Anomaly detection using adaptive resonance theory

Thesis (M.S.)--Boston UniversityThis thesis focuses on the problem of anomaly detection in computer networks. Anomalies are often malicious intrusion attempts that represent a serious threat to network security. Adaptive Resonance Theory (ART) is used as a classification scheme for identifying malicious network traffic. ART was originally developed as a theory to explain how the human eye categorizes visual patterns. For network intrusion detection, the core ART algorithm is implemented as a clustering algorithm that groups network traffic into clusters. A machine learning process allows the number of clusters to change over time to best conform to the data. Network traffic is characterized by network flows, which represent a packet, or series of packets, between two distinct nodes on a network. These flows can contain a number of attributes, including IP addresses, ports, size, and duration. These attributes form a multi-dimensional vector that is used in the clustering process. Once data is clustered along the defined dimensions, anomalies are identified as data points that do not match known good or nominal network traffic. The ART clustering algorithm is tested on a realistic network environment that was generated using the network flow simulation tool FS. The clustering results for this simulation show very promising detection rates for the ART clustering algorithm

The process signal anomaly detection using classifier ensemble and wavelet transforms

Уровень развития современной ИТ-инфраструктуры промышленных предприятий позволяет осуществлять сбор и хранение технологической информации, тем самым открывая возможности применения интеллектуальных систем анализа данных. В работе рассматривается задача обнаружения аномалий в технологических сигналах в целях повышения качества мониторинга объектов управления. Для обнаружения аномалий предлагается ансамбль из базовых классификаторов на основе алгоритмов машинного обучения и вейвлет-преобразований. Рассмотрены специфика технологических сигналов и преимущества вейвлет-анализа для предварительной обработки сигналов. В работе разработан подход к обнаружению аномалий на основе ансамбля моделей и проведена его предварительная апробация на реальных технологических сигналах

Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers

Machine Learning (ML) algorithms are used to train computers to perform a variety of complex tasks and improve with experience. Computers learn how to recognize patterns, make unintended decisions, or react to a dynamic environment. Certain trained machines may be more effective than others because they are based on more suitable ML algorithms or because they were trained through superior training sets. Although ML algorithms are known and publicly released, training sets may not be reasonably ascertainable and, indeed, may be guarded as trade secrets. While much research has been performed about the privacy of the elements of training sets, in this paper we focus our attention on ML classifiers and on the statistical information that can be unconsciously or maliciously revealed from them. We show that it is possible to infer unexpected but useful information from ML classifiers. In particular, we build a novel meta-classifier and train it to hack other classifiers, obtaining meaningful information about their training sets. This kind of information leakage can be exploited, for example, by a vendor to build more effective classifiers or to simply acquire trade secrets from a competitor's apparatus, potentially violating its intellectual property rights

A Novel Approach in Analyzing Traffic Flow by Extreme Learning Machine Method

The objective of this study is to detect abnormal behaviours of moving objects captured in highway traffic flow footages, classify them by using artificial learning methods, and lastly to predict the future thereof (regression). To this end, the system being the object of the design and application consists of three stages. In the first stage, to detect the moving object in the video, background/foreground segmentation method of Mixture of Gaussian (MOG), and to track the moving object, Kalman Filter-Hungarian algorithm method have been used. In the second stage, by using the coordinates of the object, such details as location, distance in terms of time, and speed of the object are obtained, and by using total pixel count data relating to the shape of the object are obtained. The software based on the specifically elaborated algorithm compares these data with the data in the table of rules set down for the road under surveillance, and generates an attribute table comprising anomalies of the objects in the video. In the last stage, however, the data included in the attribute table have been classified and predictions by the artificial learning method, Extreme Learning Machine (ELM) made

nu-Anomica: A Fast Support Vector Based Novelty Detection Technique

In this paper we propose nu-Anomica, a novel anomaly detection technique that can be trained on huge data sets with much reduced running time compared to the benchmark one-class Support Vector Machines algorithm. In -Anomica, the idea is to train the machine such that it can provide a close approximation to the exact decision plane using fewer training points and without losing much of the generalization performance of the classical approach. We have tested the proposed algorithm on a variety of continuous data sets under different conditions. We show that under all test conditions the developed procedure closely preserves the accuracy of standard one-class Support Vector Machines while reducing both the training time and the test time by 5 - 20 times

Fuzzy logic based anomaly detection for embedded network security cyber sensor

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system