ApriorC4.5 data mining algorithm for enhance the network-based intrusion detection in financial data

The most important cause for the introduction regarding an attack on the law is the Internet's recognition. Economic data safety has become an important issue, an urgent want in imitation of pick out and detects attacks. Intrusion Detection is described as much a pc network in imitation of diagnosing signs about attacks yet malicious endeavor thru a provision over continuous assessment methods. The software program does operate its duties are defined as much intrusion discovery structures (IDS) the need because of economic data. The system advanced separate algorithm provides excellent discovery quantity yet means counterfeit fear rate, certain as an array and shallow learning. Recent research exhibit, as in contrast, including structures using a variety concerning Cascade Algorithm instruction algorithm Shallow development, presents an awful lot better performance. The intrusion detection system, correct detection algorithm using the ratio used to be much less marked. False funk quantity also increased. The algorithm is according to clear up this problem. This dissertation describes the twain hybrid algorithm because of the improvement of intrusion discovery systems. C4.5 selection creeper yet supports the aggregate concerning shallow lessons by maximizing accuracy, a competency regarding C4.5, decreasing the bad alarm rate, and shallow learning talents. The effects showed as the expansion into accuracy, the discovery dimensions then ignoble counterfeit scare rate.&nbsp

Integration of a Bayesian network for response planning in a maritime piracy risk management system

International audienceThis article describes an innovative system to protect offshore oil infrastructure against maritime piracy. To detect and respond efficiently to this threat, many factors must be taken into account, including the potential target, the protection methods already in place and operational and environmental constraints, etc. To improve the handling of this complex issue, we have designed a system to manage the entire processing chain; from threat identification to implementation of the response. The system implements Bayesian networks in order to capture the multitude of parameters and their inherent uncertainties, and to identify and manage potential responses. This article describes the system architecture, the integrated Bayesian network and its contribution to response planning

Conception d'un réseau bayésien pour la prévention du risque de piraterie contre les champs pétroliers

International audienceCes dernières années, les attaques de pirates contre des navires ou des champs pétroliers n'ont cessé de se multiplier et de s'aggraver. Pour faire face à ce problème et réagir contre une attaque, il faut considérer de nombreux paramètres relatifs à la menace, la cible potentielle, les dispositifs de protection mis en place, les contraintes liées à l'environnement, etc. Pour gérer ces paramètres, les potentialités des réseaux bayésiens sont exploitées afin de définir les contre-mesures possibles ainsi que leur mode de gestion

Cyber Situation Awareness with Active Learning for Intrusion Detection

Intrusion detection has focused primarily on detecting cyberattacks at the event-level. Since there is such a large volume of network data and attacks are minimal, machine learning approaches have focused on improving accuracy and reducing false positives, but this has frequently resulted in overfitting. In addition, the volume of intrusion detection alerts is large and creates fatigue in the human analyst who must review them. This research addresses the problems associated with event-level intrusion detection and the large volumes of intrusion alerts by applying active learning and cyber situation awareness. This paper includes the results of two experiments using the UNSW-NB15 dataset. The first experiment evaluated sampling approaches for querying the oracle, as part of active learning. It then trained a Random Forest classifier using the samples and evaluated its results. The second experiment applied cyber situation awareness by aggregating the detection results of the first experiment and calculating the probability that a computer system was part of a cyberattack. This research showed that moving the perspective of event-level alerts to the probability that a computer system was part of an attack improved the accuracy of detection and reduced the volume of alerts that a human analyst would need to review.Comment: McElwee, S. & Cannady, J. (2019). Cyber situation awareness with active learning for intrusion detection. SoutheastCon 2019. IEEE. Pre-prin

Network Traffic Monitoring Using Poisson Dynamic Linear Models

Abstract not provide

Detecting malicious VBscripts using anomaly host based IDS based on principal component analysis (PCA)

Intrusion detection research over the last twenty years has focused on the threat of individuals illegally hacking into systems. Nowadays, intrusion threat to computer systems has changed radically. Instead of dealing with hackers, most current works focus on defending the system against code-driven attacks. Today’s web script codes such as VBScript are receiving increasing focus as a backdoor for attacking many computers through e-mail attachments or infected web sites. The nature of these malicious codes is that they can spread widely causing serious damages to many applications. Moreover, the majority of anti-virus tools used today are able to detect known attacks but are unable to detect new and unknown attacks. The work in this thesis presents an Anomaly host based Intrusion Detection System (IDS) that provides protection against web attacks from malicious VBScripts. The core of the system treats anomalies as outliers and this IDS model uses a Multivariate Statistical technique, Principal Component Analysis (PCA) to reduce the dimensionality of the problem while keeping the major principal components of benign instances. Hence, the system can easily filter malicious scripts that deviate from normal behavior and allow for normal scripts to bypass; so any future or unknown VBScript attacks are effectively captured while maintaining a low rate of false alarms

