Proposed Network Intrusion Detection System Based on Fuzzy c Mean Algorithm in Cloud Computing Environment

في الوقت الحاضر الحوسبة السحابية اصبحت جزء مكمل في صناعة تكنولجيا المعلومات، الحوسبة السحابية توفر بيئة عمل تسمح للمستخدم بمشاركة البيانات والموارد عبر الانترنت .حيث الحوسبة السحابية عبارة عن تجمع افتراضي من الموارد عبر الانترنت،هذا يؤدي الى مسائل اخرى تتعلق بالامن والخصوصية في بيئة الحوسبة السحابية .لذلك من المهم جدا خلق نظام كشف تطفل لكشف المتسللين في خارج وداخل بيئة الحوسبة السحابية بدقة عالية ومعدل  انذار كاذب منخفضة .هذا العمل يقترح نظام كشف تطفل قائم على خوارزمية العنقدة المضببة . اجريت التجارب على بيانات KDD99. العمل المقترح يمتاز بمعدل كشف تطفل عالي مع نسبة انذار كاذب منخفضة .Nowadays cloud computing had become is an integral part of IT industry, cloud computing provides Working environment allow a user of environmental to share data and resources over the internet. Where cloud computing its virtual grouping of resources offered over the internet, this lead to different matters related to the security and privacy in cloud computing. And therefore, create intrusion detection very important to detect outsider and insider intruders of cloud computing with high detection rate and low false positive alarm in the cloud environment. This work proposed network intrusion detection module using fuzzy c mean algorithm. The kdd99 dataset used for experiments .the proposed system characterized by a high detection rate with low false positive alarm

Data mining approaches for detecting intrusion using UNIX process execution traces

Intrusion detection systems help computer systems prepare for and deal with malicious attacks. They collect information from a variety of systems and network sources, then analyze the information for signs of intrusion and misuse. A variety of techniques have been employed to analyze the information from traditional statistical methods to new emerged data mining approaches. In this thesis, we describe several algorithms designed for this task, including neural networks, rule induction with C4.5, and Rough sets methods. We compare the classification accuracy of the various methods in a set of UNIX process execution traces. We used two kinds of evaluation methods. The first evaluation criterion characterizes performances over a set of individual classifications in terms of average testing accuracy rate. The second measures the true and false positive rates of the classification output over certain threshold. Experiments were run on data sets of system calls created by synthetic sendmail programs. There were two types of representation methods used. Different combinations of parameters were tested during the experiment. Results indicate that for a wide range of conditions, Rough sets have higher classification accuracy than that of Neural networks and C4.5. In terms of true and false positive evaluations, Rough sets and Neural networks turned out to be better than C4.5

A neural-visualization IDS for honeynet data

Neural intelligent systems can provide a visualization of the network traffic for security staff, in order to reduce the widely known high false-positive rate associated with misuse-based Intrusion Detection Systems (IDSs). Unlike previous work, this study proposes an unsupervised neural models that generate an intuitive visualization of the captured traffic, rather than network statistics. These snapshots of network events are immensely useful for security personnel that monitor network behavior. The system is based on the use of different neural projection and unsupervised methods for the visual inspection of honeypot data, and may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection of the traffic itself. Furthermore, it is intended to facilitate verification and assessment of Snort performance (a well-known and widely-used misuse-based IDS), through the visualization of attack patterns. Empirical verification and comparison of the proposed projection methods are performed in a real domain, where two different case studies are defined and analyzedRegional Government of Gipuzkoa, the Department of Research, Education and Universities of the Basque Government, and the Spanish Ministry of Science and Innovation (MICINN) under projects TIN2010-21272-C02-01 and CIT-020000-2009-12 (funded by the European Regional Development Fund). This work was also supported in the framework of the IT4Innovations Centre of Excellence project, reg. no. CZ.1.05/1.1.00/02.0070 supported by the Operational Program 'Research and Development for Innovations' funded through the Structural Funds of the European Union and the state budget of the Czech RepublicElectronic version of an article published as International Journal of Neural Systems, Volume 22, Issue 02, April 2012 10.1142/S0129065712500050 ©copyright World Scientific Publishing Company http://www.worldscientific.com/worldscinet/ijn

Developments in Estimation and Control for Cloud-Enabled Automotive Vehicles.

