This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
This document discusses implementing an Intrusion Detection System (IDS) for WiFi security. The IDS would detect vulnerable activities of devices connected to the network and alert the system.
The paper provides background on common WiFi security vulnerabilities and attacks. It then describes the components and methodology of an IDS, including using sensors to monitor network traffic, analyzers to evaluate the traffic for attacks, and user interfaces to manage the system. The proposed IDS would collect network information using Wireshark, detect intrusions, and respond to threats to improve security for wireless networks.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
An Efficient Classification Mechanism For Network Intrusion Detection System Based on Data Mining
Techniques:A Survey..........................................................................................................................1
Subaira A. S. and Anitha P.
Automated Biometric Verification: A Survey on Multimodal Biometrics ..............................................1
Rupali L. Telgad, Almas M. N. Siddiqui and Dr. Prapti D. Deshmukh
Design and Implementation of Intelligence Car Parking Systems ........................................................1
Ogunlere Samson, Maitanmi Olusola and Gregory Onwodi
Intrusion Detection Techniques for Mobile Ad Hoc and Wireless Sensor Networks..............................1
Rakesh Sharma, V. A. Athavale and Pinki Sharma
Performance Evaluation of Sentiment Mining Classifiers on Balanced and Imbalanced Dataset ...........1
G.Vinodhini and R M. Chandrasekaran
Demosaicing and Super-resolution for Color Filter Array via Residual Image Reconstruction and Sparse
Representation..................................................................................................................................1
Jie Yin, Guangling Sun and Xiaofei Zhou
Determining Weight of Known Evaluation Criteria in the Field of Mehr Housing using ANP Approach ..1
Saeed Safari, Mohammad Shojaee, Mohammad Tavakolian and Majid Assarian
Application of the Collaboration Facets of the Reference Model in Design Science Paradigm ...............1
Lukasz Ostrowski and Markus Helfert
Personalizing Education News Articles Using Interest Term and Category Based Recommender
Approaches .......................................................................................................................................1
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET Journal
This document presents a review of a system called AI2 that uses machine learning and big data to defend against network attacks in real-time. The system has four key aspects: 1) a big data analytics platform to analyze network behavior, 2) an outlier detection system to identify abnormal behavior, 3) a mechanism for security analysts to provide feedback, and 4) a supervised learning module. It aims to overcome limitations of traditional rule-based security systems by combining machine learning and analyst intuition to more accurately detect new and unknown attacks.
REAL-TIME INTRUSION DETECTION SYSTEM FOR BIG DATAijp2p
The objective of the proposed system is to integrate the high volume of data along with the important
considerations like monitoring a wide array of heterogeneous security. When a real time cyber attack
occurred, the Intrusion Detection System automatically store the log in distributed environment and
monitor the log with existing intrusion dictionary. At the same time the system will check and categorize the
severity of the log to high, medium, and low respectively. After the categorization, the system will
automatically take necessary action against the user-unit with respect to the severity of the log. The
advantage of the system is that it utilize anomaly detection, evaluates data and issue alert message or
reports based on abnormal behaviour.
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logicijdpsjournal
This document summarizes a research paper on current studies of intrusion detection systems using genetic algorithms and fuzzy logic. The paper presents an overview of intrusion detection systems, including different techniques like misuse detection and anomaly detection. It discusses using genetic algorithms to generate fuzzy rules to characterize normal and abnormal network behavior in order to reduce false alarms. The paper also outlines the dataset, genetic algorithm approach, and use of fuzzy logic that are proposed for the intrusion detection system.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
In today's interconnected world, one of pervasive issue is how to protect system from intrusion based security attacks. It is an important issue to detect the intrusion attacks for the security of network communication.Denial of Service (DoS) attacks is evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money.Significance of Intrusion detection system (IDS) in computer network security well proven. Intrusion Detection Systems (IDSs) have become an efficient defense tool against network attacks since they allow network administrator to detect policy violations. Mining approach can play very important role in developing intrusion detection system. Classification is identified as an important technique of data mining. This paper evaluates performance of well known classification algorithms for attack classification. The key ideas are to use data mining techniques efficiently for intrusion attack classification. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms.
