12 research outputs found
Advances in Data Mining Knowledge Discovery and Applications
Advances in Data Mining Knowledge Discovery and Applications aims to help data miners, researchers, scholars, and PhD students who wish to apply data mining techniques. The primary contribution of this book is highlighting frontier fields and implementations of the knowledge discovery and data mining. It seems to be same things are repeated again. But in general, same approach and techniques may help us in different fields and expertise areas. This book presents knowledge discovery and data mining applications in two different sections. As known that, data mining covers areas of statistics, machine learning, data management and databases, pattern recognition, artificial intelligence, and other areas. In this book, most of the areas are covered with different data mining applications. The eighteen chapters have been classified in two parts: Knowledge Discovery and Data Mining Applications
Inherent Dangers in Database Security
Abstract-With the danger/ risk of data theft looming large over the horizon of the Internet user involved in e-banking, online shopping, transaction etc. it becomes imperative to identify the dangers involved and employ security checks. Usually big stores have secure SSL [1] connections to be used by the owners of credit cards. Use of base64 encoding instead of hexadecimal and similarly using AES-12
Salient Feature Selection Using Feed-Forward Neural Networks and Signal-to-Noise Ratios with a Focus Toward Network Threat Detection and Risk Level identification
Most communication in the modern era takes place over some type of cyber network, to include telecommunications, banking, public utilities, and health systems. Information gained from illegitimate network access can be used to create catastrophic effects at the individual, corporate, national, and even international levels, making cyber security a top priority. Cyber networks frequently encounter amounts of network traffic too large to process real-time threat detection efficiently. Reducing the amount of information necessary for a network monitor to determine the presence of a threat would likely aide in keeping networks more secure. This thesis uses network traffic data captured during the Department of Defense Cyber Defense Exercise to determine which features of network traffic are salient to detecting and classifying threats. After generating a set of 248 features from the capture data, feed-forward artificial neural networks were generated and signal-to-noise ratios were used to prune the feature set to 18 features while still achieving an accuracy ranging from 83% - 94%. The salient features primarily come from the transport layer section of the network traffic data and involve the client/server connection parameters, size of the initial data sent, and number of segments and/or bytes sent in the flow
Machine Learning-driven Optimization for Intrusion Detection in Smart Vehicular Networks
An essential element in the smart city vision is providing safe and secure journeys via intelligent vehicles and smart roads. Vehicular ad hoc networks (VANETs) have played a significant role in enhancing road safety where vehicles can share road information conditions. However, VANETs share the same security concerns of legacy ad hoc networks. Unlike exiting works, we consider, in this paper, detection a common attack where nodes modify safety message or drop them. Unfortunately, detecting such a type of intrusion is a challenging problem since some packets may be lost or dropped in normal VANET due to congestion without malicious action. To mitigate these concerns, this paper presents a novel scheme for minimizing the invalidity ratio of VANET packets transmissions. In order to detect unusual traffic, the proposed scheme combines evidences from current as well as past behaviour to evaluate the trustworthiness of both data and nodes. A new intrusion detection scheme is accomplished through a four phases, namely, rule-based security filter, Dempster–Shafer adder, node’s history database, and Bayesian learner. The suspicion level of each incoming data is determined based on the extent of its deviation from data reported from trustworthy nodes. Dempster–Shafer’s theory is used to combine multiple evidences and Bayesian learner is adopted to classify each event in VANET into well-behaved or misbehaving event. The proposed solution is validated through extensive simulations. The results confirm that the fusion of different evidences has a significant positive impact on the performance of the security scheme compared to other counterparts
Symmetry-Adapted Machine Learning for Information Security
Symmetry-adapted machine learning has shown encouraging ability to mitigate the security risks in information and communication technology (ICT) systems. It is a subset of artificial intelligence (AI) that relies on the principles of processing future events by learning past events or historical data. The autonomous nature of symmetry-adapted machine learning supports effective data processing and analysis for security detection in ICT systems without the interference of human authorities. Many industries are developing machine-learning-adapted solutions to support security for smart hardware, distributed computing, and the cloud. In our Special Issue book, we focus on the deployment of symmetry-adapted machine learning for information security in various application areas. This security approach can support effective methods to handle the dynamic nature of security attacks by extraction and analysis of data to identify hidden patterns of data. The main topics of this Issue include malware classification, an intrusion detection system, image watermarking, color image watermarking, battlefield target aggregation behavior recognition model, IP camera, Internet of Things (IoT) security, service function chain, indoor positioning system, and crypto-analysis
Arhitektura sistema za prepoznavanje nepravilnosti u mrežnom saobraćaju zasnovano na analizi entropije
With the steady increase in reliance on computer networks in all aspects of life, computers and
other connected devices have become more vulnerable to attacks, which exposes them to many major
threats, especially in recent years. There are different systems to protect networks from these threats such
as firewalls, antivirus programs, and data encryption, but it is still hard to provide complete protection
for networks and their systems from the attacks, which are increasingly sophisticated with time. That is
why it is required to use intrusion detection systems (IDS) on a large scale to be the second line of defense
for computer and network systems along with other network security techniques. The main objective of
intrusion detection systems is used to monitor network traffic and detect internal and external attacks.