A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments

Includes abstract.Includes bibliographical references (leaves 134-140).Voice and data have been traditionally carried on different types of networks based on different technologies, namely, circuit switching and packet switching respectively. Convergence in networks enables carrying voice, video, and other data on the same packet-switched infrastructure, and provides various services related to these kinds of data in a unified way. Voice over Internet Protocol (VoIP) stands out as the standard that benefits from convergence by carrying voice calls over the packet-switched infrastructure of the Internet. Although sharing the same physical infrastructure with data networks makes convergence attractive in terms of cost and management, it also makes VoIP environments inherit all the security weaknesses of Internet Protocol (IP). In addition, VoIP networks come with their own set of security concerns. Voice traffic on converged networks is packet-switched and vulnerable to interception with the same techniques used to sniff other traffic on a Local Area Network (LAN) or Wide Area Network (WAN). Denial of Service attacks (DoS) are among the most critical threats to VoIP due to the disruption of service and loss of revenue they cause. VoIP systems are supposed to provide the same level of security provided by traditional Public Switched Telephone Networks (PSTNs), although more functionality and intelligence are distributed to the endpoints, and more protocols are involved to provide better service. A new design taking into consideration all the above factors with better techniques in Intrusion Detection are therefore needed. This thesis describes the design and implementation of a host-based Intrusion Detection System (IDS) that targets VoIP environments. Our intrusion detection system combines two types of modules for better detection capabilities, namely, a specification-based and a signaturebased module. Our specification-based module takes the specifications of VoIP applications and protocols as the detection baseline. Any deviation from the protocol’s proper behavior described by its specifications is considered anomaly. The Communicating Extended Finite State Machines model (CEFSMs) is used to trace the behavior of the protocols involved in VoIP, and to help exchange detection results among protocols in a stateful and cross-protocol manner. The signature-based module is built in part upon State Transition Analysis Techniques which are used to model and detect computer penetrations. Both detection modules allow for protocol-syntax and protocol-semantics awareness. Our intrusion detection uses the aforementioned techniques to cover the threats propagated via low-level protocols such as IP, ICMP, UDP, and TCP

The classification performance of Bayesian Networks Classifiers: a case study of detecting Denial of Service (DoS) attacks in cloud computing environments

In this research we propose a Bayesian networks approach as a promissory classification technique for detecting malicious traffic due to Denial of Service (DoS) attacks. Bayesian networks have been applied in numerous fields fraught with uncertainty and they have been proved to be successful. They have excelled tremendously in classification tasks i.e. text analysis, medical diagnoses and environmental modeling and management. The detection of DoS attacks has received tremendous attention in the field of network security. DoS attacks have proved to be detrimental and are the bane of cloud computing environments. Large business enterprises have been/or are still unwilling to outsource their businesses to the cloud due to the intrusive tendencies that the cloud platforms are prone too. To make use of Bayesian networks it is imperative to understand the ―ecosystem‖ of factors that are external to modeling the Bayesian algorithm itself. Understanding these factors have proven to result in comparable improvement in classification performance beyond the augmentation of the existing algorithms. Literature provides discussions pertaining to the factors that impact the classification capability, however it was noticed that the effects of the factors are not universal, they tend to be unique for each domain problem. This study investigates the effects of modeling parameters on the classification performance of Bayesian network classifiers in detecting DoS attacks in cloud platforms. We analyzed how structural complexity, training sample size, the choice of discretization method and lastly the score function both individually and collectively impact the performance of classifying between normal and DoS attacks on the cloud. To study the aforementioned factors, we conducted a series of experiments in detecting live DoS attacks launched against a deployed cloud and thereafter examined the classification performance in terms of accuracy of different classes of Bayesian networks. NSL-KDD dataset was used as our training set. We used ownCloud software to deploy our cloud platform. To launch DoS attacks, we used hping3 hacker friendly utility. A live packet capture was used as our test set. WEKA version 3.7.12 was used for our experiments. Our results show that the progression in model complexity improves the classification performance. This is attributed to the increase in the number of attribute correlations. Also the size of the training sample size proved to improve classification ability. Our findings noted that the choice of discretization algorithm does matter in the quest for optimal classification performance. Furthermore, our results indicate that the choice of scoring function does not affect the classification performance of Bayesian networks. Conclusions drawn from this research are prescriptive particularly for a novice machine learning researcher with valuable recommendations that ensure optimal classification performance of Bayesian networks classifiers