For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99
benchmark dataset and obtained reasonable detection rate.
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
A secure network forensics system for cyber incidents analysisSwapnil Jagtap
Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. (The term, attributed to firewall expert Marcus Ranum is borrowed from the legal and criminology fields where forensics pertains to the investigation of crimes.) According to Simson Garnkel, author of several books on security, network forensics systems can be one of two kinds.
Detecting Various Intrusion Attacks using A Fuzzy Triangular Membership FunctionIRJET Journal
This document discusses using a fuzzy triangular membership function to detect various types of intrusion attacks. It begins with an abstract that introduces the topic and importance of intrusion detection with the growth of computer networks and cyber attacks. It then provides background on intrusion detection systems, including how they work, common techniques like supervised learning, and the challenges with techniques like neural networks. The document focuses on using a fuzzy triangular membership function for intrusion detection and normalization of data. It reviews related literature on fuzzy logic approaches to intrusion detection and discusses the KDD dataset often used for testing intrusion detection systems.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
IRJET- A Review on Intrusion Detection SystemIRJET Journal
This document provides a review of intrusion detection systems (IDS). It discusses the purpose of IDS in monitoring networks to detect anomalous behavior and security exploits. The document outlines the basic components and architecture of IDS, including sensors to collect data, an analyzer to examine data for intrusions, a knowledgebase of activity logs and signatures, and a user interface. It also covers different types of attacks IDS aims to detect, such as denial-of-service, spoofing and probing attacks. Finally, the document summarizes the typical workflow of an IDS in collecting data, selecting relevant features for analysis, analyzing data for intrusions, and taking appropriate actions in response.
This document summarizes an international journal on information technology and management information systems. It discusses detecting and classifying attacks in a computer network. Existing approaches to intrusion detection include anomaly-based systems, host-based intrusion detection systems (HIDS), and network-based intrusion detection systems (NIDS). A multilayer perceptron (MLP) algorithm is commonly used for intrusion detection but has limitations. The paper proposes a modified apriori algorithm to generate rules for detecting and classifying attacks into categories and types to enable recommending appropriate responses.
This document summarizes an international journal on information technology and management information systems. It discusses detecting and classifying attacks in a computer network. Existing approaches to intrusion detection include anomaly-based systems, host-based intrusion detection systems (HIDS), and network-based intrusion detection systems (NIDS). A multilayer perceptron (MLP) algorithm is commonly used for intrusion detection but has limitations. The paper proposes a modified apriori algorithm to generate rules for detecting and classifying attacks into categories and types to enable recommending appropriate responses.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
Requirement Based Intrusion Detection in Addition to Prevention Via Advanced ...journal ijrtem
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network
activity and identify any suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the
main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS
essentially reviews your network traffic and data and will identify probes, attacks, exploits and other
vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an
alert, logging the event or even paging an administrator. In some cases, the IDS may be prompted to reconfigure
the network to reduce the effects of the suspicious intrusion. The proposed protocol called Password Guessing
Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for
legitimate users. PGRP limits the number of login attempts for unknown users. In additional we propose an attack
detector for cloud spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis.
Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also
capable of localizing the positions of the attackers
Requirement Based Intrusion Detection in Addition to Prevention Via Advanced ...IJRTEMJOURNAL
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network
activity and identify any suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the
main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS
essentially reviews your network traffic and data and will identify probes, attacks, exploits and other
vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an
alert, logging the event or even paging an administrator. In some cases, the IDS may be prompted to reconfigure
the network to reduce the effects of the suspicious intrusion. The proposed protocol called Password Guessing
Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for
legitimate users. PGRP limits the number of login attempts for unknown users. In additional we propose an attack
detector for cloud spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis.
Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also
capable of localizing the positions of the attackers.
