275 research outputs found
Improving intrusion detection systems using data mining techniques
Recent surveys and studies have shown that cyber-attacks have caused a
lot of damage to organisations, governments, and individuals around the world.
Although developments are constantly occurring in the computer security field,
cyber-attacks still cause damage as they are developed and evolved by
hackers. This research looked at some industrial challenges in the intrusion
detection area. The research identified two main challenges; the first one is that
signature-based intrusion detection systems such as SNORT lack the capability of
detecting attacks with new signatures without human intervention. The other
challenge is related to multi-stage attack detection, it has been found that
signature-based is not efficient in this area. The novelty in this research is
presented through developing methodologies tackling the mentioned challenges.
The first challenge was handled by developing a multi-layer classification
methodology. The first layer is based on decision tree, while the second layer is a
hybrid module that uses two data mining techniques; neural network, and fuzzy
logic. The second layer will try to detect new attacks in case the first one fails to
detect. This system detects attacks with new signatures, and then updates the
SNORT signature holder automatically, without any human intervention. The
obtained results have shown that a high detection rate has been obtained with
attacks having new signatures. However, it has been found that the false positive
rate needs to be lowered. The second challenge was approached by evaluating IP
information using fuzzy logic. This approach looks at the identity of participants
in the traffic, rather than the sequence and contents of the traffic. The results have
shown that this approach can help in predicting attacks at very early stages in
some scenarios. However, it has been found that combining this approach with a
different approach that looks at the sequence and contents of the traffic, such as
event- correlation, will achieve a better performance than each approach
individually
Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection
In this paper, a new learning algorithm for adaptive network intrusion
detection using naive Bayesian classifier and decision tree is presented, which
performs balance detections and keeps false positives at acceptable level for
different types of network attacks, and eliminates redundant attributes as well
as contradictory examples from training data that make the detection model
complex. The proposed algorithm also addresses some difficulties of data mining
such as handling continuous attribute, dealing with missing attribute values,
and reducing noise in training data. Due to the large volumes of security audit
data as well as the complex and dynamic properties of intrusion behaviours,
several data miningbased intrusion detection techniques have been applied to
network-based traffic data and host-based data in the last decades. However,
there remain various issues needed to be examined towards current intrusion
detection systems (IDS). We tested the performance of our proposed algorithm
with existing learning algorithms by employing on the KDD99 benchmark intrusion
detection dataset. The experimental results prove that the proposed algorithm
achieved high detection rates (DR) and significant reduce false positives (FP)
for different types of network intrusions using limited computational
resources.Comment: 14 Pages, IJNS
Recommended from our members
New intelligent heuristic algorithm to mitigate security vulnerabilities in IPv6
Zero day Cyber-attacks created potential impacts on the way information is held and protected, however one of the vital priorities for governments, agencies and organizations is to secure their network businesses, transactions and communications, simultaneously to avoid security policy and privacy violations under any circumstances. Covert Channel is used to in/ex-filtrate classified data secretly, whereas encryption is used merely to protect communication from being decoded by unauthorized access. In this paper, we propose a new Security Model to mitigate security attacks on legitimate targets misusing IPv6 vulnerabilities. The approach analyses, detects and classifies hidden communication channels through implementing an enhanced feature selection algorithm with a coherent Naive Bayesian Classifier. NBC is one of the most prominent classification algorithm defining the highest probability in data mining area. The proposed framework uses Intelligent Heuristic Algorithm (IHA) to analyse and create a novel primary training data, furthermore a modified Decision Tree C4.5 technique is suggested to classify the richest attribute presenting hidden channels in IPv6 network. The results evaluation showed better detection performance, high accuracy in True Positive Rate (TPR) and a low False Negative Rate (FNR) and a clear attribute ranking
