Forensic Data Mining: Finding Intrusion Patterns in Evidentiary Data

In The extensive growth of computing networks and tools and tricks for intruding into and attacking networks has underscored the importance of intrusion detection in network security. Yet, contemporary intrusion detection systems (IDS) are limiting in that they typically employ a misuse detection strategy, with searches for patterns of program or user behavior that match known intrusion scenarios, or signatures. Accordingly, there is a need for more robust and adaptive methods for designing and updating intrusion detection systems. One promising approach is the use of data mining methods for discovering intrusion patterns. Discovered patterns and profiles can be translated into classifiers for detecting deviations from normal usage patterns. Among promising mining methods are association rules, link analysis, and rule-induction algorithms. Our particular contribution is a unique approach to combining association rules with link analysis and a rule-induction algorithm to augment intrusion detection systems

Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.Comment: 14 Pages, IJNS

สถาปัตยกรรมความรู้ด้านความมั่นคงปลอดภัยไซเบอร์เพื่อสนับสนุนระบบตรวจหาการบุกรุกแบบปรับตัวด้วยเทคนิคกฎความสัมพันธ์

บทคัดย่อระบบการตรวจหาการบุกรุกเป็นระบบที่ใช้ตรวจหาผู้ที่บุกรุกเข้ามาในเครือข่ายคอมพิวเตอร์เพื่อมุ่งทำลายระบบหรือขโมยข้อมูลที่สำคัญในปัจจุบันพบว่าการบุกรุกมีการพัฒนารูปแบบใหม่เพิ่มขึ้นอย่างต่อเนื่องจึงทำให้เกิดการศึกษาวิจัยเพื่อปรับปรุงระบบการตรวจหาและวิเคราะห์รูปแบบการบุกรุกให้มีประสิทธิภาพมากยิ่งขึ้น งานวิจัยฉบับนี้ได้ศึกษาและออกแบบสถาปัตยกรรมความรู้ด้านความมั่นคงปลอดภัยไซเบอร์เพื่อสนับสนุนระบบตรวจหาการบุกรุกแบบปรับตัวใหม่โดยใช้ตัวแบบประเมินความเสี่ยงด้านความมั่นคงปลอดภัยไซเบอร์ของสถาบันการพลศึกษาตามมาตรฐาน ISO/IEC 27005 มาตรฐาน ISO/DIS 31000 และมาตรฐาน OCTAVE เพื่อตรวจสอบวัดผลปัจจัยความเสี่ยงด้านต่างๆควบคู่ไปกับการตรวจสอบจากระบบตรวจหาการบุกรุกแบบปรับตัว ด้วยเทคนิคเหมืองข้อมูลจากการวิเคราะห์ด้วยกฎความสัมพันธ์จากโครงข่ายประสาทเทียม จากผลการทดลองพบว่าระบบตรวจหาการบุกรุกที่ได้พัฒนาขึ้นนี้สามารถรายงานผลได้อย่างรวดเร็วโดยมีค่าความเที่ยงที่ 97.4% และค่าเรียกคืนที่ 92.0% จึงสามารถนำไปใช้วิเคราะห์และทำนายผลการรักษาความมั่นคงปลอดภัยไซเบอร์ได้ต่อไปคำสำคัญ: สถาปัตยกรรมความรู้ด้านความมั่นคงปลอดภัยไซเบอร์ระบบตรวจหาการบุกรุกแบบปรับตัวเหมืองข้อมูลAbstractThe Intrusion Detection Systems are used for detecting and preventing the organizations’ computer networks from malicious intruders, who access to destroy or steal crucial information. Nowadays, many new intrusive attacks have been developing continuously. Therefore, many researchers have tried to find out more effective solutions. In this paper, we studied and designed a new Cybersecurity Knowledge Architecture for Supporting the Adaptive Intrusion Detection Systems by using Cybersecurity Risk Assessments Model of Physical Institute of Education according to the standard of ISO/IEC 27005, ISO/DIS 31000, and OCTAVE to measure risk factors. At the same time, we developed the Adaptive Cyber Intrusion Detection System by applying Neural Network with Association rules in Data Mining technique to classify the information of attack computer network. Finally, we have found that our developed detection system is able to report the results promptly and accurately with the precision at 97.4% and the recall at 92.0% which are easy to analyze and predict the results of Cybersecurity.Keywords: Cybersecurity Knowledge Architecture, Adaptive Intrusion Detection Systems, Data Minin

ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System

Security of computers and the networks that connect them is increasingly becoming of great significance. Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to the fact that it is more and more improbable to a system administrator to recognize and manually intervene to stop an attack, there is an increasing recognition that ID systems should have a lot to earn on following its basic principles on the behavior of complex natural systems, namely in what refers to self-organization, allowing for a real distributed and collective perception of this phenomena. With that aim in mind, the present work presents a self-organized ant colony based intrusion detection system (ANTIDS) to detect intrusions in a network infrastructure. The performance is compared among conventional soft computing paradigms like Decision Trees, Support Vector Machines and Linear Genetic Programming to model fast, online and efficient intrusion detection systems.Comment: 13 pages, 3 figures, Swarm Intelligence and Patterns (SIP)- special track at WSTST 2005, Muroran, JAPA

Intrusion Detection Systems Using Adaptive Regression Splines

Past few years have witnessed a growing recognition of intelligent techniques for the construction of efficient and reliable intrusion detection systems. Due to increasing incidents of cyber attacks, building effective intrusion detection systems (IDS) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. In this paper, we report a performance analysis between Multivariate Adaptive Regression Splines (MARS), neural networks and support vector machines. The MARS procedure builds flexible regression models by fitting separate splines to distinct intervals of the predictor variables. A brief comparison of different neural network learning algorithms is also given