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
IRJET- Machine Learning Processing for Intrusion DetectionIRJET Journal
This document evaluates different machine learning algorithms for network intrusion detection using the KDD dataset. It analyzes the accuracy of logistic regression, naive bayes, support vector machine, K-nearest neighbor, and decision tree classifiers based on their confusion matrices and receiver operating characteristic curves. The results show that the decision tree algorithm achieved the highest accuracy rate of 99.83% on the KDD dataset for intrusion detection.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
An Intrusion Detection based on Data mining technique and its intended import...Editor IJMTER
Intrusion detection is a pivotal and essential requirement of today’s era. There are two
major side of Intrusion detection namely, Host based intrusion detection as well as network based
intrusion detection. In Host based intrusion detection system, it monitors the information arrive at the
particular machine or node. While in network based intrusion system, it monitor and analyze whole
traffic of network. Data mining introduce latest technology and methods to handle and categorize
types of attacks using different classification algorithm and matching the patterns of malicious
behavior. Due to the use of this data mining technology, developers extract and analyze the types of
attack in the network.
In addition to this there are two major approach of intrusion detection. First, anomaly based approach,
in which attacks are found with high false alarm rate. However, in signature based approach, false
alarm rate is low with lack of processing of novel attacks. Most of the researchers do their research
based on signature intrusion with the purpose to increase detection rate. Major advantage of this
system, IDS does not require biased assessment and able to identify massive pattern of attacks.
Moreover, capacity to handle large connection records of network. In this paper we try to discover
the features of intrusion detection based on data mining technique.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Articles - International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
The document proposes a new system called PhishDect and Mitigator to detect and mitigate phishing attacks using software-defined networking (SDN). It uses deep packet inspection techniques and a convolutional neural network (CNN) to classify phishing signatures. Traffic is directed through either a "store and forward" or "forward and inspect" mode. In store and forward mode, packets are stored and inspected before forwarding. In forward and inspect mode, packets are forwarded first and then a copy is inspected. The system aims to overcome limitations of existing phishing detection methods.
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionBert Blevins
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
Measuring the Impact of Network Latency at TwitterScyllaDB
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
Measuring the Impact of Network Latency at Twitter
Ak03402100217
1. International Journal of Computational Engineering Research||Vol, 03||Issue, 4||
www.ijceronline.com ||April||2013|| Page 210
Review: Soft Computing Techniques (Data-Mining) On Intrusion
Detection
1,
Shilpa Batra , 2,
Pankaj Kumar, 3,
Sapna Sinha
1,2,3,
Amity School of Engineering and Technology, Amity University, Noida, U.P.
I. INTRODUCTION
In the recent study, it is being explored that the size of the data has increased worldwide. The need for
the larger and larger database has increased. Numerous social networking sites namely Facebook, Twitter etc.
use server and databases which stores information of users that are confidential. The latest trend has evoked the
use of net banking in which highly confidential data of user is transacted[2]. As the confidential data has grown
on network, network security has become more vital. Despite of using prevention techniques like firewalls and
secure architecture screening, IDS plays a pivotal role. IDS acts as a burglar or theft alarm which rings
whenever a thief tries to steal or hack any data over network. It is used to inform the SSO (Site Security Officer)
to defend and take appropriate action in response to the attack; .IDS strengthens the perimeter of the laid
network.There are various kinds of attackers but generally can be classified as two:- one who tries to hack the
password and steal the user information and the other who exploits its privileges at user level and want to play
with the system resources like files, directories and configuration etc.
Network attacks could be:-
[1] DOS (Denial of service):- It aims at limiting the server to provide a particular service to its clients by
flooding approach. The general method to do this is ping of death, SYN flags, overloading the target
machine.
[2] Probing: - It aims to achieve the computer configuration over network. This can be done by port scanning
and port sweeping.
[3] User to Root (U2R) attack: - Its motto is to access the administrator or super user privileges from a given
user on which the attacker has previously been given the user level access.
[4] Remote to Local (R2L) attack: - It aims to access the machine by a user which he cannot access by sending
message packets to it in order to expose its vulnerabilities. Example guest passwords send mail etc.ADAM
(AUDIT DATA ANALYSIS AND MINING) is an intrusion detection built to detect attacks on network
level. It uses training and actions mechanism. It classifies the cluster of attacks and alarms on abnormal
behaviour of the network.
Abstract:
With the tremendous growth of various web applications and network based services,
network security has become an alarming issue in the vicinity of IT engineers. As the numerous
amazing services come to the clients, so does the extensive growth of hackers on the backend.
