Comparative analysis of classification techniques for network anomalies management

Bugün, teknolojideki hızlı gelişme milyarlarca cihazın birbiriyle iletişim kurmasını sağlıyor. Bu gelişme, tüm bu cihazların ağa kolayca bağlanabilmesi için yeni ağ teknolojilerini gerektirir. Son yıllarda, siber saldırılar hükümetler, işletmeler ve bireyler için ciddi bir tehdit oluşturuyor. Bu siber saldırıları önlemek için tasarlanan birçok saldırı tespit sistemi başarısız oldu. Saldırı Tespit Sistemleri (IDS) saldırıları ve saldırganların kullandığı kurnazca yollarını yeterince tanıyamadığından yetersiz IDS çözümü ve savunmasız ağlarla sonuçlandı. Veri madenciliği ve istatistiğin bir sonucu olan makine öğrenmesi tabanlı sistemler kullanmak saldırıları önlemek için çok daha akıllıca bir çözüm olacaktır. Bu yaklaşım, saldırı tanıma tekniklerine dayanan klasik IDS çözümüne kıyasla daha verimli bir IDS çözümü getirecektir. Bu tezin amacı, ağ sorun giderme işlemlerini geliştirmek ve bakım işlemlerinin verimliliğini artırmak amacıyla makine öğrenmesini kullanarak Ağ Tabanlı Anomali Tespit Sistemi (NADS) için bir yöntem önermektir. Bu çalışma, seçilen dört makine öğrenme sınıflandırma algoritmasının performansını birbiriyle karşılaştırmaktadır. Seçilen algoritmalar şunlardır: K-En Yakın Komşular (KNN), K-Means, Naïve Bayes ve Random Forest. Bu karşılaştırma ağ anomalisini tespit etmek ve sınıflandırma çerçevesinin performansını analiz etmek içindir. Bu karşılaştırma, çerçeve seçimi ile ilgili öneriler sunmak için yapılmıştır. Yukarıda belirtilen algoritmalar, izinsiz giriş tespit prototiplerini değerlendirmek için yaygın olarak kullanılan KDD CUP99 izinsiz giriş tespit veri setinde uygulanır ve test edilir. Deneysel sonuçlar KNN algoritmasının doğruluk ve hesaplama süresi açısından iyi çalıştığını göstermektedir. Ayrıca, KNN'nin bilinen tüm saldırıların % 98.0379’luk potansiyel tehdidin başarılı bir şekilde tespit ettiğini göstermiştir

Using metrics from multiple layers to detect attacks in wireless networks

The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place. The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack

Towards a multipurpose neural network approach to novelty detection

Novelty detection, the identification of data that is unusual or different in some way, is relevant in a wide number of real-world scenarios, ranging from identifying unusual weather conditions to detecting evidence of damage in mechanical systems. However, utilising novelty detection approaches in a particular scenario presents significant challenges to the non-expert user. They must first select an appropriate approach from the novelty detection literature for their scenario. Then, suitable values must be determined for any parameters of the chosen approach. These challenges are at best time consuming and at worst prohibitively difficult for the user. Worse still, if no suitable approach can be found from the literature, then the user is left with the impossible task of designing a novelty detector themselves. In order to make novelty detection more accessible, an approach is required which does not pose the above challenges. This thesis presents such an approach, which aims to automatically construct novelty detectors for specific applications. The approach combines a neural network model, recently proposed to explain a phenomenon observed in the neural pathways of the retina, with an evolutionary algorithm that is capable of simultaneously evolving the structure and weights of a neural network in order to optimise its performance in a particular task. The proposed approach was evaluated over a number of very different novelty detection tasks. It was found that, in each task, the approach successfully evolved novelty detectors which outperformed a number of existing techniques from the literature. A number of drawbacks with the approach were also identified, and suggestions were given on ways in which these may potentially be overcome.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

A General Framework for Adaptive Anomaly Detection with Evolving Connectionist Systems

A new adaptive anomaly detection framework, based on the use of unsupervised evolving connectionist systems, is proposed to address the issue of concept drift. It is designed to adapt to normal behavior changes while still recognizing anomalies. The evolving connectionist systems learn a subject’s behavior in an online, adaptive fashion without a priori knowledge of the underlying data distributions. Experiments with the KDD Cup 1999 network data and the Windows NT user profiling data show that our adaptive anomaly detection systems, based on Fuzzy Adaptive Resonance Theory (ART) and Evolving Fuzzy Neural Networks (EFuNN), can significantly reduce the false alarm rate while the attack detection rate remains high