Clasificador de intrusiones para riesgos de seguridad de aplicaciones

Los ataques a los sistemas siguen incrementándose día a día, el mayor conocimiento tanto de las herramientas computacionales, como de las debilidades de las mismas. La confidencialidad y la seguridad de los datos comerciales y personales así como las aplicaciones de misión crítica son parte de lo que las organizaciones no pueden permitir que estén el peligro de un fallo de seguridad. Las entidades deben tener de aplicaciones que cumplan con aspectos de seguridad, privacidad, acceso a la información de manera autorizada, en otras palabras que mitigan los riesgos asociados al manejo de la información. El objetivo de todo sistema de seguridad informática es proteger el principal valor de las organizaciones: datos e información. Cada organización tiene diferente políticas de seguridad y requerimientos dependiendo de su misión. Por ejemplo el caso de un banco, un proveedor de servicios en Internet, una universidad o una firma de consultoría. Sin embargo, todas tienen como objetivo común, de una u otra forma, mantener la confidencialidad, integridad y disponibilidad de los datos. Los sistemas de seguridad informática como firewalls, sistemas de detección de intrusos, anti-virus, y estándares para configurar sistemas operacionales y redes entre otros, conforman un sistema de apoyo que busca garantizar la protección de la información

Proposed Network Intrusion Detection System Based on Fuzzy c Mean Algorithm in Cloud Computing Environment

في الوقت الحاضر الحوسبة السحابية اصبحت جزء مكمل في صناعة تكنولجيا المعلومات، الحوسبة السحابية توفر بيئة عمل تسمح للمستخدم بمشاركة البيانات والموارد عبر الانترنت .حيث الحوسبة السحابية عبارة عن تجمع افتراضي من الموارد عبر الانترنت،هذا يؤدي الى مسائل اخرى تتعلق بالامن والخصوصية في بيئة الحوسبة السحابية .لذلك من المهم جدا خلق نظام كشف تطفل لكشف المتسللين في خارج وداخل بيئة الحوسبة السحابية بدقة عالية ومعدل  انذار كاذب منخفضة .هذا العمل يقترح نظام كشف تطفل قائم على خوارزمية العنقدة المضببة . اجريت التجارب على بيانات KDD99. العمل المقترح يمتاز بمعدل كشف تطفل عالي مع نسبة انذار كاذب منخفضة .Nowadays cloud computing had become is an integral part of IT industry, cloud computing provides Working environment allow a user of environmental to share data and resources over the internet. Where cloud computing its virtual grouping of resources offered over the internet, this lead to different matters related to the security and privacy in cloud computing. And therefore, create intrusion detection very important to detect outsider and insider intruders of cloud computing with high detection rate and low false positive alarm in the cloud environment. This work proposed network intrusion detection module using fuzzy c mean algorithm. The kdd99 dataset used for experiments .the proposed system characterized by a high detection rate with low false positive alarm

Proposed Network Intrusion Detection System ‎In Cloud Environment Based on Back ‎Propagation Neural Network

الحوسبة السحابية  هي هيكيلة موزعة توفر قدرات حسابية, موارد تحزين كخدمة عبر الانترنت للأيفاء بمتطلبات المستخدم بسعر منخفض .بسبب طبيعة الحوسبة السحابية المفتوحة والخدمة المقدمة المتسللين ينتحلون المستخدمين المخولين وبعد ذلك يسيئون استخدام موارد وخدمات الحوسبة السحابية . لكشف المتسللين والانشطة المشبوة في بيئة الحوسبة السحابية ،نظام كشف التطفل يستخدم لكشف المستخدمين الغير مخولين والانشطة المشبوهة بواسطة فحص نشاطات المستخدم على الشبكة .في هذا البحث استخدمت خوارزمية الشبكات العصبية الاصطناعية (BP) لبناء نظام كشف تطفل في بيئة السحابية  .النظام المقترح اختبر باستخدام بيانات KDD99 . اظهرت النتائج ان النظام المقترح يشكل طريقة واعدة تتميز بدقة عالية مع نسبة انذار كاذبة منخفضةCloud computing is distributed architecture, providing computing facilities and storage resource as a service over the internet. This low-cost service fulfills the basic requirements of users. Because of the open nature and services introduced by cloud computing intruders impersonate legitimate users and misuse cloud resource and services. To detect intruders and suspicious activities in and around the cloud computing environment, intrusion detection system used to discover the illegitimate users and suspicious action by monitors different user activities on the network .this work proposed based back propagation artificial neural network to construct t network intrusion detection in the cloud environment. The proposed module evaluated with kdd99 dataset the experimental results shows promising approach to detect attack with high detection rate and low false alarm rat

