A characteristic-based visual analytics approach to detect subtle attacks from NetFlow records

Security is essentially important for any enterprise networks. Denial of service, port scanning, and data exfiltration are among of the most common network intrusions. It\u27s urgent for network administrators to detect such attacks effectively and efficiently from network traffic. Though there are many intrusion detection systems (IDSs) and approaches, Visual Analytics (VA) provides a human-friendly approach to detect network intrusions with situational awareness functionality. Overview visualization is the first and most important step in a VA approach. However, many VA systems cannot effectively identify subtle attacks from massive traffic data because of the incapability of overview visualizations. In this work, we developed two overviews and tried to identify subtle attacks directly from these two overviews. Moreover, zoomed-in visualizations were also provided for further investigation. The primary data source was NetFlow and we evaluated the VA system with datasets from Mini Challenge 3 of VAST challenge 2013. Evaluation results indicated that the VA system can detect all the labeled intrusions (denial of service, port scanning and data exfiltration) with very few false alerts

Cyber Security Network Anomaly Detection and Visualization

This MQP presents a novel anomaly detection system for computer network traffic, as well as a visualization system to help users explore the results of the anomaly detection. The detection algorithm uses a novel approach to Robust Principal Component Analysis, to produce a lower dimensional subspace of the original data, for which a random forest can be applied to predict anomalies. The visualization system has been designed to help cyber security analysts sort anomalies by attribute and view them in the context of normal network activity. The system consists of an overview of firewall logs, a detail view of each log, and a feature view where an analyst can see which features of the firewall log were implicated in the anomaly detection algorithm

Cyber Security Network Anomaly Detection and Visualization

This MQP presents a novel anomaly detection system for computer network traffic, as well as a visualization system to help users explore the results of the anomaly detection. The detection algorithm uses a novel approach to Robust Principal Component Analysis, to produce a lower dimensional subspace of the original data, for which a random forest can be applied to predict anomalies. The visualization system has been designed to help cyber security analysts sort anomalies by attribute and view them in the context of normal network activity. The system consists of an overview of firewall logs, a detail view of each log, and a feature view where an analyst can see which features of the firewall log were implicated in the anomaly detection algorithm

Visualisasi Serangan Denial Of Service dengan Clustering Menggunakan K-Means Algorithm

Visualisasi menjadi salah satu solusi dalam menampilkan serangan di network. Dengan memvisulisasikan serangan, akan lebih mudah dalam mengenali dan menyimpulkan pola dari gambar visual yang komplek. Target serangan DoS bisa ditujukan ke berbagai bagian jaringan, bisa ke routing, web, electronic mail atau server DNS (Domain Name System). Tujuan dari serangan DoS membuat server shutdown, reboot, crash atau not responding. Pola serangan DoS pada dataset ISCX membentuk sebuah pola dimana banyak nya IP host yang hanya meng-exploit ke satu server. Snort mendeteksi adanya serangan DoS pada dataset ISCX testbed 14 juni sebanyak 42 alert HttpDoS attack. Persentasi akurasi dari program clustering menggunakan algoritma k-means sebesar 97,83%, untuk detection rate nya sebesar 98,63%, dan false alarm dari program sebesar 0,02%. Sedangkan, nilai persentase akurasi dari clustering menggunakan algoritma k-means dengan tool WEKA sebesar 99,69%, detection rate 99,01% dan false alarm sebesar 3,70%

RT-MOVICAB-IDS: Addressing real-time intrusion detection

This study presents a novel Hybrid Intelligent Intrusion Detection System (IDS) known as RT-MOVICAB-IDS that incorporates temporal control. One of its main goals is to facilitate real-time Intrusion Detection, as accurate and swift responses are crucial in this field, especially if automatic abortion mechanisms are running. The formulation of this hybrid IDS combines Artificial Neural Networks (ANN) and Case-Based Reasoning (CBR) within a Multi-Agent System (MAS) to detect intrusions in dynamic computer networks. Temporal restrictions are imposed on this IDS, in order to perform real/execution time processing and assure system response predictability. Therefore, a dynamic real-time multi-agent architecture for IDS is proposed in this study, allowing the addition of predictable agents (both reactive and deliberative). In particular, two of the deliberative agents deployed in this system incorporate temporal-bounded CBR. This upgraded CBR is based on an anytime approximation, which allows the adaptation of this Artificial Intelligence paradigm to real-time requirements. Experimental results using real data sets are presented which validate the performance of this novel hybrid IDSMinisterio de Economía y Competitividad (TIN2010-21272-C02-01, TIN2009-13839-C03-01), Ministerio de Ciencia e Innovación (CIT-020000-2008-2, CIT-020000-2009-12

