A New Approach of Detecting Network Anomalies using Improved ID3 with Horizontal Partioning Based Decision Tree

In this paper we are proposing a new approach of Detecting Network Anomalies using improved ID3 with horizontal portioning based decision tree. Here we first apply different clustering algorithms and after that we apply horizontal partioning decision tree and then check the network anomalies from the decision tree. Here in this paper we find the comparative analysis of different clustering algorithms and existing id3 based decision tree

Network Transmission Flags Data Affinity-based Classification by K-Nearest Neighbor

Abstract—This research is concerned with the data generated during a network transmission session to understand how to extract value from the data generated and be able to conduct tasks. Instead of comparing all of the transmission flags for a transmission session at the same time to conduct any analysis, this paper conceptualized the influence of each transmission flag on network-aware applications by comparing the flags one by one on their impact to the application during the transmission session, rather than comparing all of the transmission flags at the same time. The K-nearest neighbor (KNN) type classification was used becauseit is a simple distance-based learning algorithm that remembers earlier training samples and is suitable for taking various flags withtheir effect on application protocols by comparing each new sample with the K-nearest points to make a decision. We used transmission session datasets received from Kaggle for IP flow with 87 features and 3.577.296 instances. We picked 13 features from the datasets and ran them through KNN. RapidMiner was used for the study, and the results of the experiments revealed that the KNN-based model was not only significantly more accurate in categorizing data, but it was also significantly more efficient due to the decreased processing costs

The Importance of Time in the Identification of Anomalous Situations by Means of MOVICAB-IDS

Intrusion Detection Systems (IDSs) are a part of the computer security infrastructure of most organizations. They are designed to detect suspect patterns by monitoring and analysing computer network events. Different areas of artificial intelligence, statistical and signature verification techniques have been applied in the field of IDSs. Additionally, visualization tools have been applied for intrusion detection, some of them providing visual measurements of network traffic. As described in previous works, MOVICAB-IDS (MObile VIsualization Cooperative Agent-Based IDS) is a bio-inspired tool based on the use of unsupervised Neural Networks (NN), and provides the network administrator with a snapshot of network traffic, protocol interactions and traffic volume. It offers a complete and more intuitive visualization of the network traffic by depicting each simple packet. To improve the accessibility of the system, the administrator may visualize the results on a mobile device (such as PDA’s, mobile phones or embedded devices), enabling informed decisions to be taken anywhere and at any time. It is a combination of a connectionist model and a multiagent system enriched by a functional and mobile visualization. The viability and effectiveness of MOVICAB-IDS has been shown in previous works. This paper focuses on the importance of the time-information dependence in the identification of anomalous situations in the case of the proposed model. Several experiments show that the connectionist method on which MOVICAB-IDS is based (that has never been applied to the IDS and network security field before the beginning of this research) can highlight the evolution of packets along time. That is, MOVICAB-IDS identifies anomalous situations by taking into account the time-related dimension among others and by using unsupervised bio-inspired models

MOVICAB-IDS: Visual Analysis of Network Traffic Data Streams for Intrusion Detection

MOVICAB-IDS enables the more interesting projections of a massive traffic data set to be analysed, thereby providing an overview of any possible anomalous situations taking place on a computer network. This IDS responds to the challenges presented by traffic volume and diversity. It is a connectionist agent-based model extended by means of a functional and mobile visualization interface. The IDS is designed to be more flexible, accessible and portable by running on a great variety of applications, including small mobile ones such as PDA’s, mobile phones or embedded devices. Furthermore, its effectiveness has been demonstrated in different tests

Deliberative Agents for Intrusion Detection.

This work describes a multiagent system incorporating some artificial intelligence techniques for intrusion detection. The proposed Intrusion Detection System (IDS) provides a network administrator with a comprehensive visualization of the network traffic. Thus, the network manager can supervise the network activity and detect anomalies at a glance. This paper describes the structure of the Mobile Visualization Connectionist Agent-Based IDS (MOVICAB-IDS). The system includes deliberative agents using a connectionist model to identify intrusions in computer networks. Some experiments dealing with anomalous situations related to the Simple Network Management Protocol are described

Testing CAB-IDS Through Mutations: On the Identification of Network Scans

This study demonstrates the ability of powerful visualization tools (based on the use of connectionist models) to identify network intrusion attempts in an effective and reliable manner. It presents a novel technique to test and evaluate a previously developed network-based intrusion detection system (IDS). This technique applies mutant operators and is intended to test IDSs using numerical data sets. It should be made clear that some mutations were discarded as they did not all provide real life situations. As an application example of the proposed testing model, it has been specially applied to the identification of network scans and mutations of these. The tested Connectionist Agent-Based IDS (CAB-IDS) is used as a method to investigate the traffic which travels along the analysed network, detecting anomalous traffic patterns. The specific tests performed in this study were based on the mutation of one or several variables analysed by CAB-IDS

Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization

A multiagent system that incorporates an Artificial Neural Networks based Intrusion Detection System (IDS) has been defined to guaranty an efficient computer network security architecture. The proposed system facilitates the intrusion detection in dynamic networks. This paper presents the structure of the Mobile Visualization Connectionist Agent-Based IDS, more flexible and adaptable. The proposed improvement of the system in this paper includes deliberative agents that use the artificial neural network to identify intrusions in computer networks. The agent based system has been probed through anomalous situations related to the Simple Network Management Protocol