Anomaly based Intrusion Detection using Modified Fuzzy Clustering

This paper presents a network anomaly detection method based on fuzzy clustering. Computer security has become an increasingly vital field in computer science in response to the proliferation of private sensitive information. As a result, Intrusion Detection System has become an indispensable component of computer security. The proposed method consists of three steps: Pre-Processing, Feature Selection and Clustering. In pre-processing step, the duplicate samples are eliminated from the sample set. Next, principal component analysis is adopted to select the most discriminative features. In clustering step, the network samples are clustered using Robust Spatial Kernel Fuzzy C-Means (RSKFCM) algorithm. RSKFCM is a variant of traditional Fuzzy C-Means which considers the neighbourhood membership information and uses kernel distance metric. To evaluate the proposed method, we conducted experiments on standard dataset and compared the results with state-of-the-art methods. We used cluster validity indices, accuracy and false positive rate as performance metrics. Experimental results inferred that, the proposed method achieves better results compared to other methods

Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks

© 2018 Elsevier Ltd Currently, there is no any effective security solution which can detect cyber-attacks against 5G networks where multitenancy and user mobility are some unique characteristics that impose significant challenges over such security solutions. This paper focuses on addressing a transversal detection system to be able to protect at the same time, infrastructures, tenants and 5G users in both edge and core network segments of the 5G multi-tenant infrastructures. A novel approach which significantly extends the capabilities of a commonly used IDS, to accurately identify attacking nodes in a 5G network, regardless of multiple network traffic encapsulations, has been proposed in this paper. The proposed approach is suitable to be deployed in almost all 5G network segments including the Mobile Edge Computing. Both architectural design and data models are described in this contribution. Empirical experiments have been carried out a realistic 5G multi-tenant infrastructures to intensively validate the design of the proposed approach regarding scalability and flexibility

New Anomaly Network Intrusion Detection System in Cloud Environment Based on Optimized Back Propagation Neural Network Using Improved Genetic Algorithm

Cloud computing is distributed architecture, providing computing facilities and storage resource as a service over an open environment (Internet), this lead to different matters related to the security and privacy in cloud computing. Thus, defending network accessible Cloud resources and services from various threats and attacks is of great concern. To address this issue, it is essential to create an efficient and effective Network Intrusion System (NIDS) to detect both outsider and insider intruders with high detection precision in the cloud environment. NIDS has become popular as an important component of the network security infrastructure, which detects malicious activities by monitoring network traffic. In this work, we propose to optimize a very popular soft computing tool widely used for intrusion detection namely, Back Propagation Neural Network (BPNN) using an Improved Genetic Algorithm (IGA). Genetic Algorithm (GA) is improved through optimization strategies, namely Parallel Processing and Fitness Value Hashing, which reduce execution time, convergence time and save processing power. Since,  Learning rate and Momentum term are among the most relevant parameters that impact the performance of BPNN classifier, we have employed IGA to find the optimal or near-optimal values of these two parameters which ensure high detection rate, high accuracy and low false alarm rate. The CloudSim simulator 4.0 and DARPA’s KDD cup datasets 1999 are used for simulation. From the detailed performance analysis, it is clear that the proposed system called “ANIDS BPNN-IGA” (Anomaly NIDS based on BPNN and IGA) outperforms several state-of-art methods and it is more suitable for network anomaly detection

Daphne: A tool for anomaly detection

En este trabajo se presenta una nueva herramienta dirigida a la deteccion y análisis de anomalias. Ésta permite el estudio de cualquier serie temporal, tanto de una variable, como de múltiples variables. La herramienta se compone de dos partes. Un "cerebro", en el que se han implementado las metodologías para la detección de anomalias, así como las herramientas para el análisis de las mismas. Y una interfaz, que permite la interacción con el usuario. En la memoria se detallan los algoritmos y herramientas implementadas. Para demostrar el potencial de la herramienta, se presenta también un caso práctico de aplicación.Outgoin