Classification hardness for supervised learners on 20 years of intrusion detection data

This article consolidates analysis of established (NSL-KDD) and new intrusion detection datasets (ISCXIDS2012, CICIDS2017, CICIDS2018) through the use of supervised machine learning (ML) algorithms. The uniformity in analysis procedure opens up the option to compare the obtained results. It also provides a stronger foundation for the conclusions about the efficacy of supervised learners on the main classification task in network security. This research is motivated in part to address the lack of adoption of these modern datasets. Starting with a broad scope that includes classification by algorithms from different families on both established and new datasets has been done to expand the existing foundation and reveal the most opportune avenues for further inquiry. After obtaining baseline results, the classification task was increased in difficulty, by reducing the available data to learn from, both horizontally and vertically. The data reduction has been included as a stress-test to verify if the very high baseline results hold up under increasingly harsh constraints. Ultimately, this work contains the most comprehensive set of results on the topic of intrusion detection through supervised machine learning. Researchers working on algorithmic improvements can compare their results to this collection, knowing that all results reported here were gathered through a uniform framework. This work's main contributions are the outstanding classification results on the current state of the art datasets for intrusion detection and the conclusion that these methods show remarkable resilience in classification performance even when aggressively reducing the amount of data to learn from

The Limits of Liability in Promoting Safe Geologic Sequestration of CO2

Deployment of new technologies is vital to climate change policy, but it invariably poses difficult tradeoffs. Carbon capture and storage (“CCS”), which involves the capture and permanent burial of CO2 emissions, exemplifies this problem. This article provides an overview of CCS in Part I, focusing on geologic sequestration, and analyzes the scientific work on the potential for releases of CO2 and brine from sequestrian reservoirs. Part II evaluates the comparative advantages of government regulation and common law liability. Part III examines the relative efficiencies of different doctrines of common law liability when applied to likely releases from sequestrian sites. The authors propose a hybrid legal framework in Part IV that combines a traditional regulatory regime with a novel two-tiered system of liability that is calibrated to objective site characteristics.The Kay Bailey Hutchison Center for Energy, Law, and Busines

Data center virtualization and its economic implications for the companies

In the current situation of the economic crisis, when companies target budget cuttings in a context of an explosive data growth, the IT community must evaluate potential technology developments not only on their technical advantages, but on their economic effects as well.data centre; virtualization; tiered storage; provisioning software; unified computing.

WK-FNN DESIGN FOR DETECTION OF ANOMALIES IN THE COMPUTER NETWORK TRAFFIC

Anomaly-based intrusion detection systems identify abnormal computer network traffic based on deviations from the derived statistical model that describes the normal network behavior. The basic problem with anomaly detection is deciding what is considered normal. Supervised machine learning can be viewed as binary classification, since models are trained and tested on a data set containing a binary label to detect anomalies. Weighted k-Nearest Neighbor and Feedforward Neural Network are high-precision classifiers for decision-making. However, their decisions sometimes differ. In this paper, we present a WK-FNN hybrid model for the detection of the opposite decisions. It is shown that results can be improved with the xor bitwise operation. The sum of the binary “ones” is used to decide whether additional alerts are activated or not

Protecting the Protector: Mapping the Key Terrain that Supports the Continuous Monitoring Mission of a Cloud Cybersecurity Service Provider

Key terrain is a concept that is relevant to warfare, military strategy, and tactics. A good general maps out terrain to identify key areas to protect in support of a mission (i.e., a bridge allowing for mobility of supplies and reinforcements). Effective ways to map terrain in Cyberspace (KT-C) has been an area of interest for researchers in Cybersecurity ever since the Department of Defense designated Cyberspace as a warfighting domain. The mapping of KT-C for a mission is accomplished by putting forth efforts to understand and document a mission\u27s dependence on Cyberspace and cyber assets. A cloud Cybersecurity Service Provider (CSSP) continuously monitors the network infrastructure of an information system in the cloud ensuring its security posture is within acceptable risk. This research is focused on mapping the key terrain that supports the continuous monitoring mission of a cloud CSSP. Traditional methods to map KT-C have been broad. Success has been difficult to achieve due to the unique nature of the Cyberspace domain when compared to traditional warfighting domains. This work focuses on a specific objective or mission within cyberspace. It is a contextual approach to identify and map key terrain in cyberspace. Mapping is accomplished through empirical surveys conducted on Cybersecurity professionals with various years of experience working in a cloud or CSSP environment. The background of the Cybersecurity professionals participating in the survey will include United States Government personnel/contractors, and other Cybersecurity practitioners in the private sector. This process provided an approach to identify and map key terrain in a contextual manner specific to the mission of a typical cloud CSSP. Practitioners can use it as a template for their specific cloud CSSP mission