17 research outputs found
Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers
In this paper, we present the results of using bags of system calls for
learning the behavior of Linux containers for use in anomaly-detection based
intrusion detection system. By using system calls of the containers monitored
from the host kernel for anomaly detection, the system does not require any
prior knowledge of the container nature, neither does it require altering the
container or the host kernel.Comment: Published version available on IEEE Xplore
(http://ieeexplore.ieee.org/document/7414047/) arXiv admin note: substantial
text overlap with arXiv:1611.0305
An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls
Recently hidden Markov model (HMM) has been proved to be a good tool to model normal behaviours of privileged processes for anomaly intrusion detection based on system calls. However, one major problem with this approach is that it demands excessive computing resources in the HMM training process, which makes it inefficient for practical intrusion detection systems. In this paper a simple and efficient HMM training scheme is proposed by the innovative integration of multiple-observations training and incremental HMM training. The proposed scheme first divides the long observation sequence into multiple subsets of sequences. Next each subset of data is used to infer one sub-model, and then this sub-model is incrementally merged into the final HMM model. Our experimental results show that our HMM training scheme can reduce the training time by about 60% compared to that of the conventional batch training. The results also show that our HMM-based detection model is able to detect all denial-of-service attacks embedded in testing traces
Fraud Detection in Credit Card System Using Web Mining
Abstract: Now a day the usage of credit cards has dramatically increased. As credit card becomes the most popular mode of payment for both online as well as regular purchase, cases of fraud associated with it are also rising. Various techniques like classification, clustering and apriori of web mining will be integrated to represent the sequence of operations in credit card transaction processing and show how it can be used for the detection of frauds. Initially, web mining techniques trained with the normal behaviour of a cardholder. If an incoming credit card transaction is not accepted by the web mining model with sufficiently high probability, it is considered to be fraudulent. At the same time, the system will try to ensure that genuine transactions will not be rejected. Using data from a credit card issuer, a web mining model based fraud detection system will be trained on a large sample of labelled credit card account transactions and tested on a holdout data set that consisted of all account activity. Web mining techniques can be trained on examples of fraud due to lost cards, stolen cards, application fraud, counterfeit fraud, and mail-order fraud. The proposed system will be able to detect frauds by considering a cardholder"s spending habit without its significance. Usually, the details of items purchased in individual transactions are not known to any Fraud Detection System. The proposed system will be an ideal choice for addressing this problem of current fraud detection system. Another important advantage of proposed system will be a drastic reduction in the number of False Positives transactions. FDS module of proposed system will receive the card details and the value of purchase to verify, whether the transaction is genuine or not. If the Fraud Detection System module will confirm the transaction to be of fraud, it will raise an alarm, and the transaction will be declined
Network Attacks Detection by Hierarchical Neural Network
Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.
Keywords:
Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifie
LSTM κΈ°λ° μΈμ΄ λͺ¨λΈμ ν΅ν μΉ¨μ νμ§ μμ€ν
νμλ
Όλ¬Έ (μμ¬)-- μμΈλνκ΅ λνμ 곡과λν μ κΈ°Β·μ 보곡νλΆ, 2017. 8. μ€μ±λ‘.μ»΄ν¨ν° 보μμμ κ²¬κ³ ν μΉ¨μ
νμ§ μμ€ν
μ μ€κ³νλ κ²μ κ°μ₯ ν΅μ¬μ μ΄κ³ μ€μν λ¬Έμ μ€μ νλμ΄λ€. λ³Έ λ
Όλ¬Έμμλ λΉμ μ κΈ°λ° νΈμ€νΈ μΉ¨μ
νμ§ μμ€ν
μ€κ³λ₯Ό μν μμ€ν
μ½ μνμ€μ λΆκΈ° μνμ€μ λν μΈμ΄ λͺ¨λΈ λ°©λ²μ μ μνλ€. κΈ°μ‘΄μ λ°©λ²μμ νν λ°μνλ λμ μ€νμ¨ λ¬Έμ λ₯Ό ν΄κ²°νκΈ° μν΄ μ¬λ¬ μκ³κ° λΆλ₯κΈ°λ₯Ό νΌν©νμ¬ μ μμ μΈ μνμ€λ€μ μ λͺ¨μ μ μλ μλ‘μ΄ μμλΈ λ°©λ²μ μ¬μ©νμλ€. λ³Έ μΈμ΄ λͺ¨λΈμ κΈ°μ‘΄ λ°©λ²λ€μ΄ μ νμ§ λͺ»νλ κ° μμ€ν
μ½μ μλ―Έμ κ·Έλ€ κ°μ μνΈ μμ©μ νμ΅ ν μ μλ€λ μ₯μ μ΄ μλ€. 곡κ°λ λ°μ΄ν°λ€κ³Ό μλ‘κ² μμ±ν λ°μ΄ν°λ₯Ό λ°νμΌλ‘ λ€μν μ€νμ ν΅ν΄ μ μ λ λ°©λ²μ νλΉμ±κ³Ό μ ν¨μ±μ μ
μ¦νμλ€. λν, λ³Έ λͺ¨λΈμ΄ λμ μ΄μμ±μ κ°κ³ μμμ 보μλ€.κ΅λ¬Έμ΄λ‘ i
Acknowledgement ii
1 Introduction 1
2 Language Model of System Call Sequences 6
2.1 Model Architecture 6
2.2 Baseline Classifiers 8
2.3 Performance Evaluation 9
3 Ensemble Method to Reduce False Alarms 14
3.1 Ensemble Method 14
3.2 Comparsion with Other Methods 15
4 Interpretation to Transfer Learning 19
4.1 Portability of Model 19
4.2 Visualization of Learned Representations 20
5 Generalization to Branch Sequences 23
5.1 Handling Open Vocabulary Problem 23
5.2 Experiments on Branch Sequences 24
5.3 Discussion on Branch Language Model 26
6 Future Work 28
6.1 Advanced Model Architecture 28
6.2 Finding Anomalous Segments 28
6.3 Adversarial Training 29
6.4 Online Learning Framework 30
7 Conclusion 31
References 32
Abstract 37Maste
Some Evaluations of the Effectiveness of Anomaly Based Intrusion Detection Systems Based on the Junction Tree Algorithm
ABSTRACT The aim of this paper is to present some evaluations of the effectiveness of IDS based on the junction tree algorithm (JTA). We stop our attention to two statistical methods -sensitivity and specificity which are functions of the true positive rate, the false negative rate and the false positive rate, the true negative rate respectively. Relationship between them is given by the receiver operating characteristic curve, which is one graphically method for estimation. For achieving a balance between the false positive rate and the false negative rate are used the crossover error rate
A Survey on Detection and Defense of Application Layer DDoS Attacks
As the time is passing on, the effect of DDoS attacks on Internet security is growing tremendously. Within a very little span there is a huge increase in the size and frequency of DDoS attacks. With the new technologies and new techniques, the attackers are finding more sophisticated ways to attack the servers. In this situation, it is necessary to come up with various mechanisms to detect and defend these DDoS attacks and protect the servers from the attackers. Many researches have been carried out to detect the DDoS attack traffic in transport layer, which is more vulnerable to DDoS attacks. DDoS attacks are more common in transport layer. Coming to application layer, they incur huge loss and it is very difficult to mitigate DDoS attacks even under the presence of strong firewalls and Intrusion Prevention Security. Researches are being conducted to mitigate application layer DDoS attacks.
This Research contains a discussion of various types of DDoS attacks, their detection, and defense and prevention methods proposed by various researchers