A Solution CBR Agent-Based to Classify SOAP Message within SOA Environments

This paper presents the core component of a solution based on agent technology specifically adapted for the classification of SOA messages. These messages can carry out attacks that target the applications providing Web Services. An advanced mechanism of classification designed in two phases incorporates a CBR-Agent type for classifying the incoming SOAP messages as legal or malicious. Its main feature involves the use of decision trees, fuzzy logic rules and neural networks for filtering attacks.This paper presents the core component of a solution based on agent technology specifically adapted for the classification of SOA messages. These messages can carry out attacks that target the applications providing Web Services. An advanced mechanism of classification designed in two phases incorporates a CBR-Agent type for classifying the incoming SOAP messages as legal or malicious. Its main feature involves the use of decision trees, fuzzy logic rules and neural networks for filtering attacks

The Max-Cut Decision Tree: Improving on the Accuracy and Running Time of Decision Trees

Decision trees are a widely used method for classification, both by themselves and as the building blocks of multiple different ensemble learning methods. The Max-Cut decision tree involves novel modifications to a standard, baseline model of classification decision tree construction, precisely CART Gini. One modification involves an alternative splitting metric, maximum cut, based on maximizing the distance between all pairs of observations belonging to separate classes and separate sides of the threshold value. The other modification is to select the decision feature from a linear combination of the input features constructed using Principal Component Analysis (PCA) locally at each node. Our experiments show that this node-based localized PCA with the novel splitting modification can dramatically improve classification, while also significantly decreasing computational time compared to the baseline decision tree. Moreover, our results are most significant when evaluated on data sets with higher dimensions, or more classes; which, for the example data set CIFAR-100, enable a 49% improvement in accuracy while reducing CPU time by 94%. These introduced modifications dramatically advance the capabilities of decision trees for difficult classification tasks.Comment: 12 pages, 8 figures, 5 table

A hybrid agent-based classification mechanism to detect denial of service attacks

This paper presents the core component of a solution based on agent technology specifically adapted for the classification of SOAP messages. The messages can carry out attacks that target the applications providing Web Services. One of the most common attacks requiring novel solutions is the denial of service attack (DoS), caused for the modifications introduced in the XML of the SOAP messages. The specifications of existing security standards do not focus on this type of attack. This article presents an advanced mechanism of classification designed in two phases incorporated within a CBR-BDI Agent type. This mechanism classifies the incoming SOAP message and blocks the malicious SOAP messages. Its main feature involves the use of decision trees, fuzzy logic rules and neural networks for filtering attacks. These techniques provide a mechanism of classification with the self-adaption ability to the changes that occur in the patterns of attack. A prototype was developed and the results obtained are presented in this study.This paper presents the core component of a solution based on agent technology specifically adapted for the classification of SOAP messages. The messages can carry out attacks that target the applications providing Web Services. One of the most common attacks requiring novel solutions is the denial of service attack (DoS), caused for the modifications introduced in the XML of the SOAP messages. The specifications of existing security standards do not focus on this type of attack. This article presents an advanced mechanism of classification designed in two phases incorporated within a CBR-BDI Agent type. This mechanism classifies the incoming SOAP message and blocks the malicious SOAP messages. Its main feature involves the use of decision trees, fuzzy logic rules and neural networks for filtering attacks. These techniques provide a mechanism of classification with the self-adaption ability to the changes that occur in the patterns of attack. A prototype was developed and the results obtained are presented in this study

A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks

In recent years, Botnets have been adopted as a popular method to carry and spread many malicious codes on the Internet. These malicious codes pave the way to execute many fraudulent activities including spam mail, distributed denial-of-service attacks and click fraud. While many Botnets are set up using centralized communication architecture, the peer-to-peer (P2P) Botnets can adopt a decentralized architecture using an overlay network for exchanging command and control data making their detection even more difficult. This work presents a method of P2P Bot detection based on an adaptive multilayer feed-forward neural network in cooperation with decision trees. A classification and regression tree is applied as a feature selection technique to select relevant features. With these features, a multilayer feed-forward neural network training model is created using a resilient back-propagation learning algorithm. A comparison of feature set selection based on the decision tree, principal component analysis and the ReliefF algorithm indicated that the neural network model with features selection based on decision tree has a better identification accuracy along with lower rates of false positives. The usefulness of the proposed approach is demonstrated by conducting experiments on real network traffic datasets. In these experiments, an average detection rate of 99.08 % with false positive rate of 0.75 % was observed

Popular Ensemble Methods: An Empirical Study

An ensemble consists of a set of individually trained classifiers (such as neural networks or decision trees) whose predictions are combined when classifying novel instances. Previous research has shown that an ensemble is often more accurate than any of the single classifiers in the ensemble. Bagging (Breiman, 1996c) and Boosting (Freund and Shapire, 1996; Shapire, 1990) are two relatively new but popular methods for producing ensembles. In this paper we evaluate these methods on 23 data sets using both neural networks and decision trees as our classification algorithm. Our results clearly indicate a number of conclusions. First, while Bagging is almost always more accurate than a single classifier, it is sometimes much less accurate than Boosting. On the other hand, Boosting can create ensembles that are less accurate than a single classifier -- especially when using neural networks. Analysis indicates that the performance of the Boosting methods is dependent on the characteristics of the data set being examined. In fact, further results show that Boosting ensembles may overfit noisy data sets, thus decreasing its performance. Finally, consistent with previous studies, our work suggests that most of the gain in an ensemble's performance comes in the first few classifiers combined; however, relatively large gains can be seen up to 25 classifiers when Boosting decision trees