14,331 research outputs found
Forensic Data Mining: Finding Intrusion Patterns in Evidentiary Data
In The extensive growth of computing networks and tools and tricks for intruding into and attacking networks has underscored the importance of intrusion detection in network security. Yet, contemporary intrusion detection systems (IDS) are limiting in that they typically employ a misuse detection strategy, with searches for patterns of program or user behavior that match known intrusion scenarios, or signatures. Accordingly, there is a need for more robust and adaptive methods for designing and updating intrusion detection systems. One promising approach is the use of data mining methods for discovering intrusion patterns. Discovered patterns and profiles can be translated into classifiers for detecting deviations from normal usage patterns. Among promising mining methods are association rules, link analysis, and rule-induction algorithms. Our particular contribution is a unique approach to combining association rules with link analysis and a rule-induction algorithm to augment intrusion detection systems
Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection
In this paper, a new learning algorithm for adaptive network intrusion
detection using naive Bayesian classifier and decision tree is presented, which
performs balance detections and keeps false positives at acceptable level for
different types of network attacks, and eliminates redundant attributes as well
as contradictory examples from training data that make the detection model
complex. The proposed algorithm also addresses some difficulties of data mining
such as handling continuous attribute, dealing with missing attribute values,
and reducing noise in training data. Due to the large volumes of security audit
data as well as the complex and dynamic properties of intrusion behaviours,
several data miningbased intrusion detection techniques have been applied to
network-based traffic data and host-based data in the last decades. However,
there remain various issues needed to be examined towards current intrusion
detection systems (IDS). We tested the performance of our proposed algorithm
with existing learning algorithms by employing on the KDD99 benchmark intrusion
detection dataset. The experimental results prove that the proposed algorithm
achieved high detection rates (DR) and significant reduce false positives (FP)
for different types of network intrusions using limited computational
resources.Comment: 14 Pages, IJNS
āļŠāļāļēāļāļąāļāļĒāļāļĢāļĢāļĄāļāļ§āļēāļĄāļĢāļđāđāļāđāļēāļāļāļ§āļēāļĄāļĄāļąāđāļāļāļāļāļĨāļāļāļ āļąāļĒāđāļāđāļāļāļĢāđāđāļāļ·āđāļāļŠāļāļąāļāļŠāļāļļāļāļĢāļ°āļāļāļāļĢāļ§āļāļŦāļēāļāļēāļĢāļāļļāļāļĢāļļāļāđāļāļāļāļĢāļąāļāļāļąāļ§āļāđāļ§āļĒāđāļāļāļāļīāļāļāļāļāļ§āļēāļĄāļŠāļąāļĄāļāļąāļāļāđ
