Integration of Expectation Maximization using Gaussian Mixture Models and Naïve Bayes for Intrusion Detection

Intrusion detection is the investigation process of information about the system activities or its data to detect any malicious behavior or unauthorized activity. Most of the IDS implement K-means clustering technique due to its linear complexity and fast computing ability. Nonetheless, it is Naïve use of the mean data value for the cluster core that presents a major drawback. The chances of two circular clusters having different radius and centering at the same mean will occur. This condition cannot be addressed by the K-means algorithm because the mean value of the various clusters is very similar together. However, if the clusters are not spherical, it fails. To overcome this issue, a new integrated hybrid model by integrating expectation maximizing (EM) clustering using a Gaussian mixture model (GMM) and naïve Bays classifier have been proposed. In this model, GMM give more flexibility than K-Means in terms of cluster covariance. Also, they use probabilities function and soft clustering, that’s why they can have multiple cluster for a single data. In GMM, we can define the cluster form in GMM by two parameters: the mean and the standard deviation. This means that by using these two parameters, the cluster can take any kind of elliptical shape. EM-GMM will be used to cluster data based on data activity into the corresponding category

Enhancing the SVDD accuracy in Intrusion Detection Systems by removing external voids

This work aims to improve the accuracy of the SVDD-based Intrusion Detection Systems. In this study we are interested by approaches using only one-class classification, namely the class of normal user sessions. Sessions are modeled by vectors of points in a finite features space. The goal of using the SVDD in anomaly detection is to find the hypersphere with a minimal volume that encloses the entire scatter of points (i.e. the normal sessions). This paper discusses the general case where the shape of the scatter is arbitrary. In this case some voids can occur between the scatter and the boundary of the hypersphere, and mainly cause a distortion of the data description that reduces the accuracy of the detection. The objective of this work is to study and highlight the best techniques that help removing voids and thus improving the accuracy of the SVDD. Experimental results show that choosing the appropriate techniques and parameters can significantly improve the accuracy of the SVDD

Enhancing the SVDD accuracy in Intrusion Detection Systems by removing external voids

This work aims to improve the accuracy of the SVDD-based Intrusion Detection Systems. In this study we are interested by approaches using only one-class classification, namely the class of normal user sessions. Sessions are modeled by vectors of points in a finite features space. The goal of using the SVDD in anomaly detection is to find the hypersphere with a minimal volume that encloses the entire scatter of points (i.e. the normal sessions). This paper discusses the general case where the shape of the scatter is arbitrary. In this case some voids can occur between the scatter and the boundary of the hypersphere, and mainly cause a distortion of the data description that reduces the accuracy of the detection. The objective of this work is to study and highlight the best techniques that help removing voids and thus improving the accuracy of the SVDD. Experimental results show that choosing the appropriate techniques and parameters can significantly improve the accuracy of the SVDD

Analysis of Encrypted Malicious Traffic

In recent years there has been a dramatic increase in the number of malware attacks that use encrypted HTTP traffic for self-propagation and communication. Due to the volume of legitimate encrypted data, encrypted malicious traffic resembles benign traffic. As the malicious traffic is similar to benign traffic, it poses a challenge for antivirus software and firewalls. Since antivirus software and firewalls will not typically have access to encryption keys, detection techniques are needed that do not require decrypting the traffic. In this research, we apply a variety of machine learning techniques to the problem of distinguishing malicious encrypted HTTP traffic from benign encrypted traffic

Vibration-based adaptive novelty detection method for monitoring faults in a kinematic chain

Postprint (published version

A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks

With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks

A taxonomy framework for unsupervised outlier detection techniques for multi-type data sets

The term "outlier" can generally be defined as an observation that is significantly different from the other values in a data set. The outliers may be instances of error or indicate events. The task of outlier detection aims at identifying such outliers in order to improve the analysis of data and further discover interesting and useful knowledge about unusual events within numerous applications domains. In this paper, we report on contemporary unsupervised outlier detection techniques for multiple types of data sets and provide a comprehensive taxonomy framework and two decision trees to select the most suitable technique based on data set. Furthermore, we highlight the advantages, disadvantages and performance issues of each class of outlier detection techniques under this taxonomy framework