15 research outputs found
Hierarchic Clustering Algorithm Used for Anomaly Detecting
AbstractThe popularity of using Internet contains some risks of network attacks. Intrusion detection is one major research problem in network security, whose aim is to prevent unauthorized access to system resources and data. This paper choose the clustering algorithm based on the hierarchical structure, to form normal behavior profile on the audit records and adjust the profile timely as the program behavior changed. The algorithm can convert the problem to resolve the problem of massive data processing to the hot research point of anomaly detection. Moreover, in order to improve the results of testing further, we choose data processing algorithm to get high-quality data source. As the experiment shown, we get effective experimental result
Utility-based reputation model for VO in GRIDs
In this paper we extend the existing utility-based reputation model for VOs in Grids by incorporating a statistical model of user behaviour (SMUB) that was previously developed for computer networks and distributed systems, and different functions to address threats scenarios in the area of trust and reputation management. These modifications include: assigning initial reputation to a new entity in VO, capturing alliance between consumer and resource, time decay function, and score function.Π Π΄Π°Π½Π½ΠΎΠΉ ΡΡΠ°ΡΡΠ΅ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π° ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠ΅ΠΉ ΠΌΠΎΠ΄Π΅Π»ΠΈ ΡΠ΅ΠΏΡΡΠ°ΡΠΈΠΉ Π΄Π»Ρ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΡ
ΠΎΡΠ³Π°Π½ΠΈΠ·Π°ΡΠΈΠΉ Π² Grid-ΡΠΈΡΡΠ΅ΠΌΠ°Ρ
, ΠΊΠΎΡΠΎΡΠ°Ρ ΠΎΡΠ½ΠΎΠ²Π°Π½Π° Π½Π° ΠΎΡΠ΅Π½ΠΊΠ΅ ΡΡΠ½ΠΊΡΠΈΠΈ ΠΏΠΎΠ»Π΅Π·Π½ΠΎΡΡΠΈ. ΠΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΠΌΠΎΠ΄Π΅Π»ΠΈ ΡΠΎΡΡΠΎΠΈΡ Π² Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ΠΈΠΈ ΡΡΠ°ΡΠΈΡΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΠΌΠΎΠ΄Π΅Π»ΠΈ ΠΏΠΎΠ²Π΅Π΄Π΅Π½ΠΈΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ, ΠΊΠΎΡΠΎΡΠ°Ρ ΡΠ°Π½Π΅Π΅ Π±ΡΠ»Π° ΡΠ°Π·ΡΠ°Π±ΠΎΡΠ°Π½Π° Π΄Π»Ρ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΡΡ
ΡΠ΅ΡΠ΅ΠΉ ΠΈ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΡΡ
ΡΠΈΡΡΠ΅ΠΌ, Π° ΡΠ°ΠΊΠΆΠ΅ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠΎΠ², ΠΊΠΎΡΠΎΡΡΠ΅ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡ ΠΏΡΠΎΡΠΈΠ²ΠΎΡΡΠΎΡΡΡ ΡΠ³ΡΠΎΠ·Π°ΠΌ Π² ΠΎΠ±Π»Π°ΡΡΠΈ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ Π΄ΠΎΠ²Π΅ΡΠΈΠ΅ΠΌ ΠΈ ΡΠ΅ΠΏΡΡΠ°ΡΠΈΠ΅ΠΉ. Π ΡΠΈΡΠ»Ρ ΡΡΠΈΡ
ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠΎΠ² ΠΎΡΠ½ΠΎΡΡΡΡΡ: ΠΌΠ΅Ρ
Π°Π½ΠΈΠ·ΠΌ ΠΏΡΠΈΡΠ²ΠΎΠ΅Π½ΠΈΡ Π½Π°ΡΠ°Π»ΡΠ½ΠΎΠΉ ΡΠ΅ΠΏΡΡΠ°ΡΠΈΠΈ Π΄Π»Ρ Π½ΠΎΠ²ΡΡ
ΡΡΠ±ΡΠ΅ΠΊΡΠΎΠ² Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠΉ ΠΎΡΠ³Π°Π½ΠΈΠ·Π°ΡΠΈΠΈ; ΡΡΠ΅Ρ Π²Π·Π°ΠΈΠΌΠΎΡΠ²ΡΠ·Π΅ΠΉ ΠΌΠ΅ΠΆΠ΄Ρ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΠΌΠΈ ΠΈ ΡΠ΅ΡΡΡΡΠ°ΠΌΠΈ; ΡΡΠ½ΠΊΡΠΈΡ ΡΡΠ΅ΡΠ° Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ; Π° ΡΠ°ΠΊΠΆΠ΅ ΠΊΠ»Π°ΡΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»ΡΠ΅ΠΌΡΡ
ΡΠ΅ΡΠ²ΠΈΡΠΎΠ² Π² Grid-ΡΠΈΡΡΠ΅ΠΌΠ΅
A Reference Dataset for Network Traffic Activity Based Intrusion Detection System
The network traffic dataset is a crucial part of anomaly based intrusion detection systems (IDSs). These IDSs train themselves to learn normal and anomalous activities. Properly labeled dataset is used for the training purpose. For the activities based IDSs, proper network traffic activity labeled dataset is the first requirement, however non-availability of such datasets is bottlenecked in the field of IDS research. In this experiment, a synthetic dataset "Panjab University - Intrusion Dataset (PU-IDS)" is created. The purpose of this study is to provide the researchers a reference dataset for the performance evaluation of network traffic activity based IDSs. University of New Brunswick Network Security Laboratory - Knowledge Disscovery in Databases (NSL-KDD) is