Optimal remote access trojans detection based on network behavior

RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm

АДМИНИСТРАТИВНАЯ ПРЕЮДИЦИЯ КАК УСЛОВИЕ УГОЛОВНОЙ ОТВЕТСТВЕННОСТИ В НЕКОТОРЫХ СЛУЧАЯХ ПРИНУЖДЕНИЯ К ВЫПОЛНЕНИЮ ОБЯЗАТЕЛЬСТВ

Ant Colony Optimization (ACO) is a class ofheuristic search algorithms that have beensuccessfully applied to solving combinationaloptimization (CO) problems. The traveling salesmanproblem (TSP) is among the most importantcombinatorial problems. ACO has very good searchcapability for optimization problems. But it still hassome drawbacks such as stagnation behavior, longcomputational time, and premature convergenceproblem of the basic ACO algorithm on TSP. Thoseproblems will be more obvious when the complexitiesof the considered problems increase. The proposedsystem based on basic ACO algorithm based on wellpositionedthe ants on the initiation and informationentropy which is applied to tuning of the algorithm’sparameters. Then, ACO for TSP has been improvedby incorporating local optimization heuristic.Therefore, the proposed system intends to reachsuperior search performance over traditional ACOalgorithms do

Efficient Access Control Mechanism for XML Databases Using Web Services

XML document are frequently used inapplication such as business transaction andmedical record involving sensitive information.Typically, parts of xml documents should be visibleto users depending on their roles. And then accesscontrol on the basis of data location or value in anXML document is essential. Additionally, webservices are application components that aredesigned to support interoperable machine-tomachineinteraction over a network. Thisinteroperability is gained through a set of XMLbasedopen standards, such as the Web ServicesDescription Language (WSDL), the Simple ObjectAccess Protocol (SOAP), and Universal Description,Discovery, and Integration (UDDI). These standardsprovide a common and interoperable approach fordefining, publishing, and using web services. Thispaper describes the design of an Access ControlSystem using Web Services for xml data and accessright management. And then we present an overviewof the access control mechanism to build accesscontrol services around a Web Services model andaddress how to increase sever throughput usingaccess control rules functions that are managementseparately from the server database using webservice

RBF Neural Network Based on Clonal Selection Algorithm for Medical Data Diagnosis

In artificial neural networks, the parametersmay include the number of layers, the number ofhidden units, the activation function and the algorithmparameters such as learning rate for optimization.Many researchers have proven that the training ofartificial neural networks is a complex process andmethods of training are highly varied. Some attemptto approximate the process of biological neurons butmany diverge greatly from them in an attempt to findmore computationally efficient methods to achieveoptimal or near-optimal weights. Although radialbasis function networks (RBF) are well known forrequiring short training period among artificialneural networks, these methods perform a localsearch and they can easily fall in local minima byproducing sub-optimal solutions. Therefore, theperformance of network training is not good and theaccuracy is low for RBF neural networks. Thetraditional network weight training generally usesgradient descent method and it can not get the globaloptimum. Training the weights by optimizationmethod can find the weight set that approaches globaloptimum while do not need to compute gradientinformation and it can help to reduce error rate innetwork training .Clonal selection algorithm is aglobal search among optimization method and it canprovide an efficient alternative for the optimization ofneural networks. In this paper, we use clonal selectionalgorithm to adjust weight units which are importantto improve network training in RBF neural network

Elliptic Curve Cryptosystem Based Secure Communication System

Security aspects come into play when it is necessaryor describe to protect the information transmission. The goal ofcryptography is to make it possible for two people to exchange amessage in such a way that other people cannot understand themessage. This thesis is intended to implement a secureinformation system for critical applications. The key DerivationFunction is to calculate Keying data which is divided into twokeys, ENCkey and MACkey. ENCkey is used for encryption anddecryption the message and MACkey is used for messageauthentication code( MAC) scheme to check the receivingmessage is valid or not. The XOR Encryption scheme is used forencryption operation. We compare the performance of EllipticCurve Cryptosystem(ECC) with other cryptosystem in terms ofkey sizes; ECC has the same level of security with smaller keysizes. So, ECC is used the smart and other critical applicationssuch as military departments, banking systems and etc

