Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
This document summarizes various papers on developing intrusion detection systems using neural networks. It discusses different algorithms researchers have used to train neural networks for intrusion detection, including feed-forward neural networks, self-organizing maps, test driven development neural networks, combinations of supervised and unsupervised learning techniques, differential evolution, and backpropagation neural networks. Each algorithm has advantages and disadvantages. The document concludes that neural networks provide a flexible approach to intrusion detection and can learn new intrusion patterns, and proposes developing an additional level of protection using self-organizing maps to better detect intrusions.
Current issues - International Journal of Network Security & Its Applications...
nternational Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
11.a genetic algorithm based elucidation for improving intrusion detection th...
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions. The genetic algorithm evolves rules over generations to maximize fitness. Experiments show this approach can improve detection rates and reduce false alarms compared to existing intrusion detection systems.
1.[1 9]a genetic algorithm based elucidation for improving intrusion detectio...
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions with a condensed feature set. The genetic algorithm is used to evolve rules from the reduced training data, with a fitness function evaluating rule quality. Experiments and evaluations are conducted on the KDD Cup 99 dataset to test the proposed method.
A survey of Network Intrusion Detection using soft computing Techniqueijsrd.com
with the impending era of internet, the network security has become the key foundation for lot of financial and business application. Intrusion detection is one of the looms to resolve the problem of network security. An Intrusion Detection System (IDS) is a program that analyses what happens or has happened during an execution and tries to find indications that the computer has been misused. Here we propose a new approach by utilizing neuro fuzzy and support vector machine with fuzzy genetic algorithm for higher rate of detection.
This document discusses feature selection for intrusion detection systems. It analyzes the KDD 99 intrusion detection dataset and selects features relevant for detecting specific attacks. It performs experiments with manual feature selection, automatic feature selection, and no feature selection. For detecting Remote to Local (R2L) attacks, it selects 15 features from the KDD 99 dataset. It uses a random forest classifier on the reduced feature sets. The results show that manual feature selection achieves the highest detection rates for most attacks compared to automatic feature selection and using all features. In particular, it achieves rates of 73.33% for FTP write attacks and 99.96% for guess password attacks.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...ijaia
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So, these result in model not able to efficiently learn the characteristics of rare categories and this will result in poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...gerogepatton
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
This document summarizes various papers on developing intrusion detection systems using neural networks. It discusses different algorithms researchers have used to train neural networks for intrusion detection, including feed-forward neural networks, self-organizing maps, test driven development neural networks, combinations of supervised and unsupervised learning techniques, differential evolution, and backpropagation neural networks. Each algorithm has advantages and disadvantages. The document concludes that neural networks provide a flexible approach to intrusion detection and can learn new intrusion patterns, and proposes developing an additional level of protection using self-organizing maps to better detect intrusions.
Current issues - International Journal of Network Security & Its Applications...IJNSA Journal
nternational Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
11.a genetic algorithm based elucidation for improving intrusion detection th...Alexander Decker
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions. The genetic algorithm evolves rules over generations to maximize fitness. Experiments show this approach can improve detection rates and reduce false alarms compared to existing intrusion detection systems.
1.[1 9]a genetic algorithm based elucidation for improving intrusion detectio...Alexander Decker
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions with a condensed feature set. The genetic algorithm is used to evolve rules from the reduced training data, with a fitness function evaluating rule quality. Experiments and evaluations are conducted on the KDD Cup 99 dataset to test the proposed method.
IRJET- Improving Cyber Security using Artificial IntelligenceIRJET Journal
This document discusses using artificial intelligence techniques like machine learning algorithms to improve cyber security. It proposes a methodology that uses Splunk to extract relevant fields from cybersecurity data, feeds that into a K-means clustering algorithm to form attack clusters, then sends those clusters to individual artificial neural networks (ANNs). The aggregated ANN results are then fed into a support vector machine (SVM) which classifies attacks as malicious, non-malicious, or benign. Testing this approach on a dataset achieved a classification accuracy of over 92% when using Splunk, K-means, ANNs, and SVM together.
False positive reduction by combining svm and knn algoeSAT Journals
Abstract
With the growth of information technology. There emerges many intrusion detection problem such as cyber security. Intrusion detection system provides basic infrastructure to detect a number of attacks. This research work focuses on intrusion detection problem of network security. The main goal is to detect network behaviour as normal or abnormal. In this research work, two different machine learning algorithm have been combined together to reduce its weakness and takes positive feature of both algorithm. Its experimental results generates better result than other algorithm in terms of performance, accuracy and false positive rate. These combined algorithm has been applied on KDDCUP99 dataset to find better result by improving its performance, accuracy and reducing its false positive rate.
