Neural visualization of network traffic data for intrusion detection

This study introduces and describes a novel intrusion detection system (IDS) called MOVCIDS (mobile visualization connectionist IDS). This system applies neural projection architectures to detect anomalous situations taking place in a computer network. By its advanced visualization facilities, the proposed IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by volume, dynamics and diversity of the traffic, including novel (0-day) attacks. MOVCIDS provides a novel point of view in the field of IDSs by enabling the most interesting projections (based on the fourth order statistics; the kurtosis index) of a massive traffic dataset to be extracted. These projections are then depicted through a functional and mobile visualization interface, providing visual information of the internal structure of the traffic data. The interface makes MOVCIDS accessible from any mobile device to give more accessibility to network administrators, enabling continuous visualization, monitoring and supervision of computer networks. Additionally, a novel testing technique has been developed to evaluate MOVCIDS and other IDSs employing numerical datasets. To show the performance and validate the proposed IDS, it has been tested in different real domains containing several attacks and anomalous situations. In addition, the importance of the temporal dimension on intrusion detection, and the ability of this IDS to process it, are emphasized in this workJunta de Castilla and Leon project BU006A08, Business intelligence for production within the framework of the Instituto Tecnologico de Cas-tilla y Leon (ITCL) and the Agencia de Desarrollo Empresarial (ADE), and the Spanish Ministry of Education and Innovation project CIT-020000-2008-2. The authors would also like to thank the vehicle interior manufacturer, Grupo Antolin Ingenieria S. A., within the framework of the project MAGNO2008-1028-CENIT Project funded by the Spanish Government

Clustering extension of MOVICAB-IDS to distinguish intrusions in flow-based data

Much effort has been devoted to research on intrusion detection (ID) in recent years because intrusion strategies and technologies are constantly and quickly evolving. As an innovative solution based on visualization, MObile VIsualisation Connectionist Agent-Based IDS was previously proposed, conceived as a hybrid-intelligent ID System. It was designed to analyse continuous network data at a packet level and is extended in present paper for the analysis of flow-based traffic data. By incorporating clustering techniques to the original proposal, network flows are investigated trying to identify different types of attacks. The analysed real-life data (the well-known dataset from the University of Twente) come from a honeypot directly connected to the Internet (thus ensuring attack-exposure) and is analysed by means of clustering and neural techniques, individually and in conjunction. Promising results are obtained, proving the validity of the proposed extension for the analysis of network flow dat

Hybrid Unsupervised Exploratory Plots: A Case Study of Analysing Foreign Direct Investment

The curse of dimensionality has been an open issue for many years and still is, as finding nonobvious and previously unknown patterns in ever-increasing amounts of high-dimensional data is not an easy task. Advancing in descriptive data analysis, the present paper proposes Hybrid Unsupervised Exploratory Plots (HUEPs) as a new visualization technique to combine the outputs of Exploratory Projection Pursuit and Clustering methods in a novel and informative way. As a case study, HUEPs are validated in a real-world context for analysing the internationalization strategy of companies, by taking into account bilateral distance between home and host countries. As a multifaceted concept, distance encompasses multiple dimensions. Together with data from both the countries and the companies, various psychic distances are analysed by means of HUEPs, to gain deep knowledge of the internationalization strategy of large Spanish companies. Informative visualizations are obtained from the analysed dataset, leading to useful business implications and decision making.The work was conducted during Álvaro Herrero’s research stay at KEDGE Business School in Bordeaux (France). Some results of this ongoing research, from the same dataset, have been presented in the 13th International Conference on Soft Computing Models in Industrial and Environmental Applications, as a paper entitled “Visualizing Industrial Development Distance to Better Understand Internationalization of Spanish Companies”

Unsupervised neural models for country and political risk analysis

This interdisciplinary research project focuses on relevant applications of Knowledge Discovery and Artificial Neural Networks in order to identify and analyze levels of country, business and political risk. Its main goal is to help business decision-makers understand the dynamics within the emerging market countries in which they operate. Most of the neural models applied in this study are defined within the framework of unsupervised learning. They are based on Exploratory Projection Pursuit, Topology Preserving Maps and Curvilinear Component Analysis. Two interesting real data sets are analyzed to empirically probe the robustness of these models. The first case study describes information from a significant sample of Spanish multinational enterprises (MNEs). It analyses data pertaining to such aspects as decisions over the location of subsidiary enterprises in various regions across the world, the importance accorded to such decisions and the driving forces behind them. Through a projection-based analysis, this study reveals a range of different reasons underlying the internationalization strategies of Spanish MNEs and the different goals they pursue. It may be concluded that projection connectionist techniques are of immense assistance in the process of identifying the internationalization strategies of Spanish MNEs, their underlying motives and the goals they pursue. The second case study covers several risk categories that include task policy, security, and political stability among others, and it tracks the scores of different countries all over the world. Interesting conclusions are drawn from the application of several business intelligence solutions based on neural projection models, which support data analysis in the context of country and political risk analysisAlfredo Jimenez Palmero is grateful for the financial support from the Spanish Ministry of Science and Innovation through the FPU programme. This research has been partially supported through the Junta of Castilla and Leon under project BU006A08; the Spanish Ministry of Education and Innovation under project CIT-020000-2008-2 and CIT-020000-2009-12. The authors would also like to thank the vehicle interior manufacturer, Grupo Antolin Ingenieria S.A., under project MAGNO2008-1028.- CENIT Project funded by the Spanish Government

Advanced feature selection to study the internationalization strategy of enterprises

