Integration of Expectation Maximization using Gaussian Mixture Models and Naïve Bayes for Intrusion Detection

Intrusion detection is the investigation process of information about the system activities or its data to detect any malicious behavior or unauthorized activity. Most of the IDS implement K-means clustering technique due to its linear complexity and fast computing ability. Nonetheless, it is Naïve use of the mean data value for the cluster core that presents a major drawback. The chances of two circular clusters having different radius and centering at the same mean will occur. This condition cannot be addressed by the K-means algorithm because the mean value of the various clusters is very similar together. However, if the clusters are not spherical, it fails. To overcome this issue, a new integrated hybrid model by integrating expectation maximizing (EM) clustering using a Gaussian mixture model (GMM) and naïve Bays classifier have been proposed. In this model, GMM give more flexibility than K-Means in terms of cluster covariance. Also, they use probabilities function and soft clustering, that’s why they can have multiple cluster for a single data. In GMM, we can define the cluster form in GMM by two parameters: the mean and the standard deviation. This means that by using these two parameters, the cluster can take any kind of elliptical shape. EM-GMM will be used to cluster data based on data activity into the corresponding category

Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems

SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds

Detecção de novidade para sistemas de sonar passivo

Sound is a mechanical wave that propagates over great distances in the oceans and it can, therefore, be used for vessel detection and classification in underwater environments, which are basic sonar system tasks. The development of such systems is directly linked to the country defense, especially, in countries with continental dimensions, such as Brazil. Recently, the Brazilian Navy defined underwater acoustics as a strategic priority area. Passive sonar systems can be installed to monitor the Brazilian coast in a stealthy and efficient way. In addition, these are used in military submarines for different applications. As in this operating environment, each ship has a unique acoustic signature, and ships whose data have not been acquired can be observed, it is necessary to develop a novelty detector operating in conjunction with the contact classifiers implemented in Brazilian Navy systems. Because classification systems operate competing for computing resources with novelty detectors, they can impact in classification efficiency. The number of classes in this environment is very large, and because of this, specific performance indices were created to evaluate the developed model efficiency. In addition, different data compressors were developed to access relevant ship information of, among them can be cited PCD, kPCA, NLPCA and SAE. The novelty detection development was based on the operating environment of the Brazilian Navy and since it can have its operating conditions changed over time, a stationarity monitoring system based on higher order statistics was proposed. Both the novelty detector and the stationarity monitoring system were developed with experimental data provided by the Brazilian Navy.O som é uma onda mecânica que se propaga por grandes distâncias nos oceanos e, por essa razão, pode ser utilizado para a detecção e classificação de contatos em meios submarinos, tarefas básicas de um sistema sonar. O desenvolvimento de tais sistemas está diretamente ligado a defesa de um país com dimensões continentais, como o Brasil. Recentemente, a Marinha do Brasil definiu como prioridade estratégica a área de acústica submarina. Sistemas de sonar passivo podem ser instalados para monitorar a costa brasileira de maneira furtiva e eficiente. Ademais, estes são utilizados em submarinos militares para diferentes aplicações. Como neste ambiente de operação, cada navio possui uma assinatura acústica única, e navios cujos dados não foram adquiridos podem ser observados, faz-se necessário o desenvolvimento de um detector de novidade operando em conjunto com os classificadores de contatos implementados em sistemas da Marinha do Brasil. Como os classificadores operam competindo por recursos computacionais com os detectores de novidade, estes podem impactar na eficiência de classificação. A quantidade de classes, neste ambiente, ´e muito grande e, devido a isso, índices de desempenho específicos foram criados para avaliar a eficiência dos modelos desenvolvidos. Além disso, diferentes extratores de informação foram desenvolvidos para acessar informações relevantes dos navios em questão, dentre eles podem ser citados PCD, kPCA, NLPCA e SAE. O desenvolvimento deste modelo de detecção foi baseado no ambiente de operação da Marinha do Brasil e, como este pode ter suas condições operativas alteradas ao longo do tempo, um sistema de monitoramento da estacionaridade baseado em estatística de ordem superior foi proposto. Tanto o detector de novidade quanto o sistema de monitoramento de estacionaridade foram desenvolvidos com dados experimentais disponibilizados pela Marinha do Brasil