Keywords: Intrusion detection system, KDDCUP99 dataset, False positive rate.
IDS IN TELECOMMUNICATION NETWORK USING PCAIJCNCJournal
This document summarizes a research paper that proposes using principal component analysis (PCA) as a dimension reduction technique for intrusion detection systems (IDS). The paper applies PCA to reduce the number of features from 41 to either 6 or 10 features for the NSL-KDD dataset. One reduced feature set is used to develop a network IDS with high detection success and rate, while the other is used for a host IDS also with good detection success and very high detection rate. The paper outlines the process of applying PCA for IDS, including performing PCA on training data to identify principal components, then using those components to map new online data and detect intrusions based on deviation thresholds.
A SURVEY ON THE USE OF DATA CLUSTERING FOR INTRUSION DETECTION SYSTEM IN CYBE...IJNSA Journal
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
A NOVEL INTRUSION DETECTION MODEL FOR MOBILE AD-HOC NETWORKS USING CP-KNNIJCNCJournal
Mobile ad-hoc network security problems are the subject of in depth analysis. A group of mobile nodes area unit connected to a set wired backbone. In MANET, the node themselves implement the network management in a very cooperative fashion. All the nodes area unit accountable to create a constellation that is dynamically, modification it and conjointly the absence of any clear network boundaries. We tend to project a completely unique intrusion detection model for mobile ad-hoc network victimization. CP-KNN (Conformal Prediction K-Nearest Neighbor) algorithmic rule is to classify the audit knowledge for anomaly detection. The non-conformity score worth is employed to cut back the classification period of time for multi level iteration. It is effectively notice anomalies with high true positive rate, low false positive rate and high confidence that the progressive of assorted anomaly detection ways. Additionally it is interfered
by “noisy” knowledge (unclean data), the projected technique is strong, effective and conjointly it retains
its smart detection performance and to avoid the abnormal activity.
The document discusses how bioinformatics can be used to identify new cancer drug targets. It describes analyzing gene sequences to find homologs of known cancer genes. Microarray data can be mined to find genes that are differentially expressed in cancer versus normal tissues. Digital expression data from EST and SAGE tags provides another method to analyze gene expression levels in cancers. Integrating these diverse genomic and expression datasets through bioinformatics allows detection of cancer-causing mutations, gene amplifications and differentially expressed genes to identify potential new drug targets.
This document describes a study that developed an integrated biomedical ontology for extracting information from Medline abstracts about Alzheimer's disease. The ontology integrated the Gene Ontology and Medical Subject Headings by mapping gene names, GO terms, and MeSH keywords related to Alzheimer's. The integrated ontology was validated structurally, syntactically, and semantically. It was then used to discover significant associations between proteins, genes, and Alzheimer's disease extracted from Medline abstracts.
The document discusses the design and implementation of a virtual client honeypot to collect internet malware. A client honeypot is an active security system that simulates client-side software to detect attacks against clients. The proposed virtual client honeypot collects URLs from a database, launches them in a virtual machine, and monitors for malware downloads and changes to the file system and network activity. The honeypot was able to successfully collect malware samples and network packet captures from malicious websites exploiting client-side vulnerabilities.
3.[18 22]hybrid association rule mining using ac treeAlexander Decker
This document proposes a new hybrid algorithm called AC Tree (AprioriCOFI tree) for efficiently mining association rules from large datasets at multiple concept levels. The AC Tree algorithm combines aspects of the Apriori, FP-Tree, and COFI Tree algorithms. It first uses Apriori to identify frequent 1-itemsets, then constructs an FP Tree header table and builds smaller trees for each frequent item to mine patterns at different levels. Experimental results on a 20 Newsgroups dataset show that AC Tree outperforms Apriori, FP-Tree, and APFT algorithms by discovering more interesting patterns faster.
This article discusses opportunities and challenges for efficient parallel data processing in cloud computing environments. It introduces Nephele, a new data processing framework designed specifically for clouds. Nephele is the first framework to leverage dynamic resource allocation in clouds for task scheduling and execution. The article analyzes how existing frameworks assume static resource environments unlike clouds, and how Nephele addresses this by dynamically allocating different compute resources during job execution. It then provides initial performance results for Nephele and compares it to Hadoop for MapReduce-style jobs on cloud infrastructure.