Intrusion detection systems represent an important focus of studies today, because most
protection systems, no matter how good they are, can fail due to the emergence of new
(unknown/predefined) types of intrusions. Most of the existing techniques detect network intrusions by
collecting information about known types of attacks, so-called signature-based IDS, using them to
recognize any attempt of attack on data or resources. The major problem of this approach is its inability
to detect previously unknown attacks, even if these attacks are derived slightly from the known ones (the
so-called zero-day attack). Also, it is powerless to detect encryption-related attacks. On the other hand,
detecting abnormalities concerning conventional behavior (anomaly-based IDS) exceeds the
abovementioned limitations. Many scientific studies have tended to build modern and smart systems to
detect both known and unknown intrusions. In this research, an architecture that applies a new technique
for IDS using an anomaly-based detection method based on entropy is introduced.
Network behavior analysis relies on the profiling of legitimate network behavior in order to
efficiently detect anomalous traffic deviations that indicate security threats. Entropy-based detection
techniques are attractive due to their simplicity and applicability in real-time network traffic, with no
need to train the system with labelled data. Besides the fact that the NetFlow protocol provides only a
basic set of information about network communications, it is very beneficial for identifying zero-day
attacks and suspicious behavior in traffic structure. Nevertheless, the challenge associated with limited
NetFlow information combined with the simplicity of the entropy-based approach is providing an
efficient and sensitive mechanism to detect a wide range of anomalies, including those of small intensity.
However, a recent study found of generic entropy-based anomaly detection reports its
vulnerability to deceit by introducing spoofed data to mask the abnormality. Furthermore, the majority
of approaches for further classification of anomalies rely on machine learning, which brings additional
complexity.
Previously highlighted shortcomings and limitations of these approaches open up a space for the
exploration of new techniques and methodologies for the detection of anomalies in network traffic in
order to isolate security threats, which will be the main subject of the research in this thesis.
Abstract
An architrvture for network traffic anomaly detection system based on entropy analysis
Page vii
This research addresses all these issues by providing a systematic methodology with the main
novelty in anomaly detection and classification based on the entropy of flow count and behavior features
extracted from the basic data obtained by the NetFlow protocol.
Two new approaches are proposed to solve these concerns. Firstly, an effective protection
mechanism against entropy deception derived from the study of changes in several entropy types, such
as Shannon, Rényi, and Tsallis entropies, as well as the measurement of the number of distinct elements
in a feature distribution as a new detection metric. The suggested method improves the reliability of
entropy approaches.
Secondly, an anomaly classification technique was introduced to the existing entropy-based
anomaly detection system. Entropy-based anomaly classification methods were presented and effectively
confirmed by tests based on a multivariate analysis of the entropy changes of several features as well as
aggregation by complicated feature combinations.
Through an analysis of the most prominent security attacks, generalized network traffic behavior
models were developed to describe various communication patterns. Based on a multivariate analysis of
the entropy changes by anomalies in each of the modelled classes, anomaly classification rules were
proposed and verified through the experiments. The concept of the behavior features is generalized, while
the proposed data partitioning provides greater efficiency in real-time anomaly detection. The practicality
of the proposed architecture for the implementation of effective anomaly detection and classification
system in a general real-world network environment is demonstrated using experimental data
Computational Intelligence in Healthcare
This book is a printed edition of the Special Issue Computational Intelligence in Healthcare that was published in Electronic
Computational Intelligence in Healthcare
The number of patient health data has been estimated to have reached 2314 exabytes by 2020. Traditional data analysis techniques are unsuitable to extract useful information from such a vast quantity of data. Thus, intelligent data analysis methods combining human expertise and computational models for accurate and in-depth data analysis are necessary. The technological revolution and medical advances made by combining vast quantities of available data, cloud computing services, and AI-based solutions can provide expert insight and analysis on a mass scale and at a relatively low cost. Computational intelligence (CI) methods, such as fuzzy models, artificial neural networks, evolutionary algorithms, and probabilistic methods, have recently emerged as promising tools for the development and application of intelligent systems in healthcare practice. CI-based systems can learn from data and evolve according to changes in the environments by taking into account the uncertainty characterizing health data, including omics data, clinical data, sensor, and imaging data. The use of CI in healthcare can improve the processing of such data to develop intelligent solutions for prevention, diagnosis, treatment, and follow-up, as well as for the analysis of administrative processes. The present Special Issue on computational intelligence for healthcare is intended to show the potential and the practical impacts of CI techniques in challenging healthcare applications