Introduction on intrusion detection systems : focus on hierarchical analysis

In today\u27s fast paced computing world security is a main concern. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. This paper will examine various intrusion detection systems. The task of intrusion detection is to monitor usage of a system and detect and malicious activity, therefore, the architecture is a key component when studying intrusion detection systems. This thesis will also analyze various neural networks for statistical anomaly intrusion detection systems. The thesis will focus on the Hierarchical Intrusion Detection system (HIDE) architecture. The HIDE system detects network based attack as anomalies using statistical preprocessing and neural network classification. The thesis will conclude with studies conducted on the HIDE architecture. The studies conducted on the HIDE architecture indicate how the hierarchical multi-tier anomaly intrusion detection system is an effective one

Solving a Direct Marketing Problem by Three Types of ARTMAP Neural Networks

An important task for a direct mailing company is to detect potential customers in order to avoid unnecessary and unwanted mailing. This paper describes a non-linear method to predict profiles of potential customers using dARTMAP, ARTMAP-IC, and Fuzzy ARTMAP neural networks. The paper discusses advantages of the proposed approaches over similar techniques based on MLP neural networks

ANOMALY NETWORK INTRUSION DETECTION SYSTEM BASED ON DISTRIBUTED TIME-DELAY NEURAL NETWORK (DTDNN)

In this research, a hierarchical off-line anomaly network intrusion detection system based on Distributed Time-Delay Artificial Neural Network is introduced. This research aims to solve a hierarchical multi class problem in which the type of attack (DoS, U2R, R2L and Probe attack) detected by dynamic neural network. The results indicate that dynamic neural nets (Distributed Time-Delay Artificial Neural Network) can achieve a high detection rate, where the overall accuracy classification rate average is equal to 97.24%

Proposed Network Intrusion Detection System Based on Fuzzy c Mean Algorithm in Cloud Computing Environment

في الوقت الحاضر الحوسبة السحابية اصبحت جزء مكمل في صناعة تكنولجيا المعلومات، الحوسبة السحابية توفر بيئة عمل تسمح للمستخدم بمشاركة البيانات والموارد عبر الانترنت .حيث الحوسبة السحابية عبارة عن تجمع افتراضي من الموارد عبر الانترنت،هذا يؤدي الى مسائل اخرى تتعلق بالامن والخصوصية في بيئة الحوسبة السحابية .لذلك من المهم جدا خلق نظام كشف تطفل لكشف المتسللين في خارج وداخل بيئة الحوسبة السحابية بدقة عالية ومعدل  انذار كاذب منخفضة .هذا العمل يقترح نظام كشف تطفل قائم على خوارزمية العنقدة المضببة . اجريت التجارب على بيانات KDD99. العمل المقترح يمتاز بمعدل كشف تطفل عالي مع نسبة انذار كاذب منخفضة .Nowadays cloud computing had become is an integral part of IT industry, cloud computing provides Working environment allow a user of environmental to share data and resources over the internet. Where cloud computing its virtual grouping of resources offered over the internet, this lead to different matters related to the security and privacy in cloud computing. And therefore, create intrusion detection very important to detect outsider and insider intruders of cloud computing with high detection rate and low false positive alarm in the cloud environment. This work proposed network intrusion detection module using fuzzy c mean algorithm. The kdd99 dataset used for experiments .the proposed system characterized by a high detection rate with low false positive alarm

High Performance Data Mining Techniques For Intrusion Detection

The rapid growth of computers transformed the way in which information and data was stored. With this new paradigm of data access, comes the threat of this information being exposed to unauthorized and unintended users. Many systems have been developed which scrutinize the data for a deviation from the normal behavior of a user or system, or search for a known signature within the data. These systems are termed as Intrusion Detection Systems (IDS). These systems employ different techniques varying from statistical methods to machine learning algorithms. Intrusion detection systems use audit data generated by operating systems, application softwares or network devices. These sources produce huge amount of datasets with tens of millions of records in them. To analyze this data, data mining is used which is a process to dig useful patterns from a large bulk of information. A major obstacle in the process is that the traditional data mining and learning algorithms are overwhelmed by the bulk volume and complexity of available data. This makes these algorithms impractical for time critical tasks like intrusion detection because of the large execution time. Our approach towards this issue makes use of high performance data mining techniques to expedite the process by exploiting the parallelism in the existing data mining algorithms and the underlying hardware. We will show that how high performance and parallel computing can be used to scale the data mining algorithms to handle large datasets, allowing the data mining component to search a much larger set of patterns and models than traditional computational platforms and algorithms would allow. We develop parallel data mining algorithms by parallelizing existing machine learning techniques using cluster computing. These algorithms include parallel backpropagation and parallel fuzzy ARTMAP neural networks. We evaluate the performances of the developed models in terms of speedup over traditional algorithms, prediction rate and false alarm rate. Our results showed that the traditional backpropagation and fuzzy ARTMAP algorithms can benefit from high performance computing techniques which make them well suited for time critical tasks like intrusion detection

A Systematic Review of Learning based Notion Change Acceptance Strategies for Incremental Mining

The data generated contemporarily from different communication environments is dynamic in content different from the earlier static data environments. The high speed streams have huge digital data transmitted with rapid context changes unlike static environments where the data is mostly stationery. The process of extracting, classifying, and exploring relevant information from enormous flowing and high speed varying streaming data has several inapplicable issues when static data based strategies are applied. The learning strategies of static data are based on observable and established notion changes for exploring the data whereas in high speed data streams there are no fixed rules or drift strategies existing beforehand and the classification mechanisms have to develop their own learning schemes in terms of the notion changes and Notion Change Acceptance by changing the existing notion, or substituting the existing notion, or creating new notions with evaluation in the classification process in terms of the previous, existing, and the newer incoming notions. The research in this field has devised numerous data stream mining strategies for determining, predicting, and establishing the notion changes in the process of exploring and accurately predicting the next notion change occurrences in Notion Change. In this context of feasible relevant better knowledge discovery in this paper we have given an illustration with nomenclature of various contemporarily affirmed models of benchmark in data stream mining for adapting the Notion Change

Evaluation of Machine Learning Algorithms for Intrusion Detection System

Intrusion detection system (IDS) is one of the implemented solutions against harmful attacks. Furthermore, attackers always keep changing their tools and techniques. However, implementing an accepted IDS system is also a challenging task. In this paper, several experiments have been performed and evaluated to assess various machine learning classifiers based on KDD intrusion dataset. It succeeded to compute several performance metrics in order to evaluate the selected classifiers. The focus was on false negative and false positive performance metrics in order to enhance the detection rate of the intrusion detection system. The implemented experiments demonstrated that the decision table classifier achieved the lowest value of false negative while the random forest classifier has achieved the highest average accuracy rate

Coordinated Machine Learning and Decision Support for Situation Awareness

For applications such as force protection, an effective decision maker needs to maintain an unambiguous grasp of the environment. Opportunities exist to leverage computational mechanisms for the adaptive fusion of diverse information sources. The current research employs neural networks and Markov chains to process information from sources including sensors, weather data, and law enforcement. Furthermore, the system operator\u27s input is used as a point of reference for the machine learning algorithms. More detailed features of the approach are provided, along with an example force protection scenario