A usability evaluation framework for b2 c e commerce websitesAlexander Decker
This document presents a framework for evaluating the usability of B2C e-commerce websites. It involves user testing methods like usability testing and interviews to identify usability problems in areas like navigation, design, purchasing processes, and customer service. The framework specifies goals for the evaluation, determines which website aspects to evaluate, and identifies target users. It then describes collecting data through user testing and analyzing the results to identify usability problems and suggest improvements.
Abnormalities of hormones and inflammatory cytokines in women affected with p...Alexander Decker
Women with polycystic ovary syndrome (PCOS) have elevated levels of hormones like luteinizing hormone and testosterone, as well as higher levels of insulin and insulin resistance compared to healthy women. They also have increased levels of inflammatory markers like C-reactive protein, interleukin-6, and leptin. This study found these abnormalities in the hormones and inflammatory cytokines of women with PCOS ages 23-40, indicating that hormone imbalances associated with insulin resistance and elevated inflammatory markers may worsen infertility in women with PCOS.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
This document discusses using a random forest classifier with feature selection to improve intrusion detection. It begins with background on intrusion detection systems and challenges. It then proposes using genetic algorithms for feature selection to identify the most important features from a dataset. A random forest classifier is used for classification, which combines decision trees to improve accuracy. The methodology involves feature selection, classification with random forest, and detection. Feature weights are calculated and cross-validation is used to analyze detection rates for individual attacks. The goal is to improve accuracy, reduce training time, and better detect minority attacks through this approach.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Visualize network anomaly detection by using k means clustering algorithmIJCNCJournal
With the ever increasing amount of new attacks in today’s world the amount of data will keep increasing,
and because of the base-rate fallacy the amount of false alarms will also increase. Another problem with
detection of attacks is that they usually isn’t detected until after the attack has taken place, this makes
defending against attacks hard and can easily lead to disclosure of sensitive information.
In this paper we choose K-means algorithm with the Kdd Cup 1999 network data set to evaluate the
performance of an unsupervised learning method for anomaly detection. The results of the evaluation
showed that a high detection rate can be achieve while maintaining a low false alarm rate .This paper
presents the result of using k-means clustering by applying Cluster 3.0 tool and visualized this result by
using TreeView visualization tool .
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
SURVEY OF NETWORK ANOMALY DETECTION USING MARKOV CHAINijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Constructing a predictive model for an intelligent network intrusion detectionAlebachew Chiche
This document presents a study that constructs a predictive model for network intrusion detection using data mining techniques. The study uses the KDD Cup 99 intrusion detection dataset to build classification models using J48 decision tree, JRip rule induction, Naive Bayes, and multilayer perceptron algorithms. The J48 decision tree algorithm achieved the highest accuracy of 99.91% and was selected to build the predictive model. This model was then integrated with a knowledge-based system to build an intelligent network intrusion detection system capable of automatically detecting network attacks, mapping detections to attack categories, and updating the training data over time. Experimental evaluation found the integrated system achieved 91.43% accuracy and 83% user acceptance in detecting network intrusions
This document proposes a new clustering approach for anomaly intrusion detection using a modified k-medoids clustering algorithm. The proposed algorithm aims to overcome the disadvantages of the traditional k-means algorithm such as dependence on initial centroids and cluster numbers. It applies k-medoids clustering with standardized data and removes empty clusters to eliminate degeneracy. An experiment on the KDD Cup 99 dataset shows the new algorithm achieves higher detection rates and accuracy compared to k-means, fuzzy c-means, and y-means algorithms, with a lower false alarm rate.
A new clutering approach for anomaly intrusion detectionIJDKP
Recent advances in technology have made our work easier compare to earlier times. Computer network is
growing day by day but while discussing about the security of computers and networks it has always been a
major concerns for organizations varying from smaller to larger enterprises. It is true that organizations
are aware of the possible threats and attacks so they always prepare for the safer side but due to some
loopholes attackers are able to make attacks.
