5,489 research outputs found
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
Intrusion Detection Systems Using Adaptive Regression Splines
Past few years have witnessed a growing recognition of intelligent techniques
for the construction of efficient and reliable intrusion detection systems. Due
to increasing incidents of cyber attacks, building effective intrusion
detection systems (IDS) are essential for protecting information systems
security, and yet it remains an elusive goal and a great challenge. In this
paper, we report a performance analysis between Multivariate Adaptive
Regression Splines (MARS), neural networks and support vector machines. The
MARS procedure builds flexible regression models by fitting separate splines to
distinct intervals of the predictor variables. A brief comparison of different
neural network learning algorithms is also given
Metaheuristic-Based Neural Network Training And Feature Selector For Intrusion Detection
Intrusion Detection (ID) in the context of computer networks is an essential technique in modern defense-in-depth security strategies. As such, Intrusion Detection Systems (IDSs) have received tremendous attention from security researchers and professionals. An important concept in ID is anomaly detection, which amounts to the isolation of normal behavior of network traffic from abnormal (anomaly) events. This isolation is essentially a classification task, which led researchers to attempt the application of well-known classifiers from the area of machine learning to intrusion detection. Neural Networks (NNs) are one of the most popular techniques to perform non-linear classification, and have been extensively used in the literature to perform intrusion detection. However, the training datasets usually compose feature sets of irrelevant or redundant information, which impacts the performance of classification, and traditional learning algorithms such as backpropagation suffer from known issues, including slow convergence and the trap of local minimum. Those problems lend themselves to the realm of optimization. Considering the wide success of swarm intelligence methods in optimization problems, the main objective of this thesis is to contribute to the improvement of intrusion detection technology through the application of swarm-based optimization techniques to the basic problems of selecting optimal packet features, and optimal training of neural networks on classifying those features into normal and attack instances. To realize these objectives, the research in this thesis follows three basic stages, succeeded by extensive evaluations
Efficient intrusion detection scheme based on SVM
The network intrusion detection problem is the focus of current academic research. In this paper, we propose to use Support Vector Machine (SVM) model to identify and detect the network intrusion problem, and simultaneously introduce a new optimization search method, referred to as Improved Harmony Search (IHS) algorithm, to determine the parameters of the SVM model for better classification accuracy. Taking the general mechanism network system of a growing city in China between 2006 and 2012 as the sample, this study divides the mechanism into normal network system and crisis network system according to the harm extent of network intrusion. We consider a crisis network system coupled with two to three normal network systems as paired samples. Experimental results show that SVMs based on IHS have a high prediction accuracy which can perform prediction and classification of network intrusion detection and assist in guarding against network intrusion
A Comprehensive Study on Metaheuristic Techniques Using Genetic Approach
Most real-life optimization problems involve multiple objective functions. Finding a solution that satisfies the decision-maker is very difficult owing to conflict between the objectives. Furthermore, the solution depends on the decision-maker’s preference. Metaheuristic solution methods have become common tools to solve these problems. The task of obtaining solutions that take account of a decision-maker’s preference is at the forefront of current research. It is also possible to have multiple decision-makers with different preferences and with different decision-making powers. It may not be easy to express a preference using crisp numbers. In this study, the preferences of multiple decision-makers were simulated and a solution based on a genetic algorithm was developed to solve multi-objective optimization problems. The preferences were collected as fuzzy conditional trade-offs and they were updated while running the algorithm interactively with the decision-makers. The proposed method was tested using well-known benchmark problems. The solutions were found to converge around the Pareto front of the problems
- …