āļāļāļāļąāļāļĒāđāļāļĢāļ°āļāļāļāļēāļĢāļāļĢāļ§āļāļŦāļēāļāļēāļĢāļāļļāļāļĢāļļāļāđāļāđāļāļĢāļ°āļāļāļāļĩāđāđāļāđāļāļĢāļ§āļāļŦāļēāļāļđāđāļāļĩāđāļāļļāļāļĢāļļāļāđāļāđāļēāļĄāļēāđāļāđāļāļĢāļ·āļāļāđāļēāļĒāļāļāļĄāļāļīāļ§āđāļāļāļĢāđāđāļāļ·āđāļāļĄāļļāđāļāļāļģāļĨāļēāļĒāļĢāļ°āļāļāļŦāļĢāļ·āļāļāđāļĄāļĒāļāđāļāļĄāļđāļĨāļāļĩāđāļŠāļģāļāļąāļāđāļāļāļąāļāļāļļāļāļąāļāļāļāļ§āđāļēāļāļēāļĢāļāļļāļāļĢāļļāļāļĄāļĩāļāļēāļĢāļāļąāļāļāļēāļĢāļđāļāđāļāļāđāļŦāļĄāđāđāļāļīāđāļĄāļāļķāđāļāļāļĒāđāļēāļāļāđāļāđāļāļ·āđāļāļāļāļķāļāļāļģāđāļŦāđāđāļāļīāļāļāļēāļĢāļĻāļķāļāļĐāļēāļ§āļīāļāļąāļĒāđāļāļ·āđāļāļāļĢāļąāļāļāļĢāļļāļāļĢāļ°āļāļāļāļēāļĢāļāļĢāļ§āļāļŦāļēāđāļĨāļ°āļ§āļīāđāļāļĢāļēāļ°āļŦāđāļĢāļđāļāđāļāļāļāļēāļĢāļāļļāļāļĢāļļāļāđāļŦāđāļĄāļĩāļāļĢāļ°āļŠāļīāļāļāļīāļ āļēāļāļĄāļēāļāļĒāļīāđāļāļāļķāđāļ āļāļēāļāļ§āļīāļāļąāļĒāļāļāļąāļāļāļĩāđāđāļāđāļĻāļķāļāļĐāļēāđāļĨāļ°āļāļāļāđāļāļāļŠāļāļēāļāļąāļāļĒāļāļĢāļĢāļĄāļāļ§āļēāļĄāļĢāļđāđāļāđāļēāļāļāļ§āļēāļĄāļĄāļąāđāļāļāļāļāļĨāļāļāļ āļąāļĒāđāļāđāļāļāļĢāđāđāļāļ·āđāļāļŠāļāļąāļāļŠāļāļļāļāļĢāļ°āļāļāļāļĢāļ§āļāļŦāļēāļāļēāļĢāļāļļāļāļĢāļļāļāđāļāļāļāļĢāļąāļāļāļąāļ§āđāļŦāļĄāđāđāļāļĒāđāļāđāļāļąāļ§āđāļāļāļāļĢāļ°āđāļĄāļīāļāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļāđāļēāļāļāļ§āļēāļĄāļĄāļąāđāļāļāļāļāļĨāļāļāļ āļąāļĒāđāļāđāļāļāļĢāđāļāļāļāļŠāļāļēāļāļąāļāļāļēāļĢāļāļĨāļĻāļķāļāļĐāļēāļāļēāļĄāļĄāļēāļāļĢāļāļēāļ ISO/IEC 27005 āļĄāļēāļāļĢāļāļēāļ ISO/DIS 31000 āđāļĨāļ°āļĄāļēāļāļĢāļāļēāļ OCTAVE āđāļāļ·āđāļāļāļĢāļ§āļāļŠāļāļāļ§āļąāļāļāļĨāļāļąāļāļāļąāļĒāļāļ§āļēāļĄāđāļŠāļĩāđāļĒāļāļāđāļēāļāļāđāļēāļāđāļāļ§āļāļāļđāđāđāļāļāļąāļāļāļēāļĢāļāļĢāļ§āļāļŠāļāļāļāļēāļāļĢāļ°āļāļāļāļĢāļ§āļāļŦāļēāļāļēāļĢāļāļļāļāļĢāļļāļāđāļāļāļāļĢāļąāļāļāļąāļ§ āļāđāļ§āļĒāđāļāļāļāļīāļāđāļŦāļĄāļ·āļāļāļāđāļāļĄāļđāļĨāļāļēāļāļāļēāļĢāļ§āļīāđāļāļĢāļēāļ°āļŦāđāļāđāļ§āļĒāļāļāļāļ§āļēāļĄāļŠāļąāļĄāļāļąāļāļāđāļāļēāļāđāļāļĢāļāļāđāļēāļĒāļāļĢāļ°āļŠāļēāļāđāļāļĩāļĒāļĄ āļāļēāļāļāļĨāļāļēāļĢāļāļāļĨāļāļāļāļāļ§āđāļēāļĢāļ°āļāļāļāļĢāļ§āļāļŦāļēāļāļēāļĢāļāļļāļāļĢāļļāļāļāļĩāđāđāļāđāļāļąāļāļāļēāļāļķāđāļāļāļĩāđāļŠāļēāļĄāļēāļĢāļāļĢāļēāļĒāļāļēāļāļāļĨāđāļāđāļāļĒāđāļēāļāļĢāļ§āļāđāļĢāđāļ§āđāļāļĒāļĄāļĩāļāđāļēāļāļ§āļēāļĄāđāļāļĩāđāļĒāļāļāļĩāđ 97.4% āđāļĨāļ°āļāđāļēāđāļĢāļĩāļĒāļāļāļ·āļāļāļĩāđ 92.0% āļāļķāļāļŠāļēāļĄāļēāļĢāļāļāļģāđāļāđāļāđāļ§āļīāđāļāļĢāļēāļ°āļŦāđāđāļĨāļ°āļāļģāļāļēāļĒāļāļĨāļāļēāļĢāļĢāļąāļāļĐāļēāļāļ§āļēāļĄāļĄāļąāđāļāļāļāļāļĨāļāļāļ āļąāļĒāđāļāđāļāļāļĢāđāđāļāđāļāđāļāđāļāļāļģāļŠāļģāļāļąāļ: āļŠāļāļēāļāļąāļāļĒāļāļĢāļĢāļĄāļāļ§āļēāļĄāļĢāļđāđāļāđāļēāļāļāļ§āļēāļĄāļĄāļąāđāļāļāļāļāļĨāļāļāļ āļąāļĒāđāļāđāļāļāļĢāđāļĢāļ°āļāļāļāļĢāļ§āļāļŦāļēāļāļēāļĢāļāļļāļāļĢāļļāļāđāļāļāļāļĢāļąāļāļāļąāļ§āđāļŦāļĄāļ·āļāļāļāđāļāļĄāļđāļĨAbstractThe Intrusion Detection Systems are used for detecting and preventing the organizationsâ computer networks from malicious intruders, who access to destroy or steal crucial information. Nowadays, many new intrusive attacks have been developing continuously. Therefore, many researchers have tried to find out more effective solutions. In this paper, we studied and designed a new Cybersecurity Knowledge Architecture for Supporting the Adaptive Intrusion Detection Systems