Intrusion detection is one of the major fields of research and researchers are trying to find new algorithms
for detecting intrusions. Clustering techniques of data mining is an interested area of research for detecting
possible intrusions and attacks. This paper presents a new clustering approach for anomaly intrusion
detection by using the approach of K-medoids method of clustering and its certain modifications. The
proposed algorithm is able to achieve high detection rate and overcomes the disadvantages of K-means
algorithm.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
This document describes a proposed hybrid intrusion detection model that uses feature selection and machine learning algorithms with misuse detection. The model first selects important features from the NSL-KDD dataset and generates rules based on the behaviors of those features using J48 and CART algorithms. These rules are then used to build an intrusion detection framework that is tested on the NSL-KDD dataset, achieving an accuracy of 88.23%, outperforming other models that require prior learning of attacks. The proposed model works on the concept of misuse detection and can detect intrusions based on feature behaviors without any previous training.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not in the training data. Further combining the algorithms into a two-stage model is suggested to improve performance.
A combined approach to search for evasion techniques in network intrusion det...eSAT Journals
Abstract Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks. Keywords: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort
Intrusion Detection System Using Machine Learning: An OverviewIRJET Journal
This document provides an overview of machine learning approaches for intrusion detection systems (IDS). It discusses how IDS use data mining techniques like classification, clustering, and association rule mining to detect network intrusions based on patterns in data. The document reviews several papers applying methods like ant colony optimization, support vector machines, genetic algorithms, and convolutional neural networks to classify network activities as normal or intrusive. It compares the strengths and limitations of different machine learning algorithms for IDS and identifies areas for potential improvement in future research.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...ijceronline
This document proposes a new hybrid intrusion detection system based on data mining techniques to improve performance over traditional IDS. The system combines hierarchical clustering, C5.0 classification, and CHAID classification. First, hierarchical clustering is used to split network data into normal and anomalous clusters. Then C5.0 classification labels the clusters, and any misclassified data is classified again with CHAID classification. Experimental results on the KDD 99 dataset show the proposed system has higher accuracy and efficiency than existing IDS approaches.
Similar to Evaluation of network intrusion detection using markov chain (20)
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxSynapseIndia
Your comprehensive guide to RPA in healthcare for 2024. Explore the benefits, use cases, and emerging trends of robotic process automation. Understand the challenges and prepare for the future of healthcare automation
YOUR RELIABLE WEB DESIGN & DEVELOPMENT TEAM — FOR LASTING SUCCESS
WPRiders is a web development company specialized in WordPress and WooCommerce websites and plugins for customers around the world. The company is headquartered in Bucharest, Romania, but our team members are located all over the world. Our customers are primarily from the US and Western Europe, but we have clients from Australia, Canada and other areas as well.
Some facts about WPRiders and why we are one of the best firms around:
More than 700 five-star reviews! You can check them here.
1500 WordPress projects delivered.
We respond 80% faster than other firms! Data provided by Freshdesk.
We’ve been in business since 2015.
We are located in 7 countries and have 22 team members.
With so many projects delivered, our team knows what works and what doesn’t when it comes to WordPress and WooCommerce.
Our team members are:
- highly experienced developers (employees & contractors with 5 -10+ years of experience),
- great designers with an eye for UX/UI with 10+ years of experience
- project managers with development background who speak both tech and non-tech
- QA specialists
- Conversion Rate Optimisation - CRO experts
They are all working together to provide you with the best possible service. We are passionate about WordPress, and we love creating custom solutions that help our clients achieve their goals.
At WPRiders, we are committed to building long-term relationships with our clients. We believe in accountability, in doing the right thing, as well as in transparency and open communication. You can read more about WPRiders on the About us page.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfNeo4j
Presented at Gartner Data & Analytics, London Maty 2024. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Join this session to hear their story, the lessons they learned along the way and how their future innovation plans include the exploration of uses of EKG + Generative AI.
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Evaluation of network intrusion detection using markov chain
1. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
DOI: 10.5121/ijci.2014.3202 11
EVALUATION OF NETWORK INTRUSION DETECTION
USING MARKOV CHAIN
S.Brindasri 1
and K.Saravanan 2
1
M.E(CSE), Department of Computer Engineering, Erode Sengunthar Engineering
college, Anna University(Chennai)
2
Assistant Professor, Department of Computer Engineering, Erode Sengunthar
Engineering college, Anna University(Chennai)
ABSTRACT
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
KEYWORDS
Anomaly detection, K-Mean Algorithm, Apriori Algorithm, Data Prune, Data Clustering, Markovian chain
1. INTRODUCTION
Now a day’s potential damage caused by internet attack has increased exponentially, so the need
for defending against these issues has increased significantly. [9] Conventional techniques for
preventing threats such as firewalls, access control schemes or encryption methods are not much
efficient for securing the network system from new born attacks. [1] The intelligent intrusion
detection system is a good solution for this issue and has become a critical component for all
computer security.