Advances in Data Mining Knowledge Discovery and Applications

Advances in Data Mining Knowledge Discovery and Applications aims to help data miners, researchers, scholars, and PhD students who wish to apply data mining techniques. The primary contribution of this book is highlighting frontier fields and implementations of the knowledge discovery and data mining. It seems to be same things are repeated again. But in general, same approach and techniques may help us in different fields and expertise areas. This book presents knowledge discovery and data mining applications in two different sections. As known that, data mining covers areas of statistics, machine learning, data management and databases, pattern recognition, artificial intelligence, and other areas. In this book, most of the areas are covered with different data mining applications. The eighteen chapters have been classified in two parts: Knowledge Discovery and Data Mining Applications

A visual analytics approach for passing strateggies analysis in soccer using geometric features

Passing strategies analysis has always been of interest for soccer research. Since the beginning of soccer, managers have used scouting, video footage, training drills and data feeds to collect information about tactics and player performance. However, the dynamic nature of passing strategies is complex enough to reflect what is happening in the game and makes it hard to understand its dynamics. Furthermore, there exists a growing demand for pattern detection and passing sequence analysis popularized by FC Barcelona’s tiki-taka. We propose an approach to abstract passing strategies and group them based on the geometry of the ball trajectory. To analyse passing sequences, we introduce a interactive visualization scheme to explore the frequency of usage, spatial location and time occurrence of the sequences. The frequency stripes visualization provide, an overview of passing groups frequency on three pitch regions: defense, middle, attack. A trajectory heatmap coordinated with a passing timeline allow, for the exploration of most recurrent passing shapes in temporal and spatial domains. Results show eight common ball trajectories for three-long passing sequences which depend on players positioning and on the angle of the pass. We demonstrate the potential of our approach with data from the Brazilian league under several case studies, and report feedback from a soccer expert.As estrategias de passes têm sido sempre de interesse para a pesquisa de futebol. Desde os inícios do futebol, os técnicos tem usado olheiros, gravações de vídeo, exercícios de treinamento e feeds de dados para coletar informações sobre as táticas e desempenho dos jogadores. No entanto, a natureza dinâmica das estratégias de passes são bastante complexas para refletir o que está acontecendo dentro do campo e torna difícil o entendimento do jogo. Além disso, existe uma demanda crecente pela deteção de padrões e analise de estrategias de passes popularizado pelo tiki-taka utilizado pelo FC. Barcelona. Neste trabalho, propomos uma abordagem para abstrair as sequências de pases e agrupálas baseadas na geometria da trajetória da bola. Para analizar as estratégias de passes, apresentamos um esquema de visualização interátiva para explorar a frequência de uso, a localização espacial e ocorrência temporal das sequências. A visualização Frequency Stripes fornece uma visão geral da frequencia dos grupos achados em tres regiões do campo: defesa, meio e ataque. O heatmap de trajetórias coordenado com a timeline de passes permite a exploração das formas mais recorrentes no espaço e tempo. Os resultados demostram oito trajetórias comunes da bola para sequências de três pases as quais dependem da posição dos jogadores e os ângulos de passe. Demonstramos o potencial da nossa abordagem com utilizando dados de várias partidas do Campeonato Brasileiro sob diferentes casos de estudo, e reportamos os comentários de especialistas em futebol

Libro de Actas JCC&BD 2018 : VI Jornadas de Cloud Computing & Big Data

Se recopilan las ponencias presentadas en las VI Jornadas de Cloud Computing & Big Data (JCC&BD), realizadas entre el 25 al 29 de junio de 2018 en la Facultad de Informática de la Universidad Nacional de La Plata.Universidad Nacional de La Plata (UNLP) - Facultad de Informátic

A survey of free software for the design, analysis, modelling, and simulation of an unmanned aerial vehicle

The objective of this paper is to analyze free software for the design, analysis, modelling, and simulation of an unmanned aerial vehicle (UAV). Free software is the best choice when the reduction of production costs is necessary; nevertheless, the quality of free software may vary. This paper probably does not include all of the free software, but tries to describe or mention at least the most interesting programs. The first part of this paper summarizes the essential knowledge about UAVs, including the fundamentals of flight mechanics and aerodynamics, and the structure of a UAV system. The second section generally explains the modelling and simulation of a UAV. In the main section, more than 50 free programs for the design, analysis, modelling, and simulation of a UAV are described. Although the selection of the free software has been focused on small subsonic UAVs, the software can also be used for other categories of aircraft in some cases; e.g. for MAVs and large gliders. The applications with an historical importance are also included. Finally, the results of the analysis are evaluated and discussed—a block diagram of the free software is presented, possible connections between the programs are outlined, and future improvements of the free software are suggested. © 2015, CIMNE, Barcelona, Spain.Internal Grant Agency of Tomas Bata University in Zlin [IGA/FAI/2015/001, IGA/FAI/2014/006