Enhance density peak clustering algorithm for anomaly intrusion detection system

In this paper proposed new model of Density Peak Clustering algorithm to enhance clustering of intrusion attacks. The Anomaly Intrusion Detection System (AIDS) by using original density peak clustering algorithm shows the stable in result to be applied to data-mining module of the intrusion detection system. The proposed system depends on two objectives; the first objective is to analyzing the disadvantage of DPC; however, we propose a novel improvement of DPC algorithm by modifying the calculation of local density method based on cosine similarity instead of the cat off distance parameter to improve the operation of selecting the peak points. The second objective is using the Gaussian kernel measure as a distance metric instead of Euclidean distance to improve clustering of high-dimensional complex nonlinear inseparable network traffic data and reduce the noise. The experimentations evaluated with NSL-KDD dataset

Practical Attacks Against Graph-based Clustering

Graph modeling allows numerous security problems to be tackled in a general way, however, little work has been done to understand their ability to withstand adversarial attacks. We design and evaluate two novel graph attacks against a state-of-the-art network-level, graph-based detection system. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledge must be accounted for (by the defenders) in order to be practical. Even though less informed attackers can evade graph clustering with low cost, we show that some practical defenses are possible.Comment: ACM CCS 201

Enhancing the Efficiency of Attack Detection System Using Feature selection and Feature Discretization Methods

Intrusion detection technologies have grown in popularity in recent years using machine learning. The variety of new security attacks are increasing, necessitating the development of effective and intelligent countermeasures. The existing intrusion detection system (IDS) uses Signature or Anomaly based detection systems with machine learning algorithms to detect malicious activities. The Signature-based detection rely only on signatures that have been pre-programmed into the systems, detect known attacks and cannot detect any new or unusual activity. The Anomaly based detection using supervised machine learning algorithm detects only known threats. To address this issue, the proposed model employs an unsupervised machine learning approach for detecting attacks. This approach combines the Sub Space Clustering and One Class Support Vector Machine algorithms and utilizes feature selection methods such as Chi-square, as well as Feature Discretization Methods like Equal Width Discretization to identify both known and undiscovered assaults. The results of the experiments using proposed model outperforms several of the existing system in terms of detection rate and accuracy and decrease in the computational time

A systematic review of data quality issues in knowledge discovery tasks

Hay un gran crecimiento en el volumen de datos porque las organizaciones capturan permanentemente la cantidad colectiva de datos para lograr un mejor proceso de toma de decisiones. El desafío mas fundamental es la exploración de los grandes volúmenes de datos y la extracción de conocimiento útil para futuras acciones por medio de tareas para el descubrimiento del conocimiento; sin embargo, muchos datos presentan mala calidad. Presentamos una revisión sistemática de los asuntos de calidad de datos en las áreas del descubrimiento de conocimiento y un estudio de caso aplicado a la enfermedad agrícola conocida como la roya del café.Large volume of data is growing because the organizations are continuously capturing the collective amount of data for better decision-making process. The most fundamental challenge is to explore the large volumes of data and extract useful knowledge for future actions through knowledge discovery tasks, nevertheless many data has poor quality. We presented a systematic review of the data quality issues in knowledge discovery tasks and a case study applied to agricultural disease named coffee rust

Evaluation of spatial-temporal anomalies in the analysis of human movement

The dissemination of Internet of Things solutions, such as smartphones, lead to the appearance of devices that allow to monitor the activities of their users. In manufacture, the performed tasks consist on sets of predetermined movements that are exhaustively repeated, forming a repetitive behaviour. Additionally, there are planned and unplanned events on manufacturing production lines which cause the repetitive behaviour to stop. The execution of improper movements and the existence of events that might prejudice the productive system are regarded as anomalies. In this work, it was investigated the feasibility of the evaluation of spatial-temporal anomaly detection in the analysis of human movement. It is proposed a framework capable of detecting anomalies in generic repetitive time series, thus being adequate to handle Human motion from industrial scenarios. The proposed framework consists of (1) a new unsupervised segmentation algorithm; (2) feature extraction, selection and dimensionality reduction; (3) unsupervised classification based on DBSCAN used to distinguish normal and anomalous instances. The proposed solution was applied in four different datasets. Two of those datasets were synthetic and two were composed of real-world data, namely, electrocardiography data and human movement in manufacture. The yielded results demonstrated not only that anomaly detection in human motion is possible, but that the developed framework is generic and, with examples, it was shown that it may be applied in general repetitive time series with little adaptation effort for different domains. The results showed that the proposed framework has the potential to be applied in manufacturing production lines to monitor the employees movements, acting as a tool to detect both planned and unplanned events, and ultimately reduce the risk of appearance of musculoskeletal disorders in industrial settings in long-term