Intrusion detection is to analyses the data gained by network action, security log, audit data or
other networks in order to detect and identify any invading action and purpose against security
strategy during network and computer systems.[15] Intrusion was first introduced by James P.
Anderson. It violates the security policy of system. The security policy is confidentiality,
integrity, availability and Utility [11]. IDS are used to identify, access, report unauthorized,
unapproved network activities, so that it can take precaution to prevent any future damage to the
system. As a safety protection work, intrusion detection can sound a warning before a system is
endangered and real time respond to the attack, which greatly improves the security of networks.
Intrusion detection method is divided into two types, misuse detection and anomaly detection. For
misuse detection, the attack is present in signature form according to that it matches the attack in
2. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
12
the database. It is accurate and fast for the known intrusion behaviour but hard to identify the
intrusion behaviour except signature database. [4][11] While for anomaly detection, the normal
model of network behaviours will be firstly created, then the occurrence can be judge by
comparing the actual behaviour with it, which can detect the unknown intrusion behaviour [3].
Intrusions Detection is broadly classified into two categories. They are Host Based Intrusion
detection system and Network Based Intrusion Detection system. In Host Based Intrusion
Detection system (HIDS) evaluates information found on a single or multiple systems. Network
Based Intrusion Detection system (NIDS) evaluates data captured from network states, analyzing
packets which travel across the network [9].
Data set used is DARPA2000 dataset, which contains both normal and attack data. There are
contains 41 features for detecting intrusion.[10] Types of attack are, Denial of Service (DoS)
attacks, the attacker makes memory resource too busy, thus denying legitimate users access to a
machine. A probe attack, an attacker scans a network to gather data to find known vulnerabilities
in the system. Remote-to-Local (R2L) attacks, where an attacker sends packets to a machine via
network, then exploits machines vulnerability to illegally gain local access as a user. [5] A user-
to-Root (U2R) attack, attacker used to access like a normal user on the system and thus exploits
vulnerability to the system. [14] For example, In July 2010, more number of internet services was
shutdown so that it can’t able to access any of the services in Korea due to the denial of service
attack. They came to know after the attack encountered and after identifying the take they taken a
step to avoid that attack. So, a new mechanism is used to forecast states of the network and
detects the possibility of an attack in the system. The experimental results show that the proposed
approach achieves high detection performance in the level of threats in stages.
This paper is organized as follows: In section 2 it discussed with the related work of my paper. In
section 3 and 4 it explain about the two algorithm k-Means and Apriori. Section 5 explains about
the proposed work and its performance metrics. In section 6 gives a conclusion.
2. RELATED WORK
In Intrusion detection various probabilistic techniques is used, decision tree, Hotel ling’s T2 test,
chi-square multivariate test, and Markov chain are applied to the same training set and the same
testing set of computer audit data for investigating the frequency property and the ordering
property of computer audit data. The study [2] provides response to several questions concerning
which properties are critical to intrusion detection. Here the frequency property of multiple audit
event types in a sequence of events is necessary for intrusion detection. A single audit event at a
given time is not sufficient for intrusion detection. The ordering property of multiple audit events
provides profit to the frequency property for intrusion detection. However, the scalability problem
of complex data models taking into account the ordering property of activity data is solved;
intrusion detection techniques based on the frequency property provide a viable solution that
produces good intrusion detection performance with low computational overhead.
Rahul Rastogi et.al proposed about the intrusion detection system, which discussed about the data
mining techniques. [13] Data mining techniques is applied to the network data to detect
intrusions. The foremost step in application of data mining techniques is the selection of
appropriate features from the data. Intrusion Detection System that can detect known and
unknown intrusion automatically. Under a data mining framework, the IDS are trained with
statistical algorithm, named Chi-Square statistics [5][8]. This study shows, implementation and
analyze of these threats by using a Chi-Square statistic technique, in order to prevent attacks. This
proposed model is used to detect anomaly-based detections by using data mining technique.
3. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
13
First order Markov chain approach is used effectively to predict the attacks through experiments
using the well-known DARPA 2000 dataset [2][6]. This approach achieves high detection
performance and also represents the degree of risk on a probability scale. This method is shown to
be insensitive to variations of training data sets and the number of states in the Markov model.
The proposed approach is expected to be effectively integrated with the existing network based
intrusion detection systems for earlier detection for attacks.