Intrusion poses a serious security risk in the networking environment. Too often, intrusion arises
havoc in LANs and heavy loss of time and cost of repairing them. It is said that “prevention is better
than cure”, so intrusion prevention systems (IPS) and the intrusion detection system (IDS) are used.
In addition to the well established intrusion prevention schemes like encryption, client authorization
and authentication, IDS can be viewed as a safety belt or fence for network framework. As, the use of
interconnected networks have become common, so to have world-wide reports of vulnerabilities and
intrusive attacks on systems have increased. CERT noted that between 2000 and 2006 over 26,000
distinct vulnerabilities were reported. An intrusion, which is the set of actions that compromise the
integrity, confidentiality, or availability of any resource, and generally exploits one or more
bottlenecks of the network. In this paper, we describe various data mining approaches applied on IDS
that can be used to handle various network attacks and their comparative analysis.
Keywords: IDS (intrusion detection system), DOS (denial of service), U2R (user to root), R2L
(remote to local), ANN (artificial neural network), MLP (multi-layer perception), GA (genetic
algorithm).
2. Review: Soft Computing Techniques...
www.ijceronline.com ||April||2013|| Page 211
There are basically two major principles of intrusion detection namely anomaly detection and signature
based detection. The former method focuses on analysing the unexpected or abnormal behaviour of the system
attributes like deviated CPU cycles, abnormal output to a service requested by a client etc. The issue with using
this approach is that, it is difficult to compute the granular attribute characteristics; which are actually time
consuming and high rate of false alarm as it is difficult to built tools for such typical and to the depth
analysis[6].The latter focuses on determining some predefined signatures or footprints of the attackers who have
previously attempt to hack the system. These signatures are stored in KDD (knowledge databases). It is used by
expert systems to analyse the previously experienced attacks; but the problem is that it is difficult to keep the
records of the type of attacks, the attackers and the issue of storing and maintaining such a huge database of
footprints up to date.
Now, we come to the issue of how to implement IDS[5], .the pivotal issue is what to observe while
detecting the intrusion and that the source that gives rise to the attack. For this purpose, we take traces to analyse
through network log files or also called audits.Moving on to the nature of the source or stimulus of attack, we
come to how to observe the stimulus. For observing the point of view, we will use the security log audits, but it
is actually a cumbersome and frustrating task. As understanding logs that we need to observe are not actually
getting all the necessary traffic that we need, but a flood of network traffic that might be unusable to us.
Furthermore, it is not yet concluded that what type of traffic is useful in what kind of circumstances[8][10].This
brings us to the results of security logging-what can we observe or what we suspect to observe. Precisely
committing the log files is the aim. Henceforth, we need to govern or built rules to classify the data packets in
the routes to make IDS successful and effective. As the detector is used to sense the attack occurring in IDS, we
need to make an effective decision making IDS. The detector uses various approaches to react to an attack and
in the light of this, the main motivation for taking in depth approach to different kinds of detectors that has been
deployed on different networking environments.In this paper, we will cover various data mining approaches that
underlie the detector principles and mechanisms to react to the different kind of attacks and network layouts.
II. SYSTEM ATTRIBUTES AFFECTING IDS
These are the features that do not affect the detecting principles directly[13]. This divides the cluster of systems
based on their approaches to detecting the intrusion in audit data. Following are the vital points:-
[1] Detection time: - It covers two main genres, first: those attackers who try to attack in real time and these
need online data analysis and mining them. Second: It processes data with some delay that is non-real time
or offline. Although the online analysis can be time delaying to some extent but its computation is much
faster than offline.
[2] Stimulus of attack: - The source of attack is considered here. The data for analysis can be taken form two
resources: network logs and host logs. The network logs are implemented in NIDS (Network intrusion
detection systems) and host logs are used in HIDS (host based intrusion detection).The host log contains
kernel logs, application program logs etc. The network log contains the filtered traffic form equipments like
routers and firewalls.
[3] Depth of data processing: - The mechanism of data processing could be either continuous data processing or
batch processing. In continuous processing all the data traffic running is processed together. While in batch
processing, the data is taken in lumps to process. But these terms could be used interchangeably in real time
or online data analysis in IDS.