by using Cybersecurity Risk Assessments Model of Physical Institute of Education according to the standard of ISO/IEC 27005, ISO/DIS 31000, and OCTAVE to measure risk factors. At the same time, we developed the Adaptive Cyber Intrusion Detection System by applying Neural Network with Association rules in Data Mining technique to classify the information of attack computer network. Finally, we have found that our developed detection system is able to report the results promptly and accurately with the precision at 97.4% and the recall at 92.0% which are easy to analyze and predict the results of Cybersecurity.Keywords: Cybersecurity Knowledge Architecture, Adaptive Intrusion Detection Systems, Data Minin
ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System
Security of computers and the networks that connect them is increasingly
becoming of great significance. Computer security is defined as the protection
of computing systems against threats to confidentiality, integrity, and
availability. There are two types of intruders: the external intruders who are
unauthorized users of the machines they attack, and internal intruders, who
have permission to access the system with some restrictions. Due to the fact
that it is more and more improbable to a system administrator to recognize and
manually intervene to stop an attack, there is an increasing recognition that
ID systems should have a lot to earn on following its basic principles on the
behavior of complex natural systems, namely in what refers to
self-organization, allowing for a real distributed and collective perception of
this phenomena. With that aim in mind, the present work presents a
self-organized ant colony based intrusion detection system (ANTIDS) to detect
intrusions in a network infrastructure. The performance is compared among
conventional soft computing paradigms like Decision Trees, Support Vector
Machines and Linear Genetic Programming to model fast, online and efficient
intrusion detection systems.Comment: 13 pages, 3 figures, Swarm Intelligence and Patterns (SIP)- special
track at WSTST 2005, Muroran, JAPA
Intrusion Detection Systems Using Adaptive Regression Splines
Past few years have witnessed a growing recognition of intelligent techniques
for the construction of efficient and reliable intrusion detection systems. Due
to increasing incidents of cyber attacks, building effective intrusion
detection systems (IDS) are essential for protecting information systems
security, and yet it remains an elusive goal and a great challenge. In this
paper, we report a performance analysis between Multivariate Adaptive
Regression Splines (MARS), neural networks and support vector machines. The
MARS procedure builds flexible regression models by fitting separate splines to
distinct intervals of the predictor variables. A brief comparison of different
neural network learning algorithms is also given
- âĶ