Markov chain was implemented and tested on the Sun Solaris system [1]. By using this method it
clearly distinguished intrusive activities from normal activities in the testing data. This study
shows the performance of the intrusion detection technique based on the Markov method. The
application of the intrusion detection technique using a Markov model is not limited to the
temporal behaviour of a host machine it also used in network domain.
Compared to supervised approaches, unsupervised approach breaks the dependency on attack-free
training datasets [4]. The unsupervised anomaly detection achieve higher detection rate compared
to supervised process. It contain high false positive rate. In unsupervised anomaly detection
techniques, it is processed with unlabeled data and it is capable of detecting previous unknown
attacks.
3. IDS USING K-MEANS ALGORITHM
K-Means is an unsupervised algorithm it define the unlabelled class to which the cluster is
performed. [7][12] The main objective is to define k centres, for each centre group of cluster is
formed. These centres should be placed in a cunning way because of different location causes
different result. Normal data is taken as input for K-means Clustering. The number of cluster is
initially set as 10. The distances between each data and the cluster centres are calculated using
distance metrics. The data belongs to the cluster whose distance between them is minimum,
compared to the remaining cluster centre. Updated the cluster centre values then and there new
data enters the cluster. The number clusters are varied for different number of iterations; finally
we achieved the best values with eight clusters with nine iterations. Fig 1 shows set of objects is
been clustered to given centroid points. [15] According to the similarity it groups the data
different data it marks as outlying state. Table 1 shows the working principle of K-Means, [9]
initially from k objects is taken from the given data then according to the cluster it cluster the data
by using the mean value. It repeat the process until no change occur then stop the process.
Procedure K-Means
Step 1: Choose k objects from D as the initial cluster centres
Step 2: Assign each object to the cluster according to the mean value of the objects in the
cluster.
Step 3: Update the cluster means, i.e., calculate the mean value of the objects for each
cluster.
Step 4: Until no change
Table 1: K-Mean algorithm
4. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
14
Fig 1 set of objects is cluster by using k-means method
4. IDS USING ARIORI ALGORITHM
Apriori is an iterative approach known as a level-wise search [3][4], it consists of two steps join
step and prune step it used to join the data from transactional database and from that it prune the
data when it does not satisfy the minimum threshold value it defines the infrequent data so it
removes from the database reduce the size of the data. In Table 2 defines where k-item sets are
used to explore (k+1) item sets. The 1- frequent item sets is created by scanning the transactional
database to count for each item, and then it process to the minimum support count value. When it
does not satisfy the minimum support count it will remove from the database so that it can able to
reduce the space and it can be easily find the most frequent item.
Procedure Apriori
1 L1= large 1 item set
2 K= 2
3 While Lk-1 ≠ⱷ do
4 Begin
5 Ck= Apriori gen(Lk-1)
6 For all transaction t in D do
7 Begin
8 Ct= subset (Ck,t)
9 For all candidates C £ Ct do
10 C.count= C.count +1
11 End
2nd
pruning step
12 Lk={C £ Ck ļ C.count ≥ minsup}
13 K = k+1
14 End
Apriori gen(LK-1)
15 Ck=ⱷ
16 For all item sets x £ Lk-1 and y £ Lk-1 do
17 If x1= y1 ᴧ..ᴧ* k-2= yk-2ᴧ xk-1<yk-1 then begin
18 C=x1x2..xk-1 yk-1
19 Add C to Ck
20 End
1st
pruning step
21 delete candidate item set Ck whose any subset not in Lk-1
Table 2: Procedure of Apriori Algorithm
5. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
15
The purpose of Apriori is used to search the data in the large database analyze and prune the data
effectively then remove the irrelevant data. In Fig 2 shows the sample example of how Apriori
works for a given data. It explains the generations of candidate item sets and frequent item sets,
where the minimum support count is 2.
