 32 3.5 Bayesian Learning 32 3.6 Genetic Algorithms and Genetic Programming 33 3.7 Instance-Based Learning 33 3.8 Inductive Logic Programming 34 3.9 Analytical Learning 34 3.10 Inductive and Analytical Learning 34 3.11 Reinforcement Learning 35 3.12 Ensemble Learning 35 3.13 Multiple Instance Learning 36 3.14 Unsupervised Learning 36 3.15 Semi-Supervised Learning 36 3.16 Support Vector Machines 37 4. Intrusion Detection System 39 4.1 Background 39 4.1.1 Security defense in depth 39 4.1.2 A brief history of intrusion detection 41 4.1.3 Classification of intrusion detection system... 41 4.1.4 Standardization efforts 43 4.1.5 General model of intrusion detection system... 43 4.2 Available Audit Data 44 4.2.1 System features 44 4.2.2 User activities 45 4.2.3 Network activities 46 4.3 Preprocess Methods 47 4.4 Detection Methods 49 4.4.1 Statistical analysis 49 4.4.2 Expert system 51

Contents x\ 4.4.3 Model-based system 51 4.4.4 State transition-based analysis 52 4.4.5 Neural network-based system 53 4.4.6 Data mining-based system 54 4.5 Architecture for Network Intrusion Detection System 56 Part A: Intrusion Detection for Wired Network 5. Techniques for Intrusion Detection 61 5.1 Available Alarm Management Solutions 61 5.1.1 Alarm correlation 61 5.1.2 Alarm filter 62 5.1.3 Event classification process 63 5.2 Available Performance Maintenance Solutions 63 5.2.1 Adaptive learning 63 5.2.2 Incremental mining 64 6. Adaptive Automatically Tuning Intrusion Detection System 65 6.1 Architecture 65 6.2 SOM-Based Labeling Tool 65 6.2.1 Training algorithm 66 6.2.2 Pre-cluster by symbolic features 68 6.2.3 Cluster by SOM 68 6.2.4 Label data in clusters 70 6.3 Hybrid Detection Model 71 6.3.1 Binary SLIPPER rule learning system 71 6.3.2 Binary classifiers 74 6.3.3 Final arbiter 74 6.3.4 Detection model tuning 79 6.3.5 Fuzzy prediction filter 86 6.3.6 Fuzzy tuning controller 96 7. System Prototype and Performance Evaluation 101 7.1 Implementation of Prototype 101 7.1.1 Fuzzy controller 101 7.1.2 Binary prediction and model tuning thread 101... 7.1.3 Final arbiter and prediction filter thread 102

xjj Intrusion Detection: A Machine Learning Approach 7.1.4 User simulator thread 102 7.1.5 Interface for fuzzy knowledge base 103 7.2 Experimental Data set and Related Systems 103 7.2.1 KDDCup'99 intrusion detection data set 103 7.2.2 Performance evaluation method 105 7.2.3 Related IDSs on KDDCup'99 ID data set 108 7.3 Performance Evaluation 112 7.3.1 SOM-based labeling tool performance 112 7.3.2 Build hybrid detection model 114 7.3.3 The MC-SLIPPER system and test performance 116 7.3.4 The ATIDS system and test performance 125 7.3.5 The ADAT IDS system and test performance... 133 Part B: Intrusion Detection for Wireless Sensor Network 8. Attacks against Wireless Sensor Network 141 8.1 Wireless Sensor Network 141 8.2 Challenges on Intrusion Detection in WSNs 142 8.3 Attacks against WSNs 143 9. Intrusion Detection System for Wireless Sensor Network 147 9.1 Architecture of IDS for WSN 147 9.2 Audit Data in WSN 149 9.2.1 Local features for LIDC in WSN 150 9.2.2 Packet features for PIDC in WSN 152 9.3 Detection Model and Optimization 153 9.4 Model Tuning 155 10. Conclusion and Future Research 157 Cited Literature 159 Index 169

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information