[4] Reaction to the detected attack: - There are two main types of responses to the detected attacks by IDS
namely passive and active reactions or response. The passive system responds by notifying on the attack
and do not come to remove the affected area of intrusion directly. While the active system comes to
eradicate the effect to attack and can be further classified into two categories: firstly, that modifies the state
of the attacked system in order to fight back example: terminating the network sessions. Secondly, in
response to a detected attack, it attacks back the hacker in order to remove him from his platform.
III. A CLOSER VIEW TO THE DATA MINING APPROACHES IN IDS
3.1 Fuzzy Logic:
It is a form of many valued logic or probabilistic logic that deals with reasoning that is either in true or
false form. They range in the degree of 0 or 1. Fuzzy logic is applicable to fuzzy set theory which defines
operator on fuzzy set. IF-THEN rules are constructed
3. Review: Soft Computing Techniques...
www.ijceronline.com ||April||2013|| Page 212
The syntax is: IF variable IS event THEN respond The AND, OR & NOT are the Boolean logical operations
used. When combined with minimum maximum and compliment, they are called Zadeh operators. Fuzzy
relations are stored in the form of relational database. The first fuzzy relation was shown in Maria Zemankoras
dissertation. By combining fuzzy logic with data mining the problem of sharp boundary and false positive errors
is overcome. This approach can be used with both anomaly as well as signature based IDS. It can be
implemented in real time environment. Classification of parameters like SYN flags, FIN flags and RST Flags in
TCP headers can be done using fuzzy logic. AN intelligent intrusion detection model integrates fuzzy logic with
data mining in two ways; that is fuzzy association rule and fuzzy frequency episode. It integrates both the
network level and machine level information. The fuzzy logic represents the commonly found patterns and
trends in association rules[1]. For instance occurrence of event X in Y. A variable S (support) tells how often X
comes in Y and C (confidence) tells how often Y is associated with X. For example, say sample fuzzy is:
{RN=LOW, SN=LOW}-{FN=LOW}
C=0.67 & S=0.45, this can be interpreted as SN, FN & RN occurred in 45% of the training sets and the
probability of FN occurring at the same time as SN and RN is 67%. In order to implement data mining in
anomaly detection approach, mine a set of fuzzy association rules from data set with no anomalies, then given a
new data, mine fuzzy association rules on this and compare the similarities of the set of rules mined from new
data and normal data.Given a fuzzy episode R: {e1, e2….ek-1} -- {ek }, C, S, w; If {e1, e2….ek-1 } has occurred
in the given sequence, then { ek } could be predicted as next to occur event. If the next event does not match any
prediction from the rule set then the IDS will alarm it as anomaly. Percentage of anomaly detected can be
calculated by the number of anomalies and the number of events occurring. It can be written as:Percentage
anomaly= number of anomalies/ number of events.Features selected for IP spoofing and port scanning attacks
can be source IP FYN, data size and port number and source IP destination IP, source port and data size
respectively.
Fig: 1 depicts the implementation of fuzzy rule set and episodes over IDS[1]
3.2 Graph based approach (GrA) :
The graph based approach was developed at UC Davis computer lab that collects data about host and
network traffic. Then it aggregates information into activity graphs; that deals with the causal relationship of
network activities. The analysis could be done using dedicated hardware like RMON/RMONII. This machine is
quick enough to cope up with the speed of network.For the implementation of the graphical data mining
approach, we need a supervised network in which modules like packet sniffing, traffic matrix construction,
graph clustering, event generation and visualisation are set up. In the graph, the computers in the network layout
are represented by node and communication among them is represented by subsequent edges weighted by the
amount of data exchanged. Various graph clustering algorithm are then implemented.