TID Items
c1
Item
set
Sup L1 Item
set
Sup
100 1 3 4 1) 2 1) 2
200 2 3 5 scan D 2) 3 2) 3
300 1 2 3 5 3) 3 3) 3
400 2 5 4) 1 5) 3
5) 3
L2
Item
set
Sup
c2
Item
set
Sup c2 Item set
{1 3} 2 {1 2} 1 {1 2}
{2 3} 2 {1 3} 2 scan D {1 3}
{2 5} 3 {1 5} 1 {1 5}
{3 5} 2 {2 3} 2 {2 3}
{2 5} 3 {2 5}
{3 5} 2 {3 5}
c3
Item set
L3
Item
set
sup
{2 3 5} scan D {2 3
5}
2
Fig 2 Example using Apriori Algorithm
5. PROPOSED WORK
In this section, a novel Work is developed which uses a Markov chain for the probabilistic
modelling of network events. The main objective of the work is used to reduce the attack
detection time and detect the presence of attack. It composed of three main phases: in the first
phase, define the network states and then prune the data. Based on the prune state the Markov
chain is applied[1]. In the third phase, the degree of attack is measured in three states and then
compared with existing K-Means and proposed Apriori Algorithm in given sample data. Fig 3 is a
flow chart of the proposed framework. It explain already trained data is taken, then Apriori
Algorithm works by using its operation, prune by using minimum count then build Markov chain
to find the detection of attacks in given sample
5.1. PHASE 1- DATA PRE-PROCESS AND PRUNE THE DATA
In this phase, it collects the input request and finds the no of transaction in the input file. Then it
separates the input request based on the states. It takes the three kinds of such as sender, receiver,
progress state. Then it applies the apriori algorithm each states to identify the frequent
occurrences. Fig 4.a shows the dataset preprocessing operations
In Fig 4.b shows the Apriori Algorithm preparation. It creates next generation of candidate item
set by using prior knowledge from the database where the candidate (k+1)-item sets from k-item
sets. It generates candidate item sets by passing into two steps. The first pruning step depends on
6. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
16
the apriori fact. After generating a candidate (k+1)-item set, it will be degenerated to its k-item
sets subsets. If any one of these subsets is not large it is not member in Lk, so it will remove from
the database as the infrequent data then it move to the second step. After the first pruning stage it
move next to the second pruning step. This algorithm is fixed with minimum support count if it
exceeds the minimum support then it declare as the frequent item set. Fig 4.c shows according to
the support count given it process prune the data and remove the unwanted data which is below
threshold.
Fig 3 Flow chart of proposed work
5.1.1 GENERATION OF STRONG ASSOCIATION RULES FROM FREQUENT DATA
Once the frequent data generates from transaction database, then it make a strong association
rules that satisfy both minimum support and confidence.
Confidence=P(B/A)=
5.1.2. BUILDING A STATE TRANSITION PROBABILITY MATRIX
A Markov model is represented by a state transition matrix and initial probability distribution.
Based on the assumptions, a state transition probability of t+1 depends on the state at time t [14].
Let M and N denotes the two states at time t and t + 1, where K denotes the number of states in
the system. The time t+1 depend on time t, and do not depend on the previous states of time t.
7. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
17
Fig 4.a) Dateset alignment process Fig 4.b) perform Apriori algorithm preparation
Markov chain is represented by state transition probability [11]:
(1)
An initial probability distribution [10]:
(2)
where qi is the probability of the state i
(3)
The probability that a sequence from X1, XT at time 1to t occurs in the Markov chain is
computed as follows:
(4)
In fig 4.d shows the result of transition probability matrix and the initial probability
distribution the matrix is performed which is used to detect the attack detection in three states.
(5)
(6)
8. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
18
Where
Nij is the number of process from one state to another state
Ni. Is the total number of observation pairs in the dataset at state i
N is the total number of observations in the dataset.
Fig 4.c) Minimum support count preparation fig 4.d) Matrix formation
5.2 PERFORMANCE METRICS:
The comparison of two algorithms by using the performance metric analyzes is performed and
then the probability of attack detection is calculated and shown in Fig 5.
Detection rate (DR) - Ratio between numbers of anomaly correctly classified by the total number
of anomaly in the database.
Error rate(ER) - Ratio between number of anomaly (normal) incorrectly classified
and total number of anomaly (normal).
True positive (TP) - classifying normal class as normal class.
True negative (TN) - classifying anomaly class as anomaly class.
False positive (FP) - classifying normal class as an anomaly class.
False negative (FN) - classifying anomaly class as a normal class.
Accuracy = TP + TN
TP + TN + FP + FN
Sensitive = TP
TP + FN
Specificity = TN
TN + FP
9. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
19
Fig 5 Comparison of k-Means and Apriori
6. CONCLUSION
The implementation of K-Means Algorithm and Apriori Algorithm test is done and concluded
that the performance of K-Means clustering Algorithm for anomaly detection is not as good as the
performance of the Apriori Algorithm, for DARPA2000 sample dataset. And also, this project
has done with building k states of frequent data using Apriori algorithm and will subsequently
build model for probability calculation, for detecting anomaly using first-order Markov chain.