a benchmark dataset for anomaly detection but it does not contain activity based labeling. So basic characteristics of this dataset are taken for the generation of the new synthetic dataset with various activities based labels. The dataset is first categorized as per protocol and service. Thereafter, as per minimum & maximum values of attributes, activity profiles are synthetically generated. This paper also discusses various statistical characteristics of PU-IDS. The total number of 198533 instances along with 273 of activity profiles are created. This dataset also contain different 98 protocol_service profiles
A Utility-Based Reputation Model for Grid Resource Management System
In this paper we propose extensions to the existing utility-based reputation model for virtual organizations (VOs) in grids, and present a novel approach for integrating reputation into grid resource management system. The proposed extensions include: incorporation of statistical model of user behaviour (SMUB) to assess user reputation; a new approach for assigning initial reputation to a new entity in a VO; capturing alliance between consumer and resource; time decay and score functions. The addition of the SMUB model provides robustness and dynamics to the user reputation model comparing to the policy-based user reputation model in terms of adapting to user actions. We consider a problem of integrating reputation into grid scheduler as a multi-criteria optimization problem. A non-linear trade-off scheme is applied to form a composition of partial criteria to provide a single objective function. The advantage of using such a scheme is that it provides a Pareto-optimal solution partially satisfying criteria with corresponding weights. Experiments were run to evaluate performance of the model in terms of resource management using data collected within the EGEE Grid-Observatory project. Results of simulations showed that on average a 45 % gain in performance can be achieved when using a reputation-based resource scheduling algorithm
User Profiling Based on Application-Level Using Network Metadata.
There is an increasing interest to identify users and behaviour profiling from network traffic metadata for traffic engineering and security monitoring. Network security administrators and internet service providers need to create the user behaviour traffic profile to make an informed decision about policing, traffic management, and investigate the different network security perspectives. Additionally, the analysis of network traffic metadata and extraction of feature sets to understand trends in application usage can be significant in terms of identifying and profiling the user by representing the user's activity. However, user identification and behaviour profiling in real-time network management remains a challenge, as the behaviour and underline interaction of network applications are permanently changing. In parallel, user behaviour is also changing and adapting, as the online interaction environment changes. Also, the challenge is how to adequately describe the user activity among generic network traffic in terms of identifying the user and his changing behaviour over time. In this paper, we propose a novel mechanism for user identification and behaviour profiling and analysing individual usage per application. The research considered the application-level flow sessions identified based on Domain Name System filtering criteria and timing resolution bins (24-hour timing bins) leading to an extended set of features. Validation of the module was conducted by collecting Net Flow records for a 60 days from 23 users. A gradient boosting supervised machine learning algorithm was leveraged for modelling user identification based upon the selected features. The proposed method yields an accuracy for identifying a user based on the proposed features up to 74