WiFi Miner: An online apriori and sensor based wireless network Intrusion Detection System

This thesis proposes an Intrusion Detection System, WiFi Miner, which applies an infrequent pattern association rule mining Apriori technique to wireless network packets captured through hardware sensors for purposes of real time detection of intrusive or anomalous packets. Contributions of the proposed system includes effectively adapting an efficient data mining association rule technique to important problem of intrusion detection in a wireless network environment using hardware sensors, providing a solution that eliminates the need for hard-to-obtain training data in this environment, providing increased intrusion detection rate and reduction of false alarms. The proposed system, WiFi Miner, solution approach is to find frequent and infrequent patterns on pre-processed wireless connection records using infrequent pattern finding Apriori algorithm also proposed by this thesis. The proposed Online Apriori-Infrequent algorithm improves the join and prune step of the traditional Apriori algorithm with a rule that avoids joining itemsets not likely to produce frequent itemsets as their results, thereby improving efficiency and run times significantly. A positive anomaly score is assigned to each packet (record) for each infrequent pattern found while a negative anomaly score is assigned for each frequent pattern found. So, a record with final positive anomaly score is considered as anomaly based on the presence of more infrequent patterns than frequent patterns found

Data mining Techniques for Digital Forensic Analysis

The computer forensic involve the protection, classification, taking out information and documents the evidence stored as data or magnetically encoded information. But the organizations have an increasing amount of data from many sources like computing peripherals, personal digital assistants (PDA), consumer electronic devices, computer systems, networking equipment and various types of media, among other sources. To find similar kinds of evidences, crimes happened previously, the law enforcement officers, police forces and detective agencies is time consuming and headache. The main motive of this work is by combining a data mining techniques with computer forensic tools to get the data ready for analysis, find crime patterns, understand the mind of the criminal, assist investigation agencies have to be one step ahead of the bad guys, to speed up the process of solving crimes and carry out computer forensics analyses for criminal affairs

IMPLEMENTASI DAN ANALISA HASIL DATA MINING UNTUK KLASIFIKASI SERANGAN PADA INTRUSION DETECTION SYSTEM (IDS) DENGAN ALGORITMA C4.5

Intrusion Detection System (IDS) merupakan sebuah kemampuan yang dimiliki oleh sebuah sistem atau perangkat untuk dapat melakukan deteksi terhadap serangan yang mungkin terjadi dalam jaringan baik lokal maupun yang terhubung dengan internet. Masalah dimulai ketika paket data yang datang sangat banyak dan harus di analisa di kemudian hari. Teknik Data Mining merupakan teknik yang tepat untuk melakukan analisa terhadap sebuah data. Beberapa penelitian telah menggunakan teknik data mining untuk mengatasi masalah serangan IDS seperti analisis frequent itemset, analisis clustering, analisis klasifikasi dan analisis asosiasi. Tujuan dari penelitian ini adalah untuk mengklasifikasikan serangan pada data-data yang diujikan dengan menggunakan metode klasifikasi dan algoritma klasifikasi C4.5. Penelitian ini menggunakan koleksi data dari KDD’99 dan memiliki 41 atribut dimana atribut ini dilakukan fitur seleksi untuk menghapus atribut yang tidak relevan dengan menggunakan teknik evolusi. Hasil yang didapatkan dari fitur seleksi ini adalah 16 atribut dengan akurasi tinggi mencapai 98,67% dari 41 atribut yang ada. Kemudian hasilnya dilakukan pemodelan dengan menggunakan algoritma C4.5 dan menghasilkan sebuah aturan untuk digunakan dalam implementasi sistem analisa klasifikasi data. Aturan yang dihasilkan dapat digunakan dalam sistem untuk mengklasifikasikan data serangan seperti dos, u2r, r2l dan probe serta aktifitas jaringan normal. Kata Kunci: Klasifikasi, Algoritma C4.5, Fitur Seleksi, Evolusi, Intrution Detection System, IDS

Analisis Malware Attack Di Internet Indonesia Pada Tahun 2013 Dengan Metode Frequent Itemset Mining

Pertumbuhan pengguna internet di Indonesia semakin mengingkat sehingga potensi ancaman juga meningkat. Berdasarkan data-data yang dirilis oleh Sophos, Indonesia merupakan salah satu negara yang memproduksi serangan terbanyak. Untuk mendeteksi serangan pada jaringan internet, dibutuhkan Network Intrusion Detection Systems yang akan mendeteksi serangan yang datang. Serangan tersebut memiliki variasi yang cukup banyak dan menghasilkan data yang sangat besar. Dari data serangan, maka serangan tersebut dihitung frekuensinya. Semakin tinggi maka serangan tersebut dikatakan rutin sehingga potensi ancamannya cukup besar. Pada penelitian ini, untuk mendapatkan frekuensi dari seangan tersebut dilakukan penggalian data dengan Frequent Itemset Mining. . Penelitian ini menggunakan dua algoritma, yaitu Apriori dan FP-Max. FP-Max digunakan untuk mencari kumpulan serangan apa saja yang sering tercapai sedangkan Apriori digunakan untuk menghitung frekuensinya. viii Diharapkan dengan adanya penelitian ini para anlis dapatmelakukan tindaka n prevfentif terhadap jenis jenis serangan yang frekeuntif. ============================================================ Netwrok Intrusion Detection systems is a tool for detecting attack that occur in internet. Network Intrusion Detection Systems often produce a lot of data from these attack. From Network Intrusion Detection Systems, the attack may vary in attak variant. From these attack, each attack will be computed on its frequeny. The higher frequency its attack, the higher risk will ocure. In this research, for finding its frequency we use Frequent Itemset Mining. We use two algorithm, Apriori and FP-Max. Apriori used for finding frequency for each attack and FP-Max used for finding maximal pattern that occure in every day. From this research, we found that some largest known attack is not frequent. Also, the result from Apriori and FP-Max with same minimum support remain same. Finally, we expect from this research the security analyst will take proper action for any attack that frequently occur

Security in Data Mining- A Comprehensive Survey

Data mining techniques, while allowing the individuals to extract hidden knowledge on one hand, introduce a number of privacy threats on the other hand. In this paper, we study some of these issues along with a detailed discussion on the applications of various data mining techniques for providing security. An efficient classification technique when used properly, would allow an user to differentiate between a phishing website and a normal website, to classify the users as normal users and criminals based on their activities on Social networks (Crime Profiling) and to prevent users from executing malicious codes by labelling them as malicious. The most important applications of Data mining is the detection of intrusions, where different Data mining techniques can be applied to effectively detect an intrusion and report in real time so that necessary actions are taken to thwart the attempts of the intruder. Privacy Preservation, Outlier Detection, Anomaly Detection and PhishingWebsite Classification are discussed in this paper