Future work is to implement the higher order Markov model, where the state of system depends
not only on the previous events but also the historic events. Compare the performance with other
probabilistic techniques.
REFERENCES
[1] Nong Ye(2000), ”A Markov Chain Model of Temporal Behavior for Anomaly Detection”,
Proceedings of the 2000 IEEE Workshop on Information Assurance and Security United States
Military Academy, West Point,pp. 171-174.
[2] Ye, Nong, et al(2001), "Probabilistic techniques for intrusion detection based on computer audit
data." ,Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions, Vol.31,
No.4, pp.266-274..
[3] Peddabachigari.S, Abraham.A & Thomas(2004), ”Intrusion detection systems using decision trees
and support vector machines”, International Journal of Applied Science and Computations, pp. 118-
134.
[4] Jiang, S., Song, X., Wang, H., Han, J., & Li, Q. (2006), ” A clustering-based method for unsupervised
intrusion detections”, Pattern Recognitions Letter, 27(7), pp.802–810.
[5] Nong Ye, Senior Member, IEEE, Syed Masum Emran, Qiang Chen, and Sean Vilbert (2007),
“Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection.”, IEEE
transaction on computers, Vol. 51, No. 7, pp.810-820 ,.
[6] Poulose Jacob, K., and Varghese Surekha Miriam (2007), "Anomaly Detection Using System Call
Sequence Sets." , Vol.2, pp.14-21.
[7] Gogoi, Prasanta, Bhogeswar Borah, and Dhruba K. Bhattacharyya (2010), "Anomaly detection
analysis of intrusion data using supervised & unsupervised approach.",Journal of Convergence
Information Technology ,Vol.5, No.1, pp.101-105.
[8] Nasser S. Abouzakhar and Abu Bakar (2010), “A Chi-square testing-based intrusion detection
Model.”, School of Computer Science, The University of Hertfordshire, College Lane, Hatfield AL10
9AB, Hertfordshire, UK,Vol 36, No.4, pp.280-292.
[9] Jyothsna.V, Rama Prasad.V.V, Munivara Prasad.K(2011), ”A Review of Anomaly based Intrusion
Detection Systems”, International Journal of Computer Applications (0975 – 8887)Volume:28 No:7,
pp: 283–304.
10. International Journal on Cybernetics & Informatics (IJCI) Vol. 3, No. 2, April 2014
20
[10] Yogendra Kumar Jain , Upendra(2012), ” An Efficient Intrusions Detection Based On Decision Tree
Classifier Using Feature Reductions”, International Journal Of Scientific And Research
Publications,Volume 2,Issue 1, ISSN 2250-3153.
[11] Gyanchandani, Rana.J.L, Yadav.R.N(2012), ”Taxonomy of Anomaly Based Intrusion Detection
System: A Review”, International Journal of Scientific and Research Publications, Volume:2,
Issue:12,1 ISSN 2250-3153.
[12] Farhad Soleimanian Gharehchopogh, Neda Jabbari, Zeinab Ghaffari Azar(2012), ”Evaluation of
Fuzzy K-Mean And K-Means Clustering Algorithms In Intrusion Detection Systems”, International
Journal Of Scientific & Technology Research Volume:1, Issue 11, ISSN 2277-8616 66, pp. 283–304.
[13] Rahul Rastogi1, Zubair Khan2, M. H and Khan (2012), “Network Anomalies Detection Using
Statistical Technique : A Chi- Square approach.”, IJCSI International Journal of Computer Science
Issues, Vol. 9, Issue 2, No 3, pp.515-522.
[14] Seongjium Shin, Seungmin Lee, Hyunwoo Kim, Sehum Kim (2013), “Advanced Probabilistic
Approach For Network Intrusion Forecasting and Detection.“, Expert system with applications,
Vol.40, pp. 315 – 322,.
[15] Poonam Dabas, Rashmi Chaudhary(2013), ”Survey Of Network Intrusion Detection Using K-Mean
Algorithm”, International Journal Of Advanced Research In Computer Science And Software
Engineering, Volume:3, Issue: 3,ISSN: 2277,pp. 30-35.
Authors
I am S. Brindasri pursuing the M.E CSE in Erode Sengunthar Engineering College. I
have published my survey in international journal computer science and information
technology. My research interests in network security.