Cloud computing is revolutionizing access to distributed information and computing resources that can facilitate future data and computation intensive vehicular control functions and improve vehicle driving comfort and safety. This dissertation investigates several potential Vehicle-to-Cloud-to-Vehicle (V2C2V) applications that can enhance vehicle control and enable additional functionalities by integrating onboard and cloud resources. Firstly, this thesis demonstrates that onboard vehicle sensors can be used to sense road profiles and detect anomalies. This information can be shared with other vehicles and transportation authorities within a V2C2V framework. The response of hitting a pothole is characterized by a multi-phase dynamic model which is validated by comparing simulation results with a higher-fidelity commercial modeling package. A novel framework of simultaneous road profile estimation and anomaly detection is developed by combining a jump diffusion process (JDP)-based estimator and a multi-input observer. The performance of this scheme is evaluated in an experimental vehicle. In addition, a new clustering algorithm is developed to compress anomaly information by processing anomaly report streams. Secondly, a cloud-aided semi-active suspension control problem is studied demonstrating for the first time that road profile information and noise statistics from the cloud can be used to enhance suspension control. The problem of selecting an optimal damping mode from a finite set of damping modes is considered and the best mode is selected based on performance prediction on the cloud. Finally, a cloud-aided multi-metric route planner is investigated in which safety and comfort metrics augment traditional planning metrics such as time, distance, and fuel economy. The safety metric is developed by processing a comprehensive road and crash database while the comfort metric integrates road roughness and anomalies. These metrics and a planning algorithm can be implemented on the cloud to realize the multi-metric route planning. Real-world case studies are presented. The main contribution of this part of the dissertation is in demonstrating the feasibility and benefits of enhancing the existing route planning algorithms with safety and comfort metrics.PhDAerospace EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120710/1/zhaojli_1.pd

Y-Means Clustering Vs N-CP Clustering with Canopies for Intrusion Detection

Intrusions present a very serious security threat in a network environment. It is therefore essential to detect intrusions to prevent compromising the stability of the system or the security of information that is stored on the network. The most difficult problem is detecting new intrusion types, of which intrusion detection systems may not be aware. Many of the signature based methods and learning algorithms generally cannot detect these new intrusions. We propose an optimized algorithm called n-CP clustering algorithm that is capable of detecting intrusions that may be new or otherwise. The algorithm also overcomes two significant shortcomings of K-Means clustering namely dependency and degeneracy on the number of clusters. The proposed clustering method utilizes the concept of canopies to optimize the search by eliminating the pair-wise distance computation of all the data points. The system will also maintain a low false positive rate and high detection rate. The efficiency and the speed of the algorithm are analyzed by comparing with another clustering algorithms used for intrusion detection, called Y-Means clustering. Both the algorithms are tested against the KDD-99 data set to compute the detection rate and false positive rate. The algorithms are also tested for efficiency with varying number of data fields of the dataset. This thesis outlines the technical difficulties of K-means clustering, an algorithm to eliminate those shortcomings and the canopies technique to speed up the intrusion detection process. The results show that our clustering algorithm that uses canopies concept is approximately 40% faster than the Y-Means clustering and overcomes the two main limitations of K-Means clustering. Finally, a comparative analysis of the Y-means clustering and our proposed n-CP clustering with canopies was carried out with the help of ROC Curves showing the respective hit rates to false alarm rates.Computer Science Departmen

Detection and Prediction of Distributed Denial of Service Attacks using Deep Learning

Distributed denial of service attacks threaten the security and health of the Internet. These attacks continue to grow in scale and potency. Remediation relies on up-to-date and accurate attack signatures. Signature-based detection is relatively inexpensive computationally. Yet, signatures are inflexible when small variations exist in the attack vector. Attackers exploit this rigidity by altering their attacks to bypass the signatures. The constant need to stay one step ahead of attackers using signatures demonstrates a clear need for better methods of detecting DDoS attacks. In this research, we examine the application of machine learning models to real network data for the purpose of classifying attacks. During training, the models build a representation of their input data. This eliminates any reliance on attack signatures and allows for accurate classification of attacks even when they are slightly modified to evade detection. In the course of our research, we found a significant problem when applying conventional machine learning models. Network traffic, whether benign or malicious, is temporal in nature. This results in differences in its characteristics between any significant time span. These differences cause conventional models to fail at classifying the traffic. We then turned to deep learning models. We obtained a significant improvement in performance, regardless of time span. In this research, we also introduce a new method of transforming traffic data into spectrogram images. This technique provides a way to better distinguish different types of traffic. Finally, we introduce a framework for embedding attack detection in real-world applications

An Interactive Relaxation Approach for Anomaly Detection and Preventive Measures in Computer Networks

It is proposed to develop a framework of detecting and analyzing small and widespread changes in specific dynamic characteristics of several nodes. The characteristics are locally measured at each node in a large network of computers and analyzed using a computational paradigm known as the Relaxation technique. The goal is to be able to detect the onset of a worm or virus as it originates, spreads-out, attacks and disables the entire network. Currently, selective disabling of one or more features across an entire subnet, e.g. firewalls, provides limited security and keeps us from designing high performance net-centric systems. The most desirable response is to surgically disable one or more nodes, or to isolate one or more subnets.The proposed research seeks to model virus/worm propagation as a spatio-temporal process. Such models have been successfully applied in heat-flow and evidence or gestalt driven perception of images among others. In particular, we develop an iterative technique driven by the self-assessed dynamic status of each node in a network. The status of each node will be updated incrementally in concurrence with its connected neighbors to enable timely identification of compromised nodes and subnets. Several key insights used in image analysis of line-diagrams, through an iterative and relaxation-driven node labeling method, are explored to help develop this new framework