Feature Selection for Anomaly-Based Intrusion Detection System Using Information Gain and Mutual Correlation

To avoid high computational costs inidentifying intrusions by IDSs, the size of adataset needs to be reduced. Feature selection isconsidered a problem of global combinatorialoptimization in machine learning, which reducesthe number of features, removes irrelevant, noisyand redundant data, and results in acceptableclassification accuracy. This paper proposes acombine filter method by using IG (informationgain) and Mutual Correlation for featureselection in NSL-KDD dataset. IG was used toselect important feature subsets from all featuresin the NSL-KDD dataset. The resulted featuresset are combined with Mutual correlation to getthe optimal reduced features set. Tests are doneon NSL-KDD dataset which is improved versionof KDD-99 dataset. The results show that thenumber of selected features is reduced from 41 to14 and correlated 10 features. The proposedmethod not only reduces the number of the inputfeatures and memory and CPU time but alsoincreases the classification accuracy

A Network Intrusion Detection Model Using Fuzzy C4.5 Decision Tree

With the growing rate of interconnections among computer systems, reliablenetwork communication is becoming a majorchallenge. Intrusion detection has emerged as asignificant field of research, because it is nottheoretically possible to set up a system with novulnerabilities. This paper purposes the use offuzzy logic to generate decision tree to classifythe intrusion data. Further, the fuzzy decisiontree is then converted to fuzzy rules. The fuzzydecision tree (C4.5) method is used the minimizemeasure of classification ambiguity for differentattributes. This method overcomes the sharpboundary problems; provide good accuracydealing with continuous attributes and predictionproblems. The experimental result is carried outby using 10% KDD Cup 99 benchmark networkintrusion detection dataset

Web Document Clustering using Genetic Algorithm

Clustering (or cluster analysis) is one of the main data analysis techniques and deals with the organization of a set of objects in a multidimensional space into cohesive groups, called clusters. Each cluster contains objects that are very similar to each other and very dissimilar to object in other cluster. Web page clustering is one of the major preprocessing step in web mining analysis. Clustering is also useful extracting salient features of related web document to automatically formulated queries and search for other similar document on the Web. Web page clustering faces with and many challenges due to the high dimensionality and due to heterogeneity nature of the web document. Efficient and scalable algorithm are need for web clustering. Genetic algorithm is a of the algorithm from evolutionary computing that can effectively search in the large search space by simulating the nature of evolution. This paper present the genetic algorithm for web page clustering that is scalable and efficient. Genetic algorithm with medoid representation was used because it provides shorter chromosome length and medoid based clustering is more tolerable to noisy data such as web document and employs a supervised features selection method for selection of appropriate features terms

Maximum Sustained Wind Prediction of Storm Surge in Bay of Bengal

Most of the countries around the Bay ofBengal are threatened by storm surges associatedwith severe tropical cyclones. The destruction alongthe coastal regions of India, Bangladesh, andMyanmar are serious due to the storm surge. Tomitigate the impacts of tropical storm, the predictionof storm surge need to be accurate. Traditionalprocess-based numerical models have the limitationof high computational demands to make timelyforecast and deterministic numerical models arestrongly dependent on accurate meteorological inputto predict storm surge. In this work, a Multilayerperceptron (MLP) and a Radial Basic FunctionNetwork (RBFN) used to predict the maximumsustained wind speed in knots (VMAX) of storm incoastal areas of Bay of Bengal. The ANN networkmodel provides fast, real-time storm surge estimatesat Bay of Bengal. Simulated and historical storm dataare collected for model training and testing,respectively. North India Ocean Best Track Datafrom Joint Typhoon Warning Center (JTWC) used toperform experiments. The result of MLP is predictedVMAX value closer than in RBFN prediction