Review on Malware and Malware Detection Using Data Mining Techniques
البرمجيات الخبيثة هي اي نوع من البرمجيات او شفرات برمجية التي هدفها سرقة بعض المعلومات الخاصة او بيانات من نظام الكمبيوتر او عمليات الكمبيوتر او(و) فقط ببساطة لعمل المبتغيات غير المشروعة لصانع البرامجيات الخبيثة على نظام الكمبيوتر، وبدون الرخصة من مستخدمي الكمبيوتر. البرامجيات الخبيثة للمختصر القصير تعرف كملور. ومع ذلك، اكتشاف البرامجبات الخبيثة اصبحت واحدة من اهم المشاكل في مجال امن الكمبيوتر وذلك لان بنية الاتصال الحالية غير حصينه للاختراق من قبل عدة انواع من استراتيجيات الاصابات والهجومات للبرامجيات الخبيثة. فضلا على ذلك، البرامجيات الخبيثة متنوعة ومختلفة في المقدار والنوعيات وهذا يبطل بصورة تامة فعالية طرق الحماية القديمة والتقليدية مثل طريقة التواقيع والتي تكون غير قادرة على اكتشاف البرامجيات الخبيثة الجديدة. من ناحية أخرى، هذا الضعف سوف يودي الى نجاح اختراق (والهجوم) نظام الكمبيوتر بالإضافة الى نجاح هجومات أكثر تطوراً مثل هجوم منع الخدمة الموزع. طرق تنقيب البيانات يمكن ان تستخدم لتغلب على القصور في طريقة التواقيع لاكتشاف البرامجيات الخبيثة غير المعروفة. هذا البحث يقدم نظره عامة عن البرامجيات الخبيثة وانظمة اكتشاف البرامجيات الخبيثة باستخدام التقنيات الحديثة مثل تقنيات طريقة تعدين البيانات لاكتشاف عينات البرامجيات الخبيثة المعروفة وغير المعروفة.Malicious software is any type of software or codes which hooks some: private information, data from the computer system, computer operations or(and) merely just to do malicious goals of the author on the computer system, without permission of the computer users. (The short abbreviation of malicious software is Malware). However, the detection of malware has become one of biggest issues in the computer security field because of the current communication infrastructures are vulnerable to penetration from many types of malware infection strategies and attacks. Moreover, malwares are variant and diverse in volume and types and that strictly explode the effectiveness of traditional defense methods like signature approach, which is unable to detect a new malware. However, this vulnerability will lead to a successful computer system penetration (and attack) as well as success of more advanced attacks like distributed denial of service (DDoS) attack. Data mining methods can be used to overcome limitation of signature-based techniques to detect the zero-day malware. This paper provides an overview of malware and malware detection system using modern techniques such as techniques of data mining approach to detect known and unknown malware samples
Salient Features Selection Techniques for Instruction Detection in Mobile Ad Hoc Networks
The development of wireless mobile ad hoc networks offers the promise of flexibility, low cost solution for the area where there is difficulties for infrastructure network. A key attraction of this mode of communication is their ease of deployment and operation. However, having a good and robust mobile ad hoc networking will depend entirely on security mechanism system in place. Traditional security mechanisms know as firewalls were used for defensive approach to oppose security obstacle. However, firewalls do not fully or completely defeat intrusions. To cope with this limitation, various intrusions detection systems (IDSs) have been proposed to detect such network intrusion activities. The problem encounter for this particular technique of instruction detections technique is that during network monitoring for data collection for anomaly detection, data that does not contribute to detection must be deleted before detection can be processed or application of learning algorithm for detection of abnormal attacks. In this paper we present a novel feature technique for feature selection before learning technique should be applied. The method has been applied into our own data set, and for the detection purpose we have used most of the well reputed three Machine Learning classifiers with the new selected features for performance evaluation and the experiment shows that higher accuracy results could be achieved with only all the 9 features extracted with our own algorithm with the data set created by using RandomForest classifier
Seleksi Fitur Dengan Information Gain Untuk Meningkatkan Deteksi Serangan DDoS menggunakan Random Forest
Tantangan deteksi serangan saat ini adalah jumlah trafik yang besar dan beragam serta hadir jenis serangan baru. Sehingga diperlukan teknik baru untuk meningkatkan performa deteksi. Dengan pesatnya perkembangan teknologi layanan komunikasi, menghasilkan trafik dengan informasi yang beragam. Pada dasarnya tidak semua informasi pada trafik jaringan digunakan untuk mendeteksi serangan seperti DDoS. Penelitian ini bertujuan meningkatkan performa Random Forest dalam mendeteksi serangan DDoS dengan seleksi fitur menggunakan teknik Information Gain. Berdasarkan hasil eksperimen diperoleh bahwa teknik yang diusulkan mampu meningkatkan akurasi deteksi DDoS hingga 99.99% dengan tingkat alarm palsu 0.00
- …