Assume we have a graph G with V vertices and E edges then[3]:
G= {V, E} having Cn clusters can be considered as
4. Review: Soft Computing Techniques...
www.ijceronline.com ||April||2013|| Page 213
C1= (V1, V2, V3)
C2= (V4, V5)
:
:
:
Cn = (Vn-1, Vn)
Then, G=C1 U C2 U C3 U C4……………..Cn
Such that Ci ∩ Cj= Φ
There are various algorithms applied for graph computation namely: hierarchal and non-hierarchal
algorithms. The former creates the hierarchy of clusters by subdivision of clusters or combining them.In an
agglomerative algorithm, the entire graph forms initially a single cluster which is then subdivided. The latter
divides the graph into clusters within one step.Graph visualisation of network traffic is a vital task for planning
and managing large network. The network layout is done generally in a geographical way. We cluster the nodes
in a structure and this helps to analyse the modification of the network behaviour. A special benefit of
visualisation is it is capable of diagnosing modifications in the network structure by building traffic matrices.
Changes in network topology, network devices are the reasons for the modifications. Font and colour of nodes
indicate changes in their membership to different clusters. It is easy to detect the changes in computer behaviour
and information on nodes. The problem with IDS is the rate of false positive and false negative alarms.
Therefore, visualization helps in discovering false positive efficiently and reducing the number of false negative.
Graph drawing is the task of drawing a given graph on the platform. The tool first places the clusters on the
plane. The clusters added form a new graph; this visualisation helps the security manager to build his own
opinion on messages from event generation. For event generation, our system collects online network traffic and
implements clustering algorithms. Attributes like number of communicating nodes, found clusters ,minima,
maxima, out degree and in degree of graph; sink and source node in a cluster; the internal nodes in a cluster and
external edges in a cluster are collected. Modifications in a graph could be due to addition of new nodes, lost
nodes, splitting of clusters and merging of clusters.CLIQUE and PROCLUS are the methods applied for
dimension growth sub-space clustering and dimension reduction, sub space method respectively.
3.3 Neural Networks :
With the rapid expansion of computer networks security has become a very critical issue for computer
networks. Various soft computing based methods are being implemented for the development of IDS. A multi-
layer training technique is used to evolve a new data domain and offline analysis. Different neural network
structure are analysed with regards to the hidden layers. Soft computing is a general term used in context of
uncertainty and includes fuzzy logic, AI, Neural networks and genetic algorithms. The idea behind this is to
evolve a new and hidden connection records and generalise them. The neural network approach is appropriate
for offline data analysis. The training procedure of neural networks is done using validation methods.A non-real
time IDS is implemented using multilayer perception (MLP) model. ANN (Artificial Neural Network) is based
upon human nervous system processing. It comprises of large number of inter connected processing units called
neurons co-ordinating with each other to solve a particular problem. Each processing unit acts upon an
activation function. The output of each subsequent layer acts as an input to the next layer. The mechanism of
working in ANN is; feed the uppermost layer with input domain and check how closely the actual output for a
specific input matches the desired output. Change the weights attached to each layer accordingly. If an unknown
input is given to the ANN it presents the output as irrelevant that time but corresponds to that input set.
In IDS, the ANN is implemented by training neurons with the sequence of log audit files and sequence
of commands. For the first time when the ANN is fed with current commands it is compared with past W
commands (W is the size of window command under examination). Once the ANN is trained with user profile
and put into action, it can discover the user behaviour deviation. The next time it is logged in. It is suitable to
analyse a small network of computers ranging from 10-15 and analyse a single user command for the whole day.
There are numerous commands which describe the user behaviour. Neural networks in the past study were
implemented in the UNIX lab for detecting attack specific keywords for host based attacks.A neural network
produces two kinds of output in multilayer perception namely normal & abnormal. The output generated is in
the form of binary digits 0&1. However, neural network is not capable of identifying attack type. During
training phase the neural networks are fed and forward with inputs that are class of network connections and
audit logs. The neural network accepts the input processes it through its layered architecture and tries to output
the corresponding result. If the output is deviated the neural network gains the knowledge of abnormality and
alarms about the attack. In a recent study, data sets contain each event combined with 41 features which were
grouped as connection sets, properties of connections etc.
