5 research outputs found
Comparative analysis of classification techniques for network anomalies management
Bugün, teknolojideki hızlı gelişme milyarlarca cihazın birbiriyle iletişim
kurmasını sağlıyor. Bu gelişme, tüm bu cihazların ağa kolayca bağlanabilmesi için
yeni ağ teknolojilerini gerektirir. Son yıllarda, siber saldırılar hükümetler, işletmeler
ve bireyler için ciddi bir tehdit oluşturuyor. Bu siber saldırıları önlemek için tasarlanan
birçok saldırı tespit sistemi başarısız oldu. Saldırı Tespit Sistemleri (IDS) saldırıları ve
saldırganların kullandığı kurnazca yollarını yeterince tanıyamadığından yetersiz IDS
çözümü ve savunmasız ağlarla sonuçlandı. Veri madenciliği ve istatistiğin bir sonucu
olan makine öğrenmesi tabanlı sistemler kullanmak saldırıları önlemek için çok daha
akıllıca bir çözüm olacaktır. Bu yaklaşım, saldırı tanıma tekniklerine dayanan klasik
IDS çözümüne kıyasla daha verimli bir IDS çözümü getirecektir. Bu tezin amacı, ağ
sorun giderme işlemlerini geliştirmek ve bakım işlemlerinin verimliliğini artırmak
amacıyla makine öğrenmesini kullanarak Ağ Tabanlı Anomali Tespit Sistemi (NADS)
için bir yöntem önermektir. Bu çalışma, seçilen dört makine öğrenme sınıflandırma
algoritmasının performansını birbiriyle karşılaştırmaktadır. Seçilen algoritmalar
şunlardır: K-En Yakın Komşular (KNN), K-Means, Naïve Bayes ve Random Forest.
Bu karşılaştırma ağ anomalisini tespit etmek ve sınıflandırma çerçevesinin
performansını analiz etmek içindir. Bu karşılaştırma, çerçeve seçimi ile ilgili öneriler
sunmak için yapılmıştır. Yukarıda belirtilen algoritmalar, izinsiz giriş tespit
prototiplerini değerlendirmek için yaygın olarak kullanılan KDD CUP99 izinsiz giriş
tespit veri setinde uygulanır ve test edilir. Deneysel sonuçlar KNN algoritmasının
doğruluk ve hesaplama süresi açısından iyi çalıştığını göstermektedir. Ayrıca,
KNN'nin bilinen tüm saldırıların % 98.0379’luk potansiyel tehdidin başarılı bir şekilde
tespit ettiğini göstermiştir
Using metrics from multiple layers to detect attacks in wireless networks
The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place.
The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack
Towards a multipurpose neural network approach to novelty detection
Novelty detection, the identification of data that is unusual or different in some way, is relevant in a wide number of real-world scenarios, ranging from identifying unusual weather conditions to detecting evidence of damage in mechanical systems. However, utilising novelty detection approaches in a particular scenario presents significant challenges to the non-expert user. They must first select an appropriate approach from the novelty detection literature for their scenario. Then, suitable values must be determined for any parameters of the chosen approach. These challenges are at best time consuming and at worst prohibitively difficult for the user. Worse still, if no suitable approach can be found from the literature, then the user is left with the impossible task of designing a novelty detector themselves. In order to make novelty detection more accessible, an approach is required which does not pose the above challenges. This thesis presents such an approach, which aims to automatically construct novelty detectors for specific applications. The approach combines a neural network model, recently proposed to explain a phenomenon observed in the neural pathways of the retina, with an evolutionary algorithm that is capable of simultaneously evolving the structure and weights of a neural network in order to optimise its performance in a particular task. The proposed approach was evaluated over a number of very different novelty detection tasks. It was found that, in each task, the approach successfully evolved novelty detectors which outperformed a number of existing techniques from the literature. A number of drawbacks with the approach were also identified, and suggestions were given on ways in which these may potentially be overcome.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
A General Framework for Adaptive Anomaly Detection with Evolving Connectionist Systems
A new adaptive anomaly detection framework, based on the use of unsupervised evolving connectionist systems, is proposed to address the issue of concept drift. It is designed to adapt to normal behavior changes while still recognizing anomalies. The evolving connectionist systems learn a subject’s behavior in an online, adaptive fashion without a priori knowledge of the underlying data distributions. Experiments with the KDD Cup 1999 network data and the Windows NT user profiling data show that our adaptive anomaly detection systems, based on Fuzzy Adaptive Resonance Theory (ART) and Evolving Fuzzy Neural Networks (EFuNN), can significantly reduce the false alarm rate while the attack detection rate remains high