Firms face an increasingly complex economic and financial environment in which the access to international networks and markets is crucial. To be successful, companies need to understand the role of internationalization determinants such as bilateral psychic distance, experience, etc. Cutting-edge feature selection methods are applied in the present paper and compared to previous results to gain deep knowledge about strategies for Foreign Direct Investment. More precisely, evolutionary feature selection, addressed from the wrapper approach, is applied with two different classifiers as the fitness function: Bagged Trees and Extreme Learning Machines. The proposed intelligent system is validated when applied to real-life data from Spanish Multinational Enterprises (MNEs). These data were extracted from databases belonging to the Spanish Ministry of Industry, Tourism, and Trade. As a result, interesting conclusions are derived about the key features driving to the internationalization of the companies under study. This is the first time that such outcomes are obtained by an intelligent system on internationalization data.The work was conducted during the research stays of Álvaro Herrero and Roberto Alcalde at KEDGE Business School in Bordeaux (France

RT-MOVICAB-IDS: Addressing real-time intrusion detection

This study presents a novel Hybrid Intelligent Intrusion Detection System (IDS) known as RT-MOVICAB-IDS that incorporates temporal control. One of its main goals is to facilitate real-time Intrusion Detection, as accurate and swift responses are crucial in this field, especially if automatic abortion mechanisms are running. The formulation of this hybrid IDS combines Artificial Neural Networks (ANN) and Case-Based Reasoning (CBR) within a Multi-Agent System (MAS) to detect intrusions in dynamic computer networks. Temporal restrictions are imposed on this IDS, in order to perform real/execution time processing and assure system response predictability. Therefore, a dynamic real-time multi-agent architecture for IDS is proposed in this study, allowing the addition of predictable agents (both reactive and deliberative). In particular, two of the deliberative agents deployed in this system incorporate temporal-bounded CBR. This upgraded CBR is based on an anytime approximation, which allows the adaptation of this Artificial Intelligence paradigm to real-time requirements. Experimental results using real data sets are presented which validate the performance of this novel hybrid IDSMinisterio de Economía y Competitividad (TIN2010-21272-C02-01, TIN2009-13839-C03-01), Ministerio de Ciencia e Innovación (CIT-020000-2008-2, CIT-020000-2009-12

A Decision-Making Tool Based on Exploratory Visualization for the Automotive Industry

In recent years, the digital transformation has been advancing in industrial companies, supported by the Key Enabling Technologies (Big Data, IoT, etc.) of Industry 4.0. As a consequence, companies have large volumes of data and information that must be analyzed to give them competitive advantages. This is of the utmost importance in fields such as Failure Detection (FD) and Predictive Maintenance (PdM). Finding patterns in such data is not easy, but cutting-edge technologies, such as Machine Learning (ML), can make great contributions. As a solution, this study extends Hybrid Unsupervised Exploratory Plots (HUEPs), as a visualization technique that combines Exploratory Projection Pursuit (EPP) and Clustering methods. An extended formulation of HUEPs is proposed, adding for the first time the following EPP methods: Classical Multidimensional Scaling, Sammon Mapping and Factor Analysis. Extended HUEPs are validated in a case study associated with a multinational company in the automotive industry sector. Two real-life datasets containing data gathered from a Waterjet Cutting tool are visualized in an intuitive and informative way. The obtained results show that HUEPs is a technique that supports the continuous monitoring of machines in order to anticipate failures. This contribution to visual data analytics can help companies in decision-making, regarding FD and PdM projects.The authors would like to thank the vehicle interiors manufacturer, Grupo Antolin, for its collaboration in this research

Multiagent Systems for Network Intrusion Detection: A Review

More and more, Intrusion Detection Systems (IDSs) are seen as an important component in comprehensive security solutions. Thus, IDSs are common elements in modern infrastructures to enforce network policies. So far, plenty of techniques have been applied for the detection of intrusions, which has been reported in many surveys. This work focuses the development of network-based IDSs from an architectural point of view, in which multiagent systems are applied for the development of IDSs, presenting an up-to-date revision of the state of the art

4th International Conference, CISIS 2011, Held at IWANN 2011, Torremolinos-Málaga, Spain, June 8-10, 2011. Proceedings

This book constitutes the refereed proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems, CISIS 2011, held in Torremolinos-Málaga, in June 2011 as a satellite event of IWANN 2011, the International Work-Conference on Artificial and Natural Neural Networks. The 38 revised full papers presented were carefully reviewed and selected from a total of 70 submissions. The papers are organized in topical sections on machine learning and intelligence, network security, cryptography, securing software, and applications of intelligent methods for security

Mobile Hybrid Intrusion Detection

This monograph comprises work on network-based Intrusion Detection (ID) that is grounded in visualisation and hybrid Artificial Intelligence (AI). It has led to the design of MOVICAB-IDS (MObile VIsualisation Connectionist Agent-Based IDS), a novel Intrusion Detection System (IDS), which is comprehensively described in this book. This novel IDS combines different AI paradigms to visualise network traffic for ID at packet level. It is based on a dynamic Multiagent System (MAS), which integrates an unsupervised neural projection model and the Case-Based Reasoning (CBR) paradigm through the use of deliberative agents that are capable of learning and evolving with the environment. The proposed novel hybrid IDS provides security personnel with a synthetic, intuitive snapshot of network traffic and protocol interactions. This visualisation interface supports the straightforward detection of anomalous situations and their subsequent identification. The performance of MOVICAB-IDS was tested through a novel mutation-based testing method in different real domains which entailed several attacks and anomalous situations