5. Review: Soft Computing Techniques...
www.ijceronline.com ||April||2013|| Page 214
For example, cluster 1 contains the commands used in the connections like file creation, number of root
access; cluster 2 includes connection specifications like protocol type service type, duration, number of bytes
etc. During investigation it turned out that features like urgent, number of failed logins, is_host_login etc. where
playing no role in ID. However, making the data set time consuming and complicated. Therefore, these were
removed later. The different possible values were allotted to the rest of the features like TCP=1, UDP=2 etc.
The ranges of attributes were different and incompatible and therefore there values were normalised by binary
mapping. ANN is efficient to solve a multiclass problem. A binary set approach is used to denote the attack type
to feed the neural networks. For example, if an attack is given a value of [0 1 1] and the output generated is [1 1
0]. It is considered as irrelevant. A three layer Neural Network means it has two hidden layers. The uppermost
layer is considered as input or buffer layer because no processing task takes place. The cost of neural networks
increases as the number of hidden layer increases. But by increasing the number of layers the efficient
approximation and accuracy of anomaly detection increases. If we use the neural network of two layers the
training cost and time are less. Various tools are used in MATLAB that allows the user to specify the number of
layers and activation functions to the layers of ANN[4].
Fig: 2. Working of Neural Network
3.4 Genetic algorithm (GA):
Genetic algorithm is one of the soft computing skills based on the mechanism of evolution and natural
selection. The input data set is a set of chromosomes and evolves the next generation of chromosomes using
selection, crossover and mutation. The input data set is randomly selected. The problem to be solved is divided
into desired input domain. The chromosomes selected are converted into bits, characters or numbers. They are
positioned as genes. The set of chromosomes are considered as population. An evaluation function is used to
calculate fitness or goodness of each chromosome[7]. Two basic operators are used for reproduction that is
crossover and mutation. The best individual chromosome is finally selected for optimization criteria.
The rules used in GA are represented by:
IF {condition} THEN {action};
The conditions to detect the intrusion is generally the current network traffic or connection details like source IP
address, destination IP address, port numbers (like TCP, UDP), duration of the connection, protocols used. The
action taken in accordance to the security policies are followed by the organisation like alerting the admin by
alarm or terminating a connection.
Example IF (the connection having the properties)
Source IP=125.168.90.01;
Destination IP=145.165.10.90;
Destination port=21;
Time=0.2;
THEN (alert by alarming)
6. Review: Soft Computing Techniques...
www.ijceronline.com ||April||2013|| Page 215
Fig.3. Attribute of Genetic Algorithm
The parameters in GA are the evaluation functions which determine whether the connection matches the pre-
defined data set and multiply the weights of the field. The matched value ranges from 0 to 1.
Outcome=summation (matched values*weights attached);
Destination IP address is the target of the attack while the source IP is the originator (stimulus) of intrusion. The
destination port number indicates the application of the target system to be attacked like FTP, DNS etc.
The suspicious level is the threshold that indicates the extent to which two network connections are considered
“matched”.
Ω= (outcome-suspicious level);
If a mismatch occurs, the penalty value is computed. The ranking in the equation determines the level of ease of
identifying an intrusion represented as:
Penalty= (Ω * ranking / 100);
The fitness of a chromosome is computed as:
Fitness=1 – penalty
The Fitness value ranges from 0 to 1.
The mechanism for GA can be followed as:-
Pass 1: Gather the input set and initialise the population in any order (arbitrarily)
Pass 2: Do the summation of the records
Pass 3: the new population of chromosomes are produced.
Pass 4: Calculate the result by implementing Crossover operator to the Chromosome
Pass 5: Apply Mutation operator to the chromosome
Pass 6: Evaluate Fitness f(x) = f(x) / f (sum)
Where, f(x) is the fitness of individual x
and f is the sum of fitness of all individuals in a pop
Pass 7: Rank Selection Ps (i) = r (i) / rsum
Where, Ps (i) is probability of selection Individual r(i) is rank of Individuals rsum is sum of all fitness values.
Pass 8: Choose the top best 60% of Chromosomes Into new population
Pass 9: if the number of generations is not reached, go to Pass 3[7][11][12].
Fig: 4 Working of Genetic Algorithm
7. Review: Soft Computing Techniques...
www.ijceronline.com ||April||2013|| Page 216
As there are various types of attacks which can be listed as:
DOS attack: Smurf, Neptune, Pod
U2R:buffer overflow, Perl
R2L:guest password, ftp write, phf, spy
Probe: satan, IPsweep, portsweep
There are various samples Rule sets used to determine the types of attacks by using GA approach. For instance:
[1] IF (duration=0 and protocol=ICMP) THEN (smurf)
[2] IF (duration=0 and protocol=TCP and host_srv_count is greater than 1 and less than 128) THEN (Perl (u2R
attack))
[3] IF (duration=0 to 289, protocol=UDP and src_bytes=0) THEN (guess password)
There is numerous work done related to GA like: Lu developed a method to determine a set of rule classification
with the help of past data of networks; Xiao detected abnormal behaviour of networks by using mutual
information and complexity reduction; Li implemented GA by using quantitative features.
IV. CONCLUSION
Fuzzy logic is one of the soft computing technique efficient in implementation of rule based data
mining on intrusion over non fuzzy data sets. Although much of the success has been achieved by using this
technique yet it is needed to be applied on high speed workstations and misuse rule base is still in progress by
using fuzzy association rules. The fuzzy is now days optimised by the integration of genetic algorithm with it[1].
In graph based approach, The visualization helps the security manager to get insight to the current usage of the
computer network[3]. He has the possibility to learn more about the reasons for events or warnings from his
intrusion detection system. This form of presentation helps detecting false positives. The event generating
system has to be improved. The concepts are interesting, but additional work is needed to optimize the process.
It is possible to automatically detect anomalies in the communication structure of a surveyed network, but the
goal of detecting a large number of different attacks is not yet reached. Integration in the existing intrusion
detection system is planned for the near future. Additional graph algorithms, especially clustering algorithms
will be tested and compared with the used ones. More features shall be extracted from the clustered traffic
graphs and different learning methods will be tested. The visualization will be optimized to the needs of the
permanent usage of the system. An approach for a neural network based intrusion detection system, intended to
classify the normal and attack patterns and the type of attacks. It should be mentioned that the long training time
of the neural network was mostly due to the huge number of training vectors of computation facilities. However,
when the neural network parameters were determined by training, classification of a single record was done in a
negligible time[4].
Therefore, the neural network based IDS can operate as an online classifier for the attack types that it
has been trained for. The only factor that makes the neural network off-line is the time used for gathering
information necessary to compute the features. The basic problem with ANN is the over fitting, it is alright to
use a small data set but becomes cumbersome as the size of the data increases. The paper presents the Genetic
Algorithm for the Intrusion detection system for detecting DoS, R2L, U2R, Probe. The time to get thorough
with the features to describe the data will be reduced with a combination of Genetic Algorithm based IDSs. This
provides a high rate of the rule set for detecting different types of attacks. The results of the experiments are
good with an 83.65% of average success rate and got satisfied. Presently, systems are more flexible for usage in
different application areas with proper attack taxonomy. As the intrusions are becoming complex and alter
rapidly an IDS should be capable to compete with the thread space. Genetic Algorithm detects the intrusion
while correlation techniques identify the features of the network connections. Optimizing the parameters present
in the algorithm reduces the training time. More reduction techniques may be referred to get valuable features in
future
REFERENCES
[1] Susan M. Bridges, Rayford B. Vaughn „FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION
DETECTION‟ 23rd National Information Systems Security Conference October 16-19, 2000.
[2] Bertrand Portier, Froment-Curtil Data Mining Techniques for Intrusion Detection.
[3] Jens Tölle, Oliver Niggemann „Supporting Intrusion Detection by Graph Clustering and Graph Drawing‟.
[4] Mehdi Moradi, Mohammad Zulkernine „A Neural Network Based System for Intrusion Detection and Classification of Attacks‟
Natural Sciences and Engineering Research Council of Canada (NSERC).
[5] Jungwon Kim, Peter J. Bentley, UWE Aikckelin, Julie Greensmith, Gianni Tedesco, Jamie Twycross „Immune system
approaches to intrusion detection –a review‟ Natural Computing (2007) 6:413–466 _ Springer 2007DOI 10.1007/s11047-006-
9026-4, Springer 200