IJCSC Volume 4 Number 2 September 2013 pp ISSN
|
|
- Briana Bridges
- 5 years ago
- Views:
Transcription
1 Improving the performance of IDS using Genetic Algorithm Kuldeep Kumar, Ramkala Punia Computer Programmer, CCS Haryana Agriculture University, Hisar, Haryana *Teaching Associate, Deptt. of CSE, Guru Jambheshwar University of Science and Technology Hisar Abstract Intrusion detection system (IDS) aim to detect computer attacks and/or computer misuse, and to alert the proper individuals upon detection. The growing number of Internet threats increasingly inspires the need of applying a defense in depth concepts to protect worldwide computer system from being intruded for grabbing information. We need a very safe and secure intrusion detection system [1]. So, intrusion detection has become an important area of research the existing systems are not completely flawless and secure. This paper presents a genetic algorithm based approach to network intrusion detection for analyzing and improving performance of IDS. Genetic algorithms (GA) are search algorithms based on the principles of natural selection and genetics. The aim of developing of GAs is developing a system as robust and as adaptable to the environment as the natural systems. The methodology of GA starts from the initial population for a number of generations [5]. During each generation three basic genetic operators are applied to each individual with certain probabilities, i.e. selection, crossover, mutation. Key words: IDS, misuse detection, anomaly detection, genetic algorithm, SNORT. 1. Introduction Today we are suffering from many problems because of intruder interference in our communication with other person/organisation. The growing number of Internet threats increasingly inspires the need of applying a defense in depth concepts to protect worldwide computer system from being intruded for grabbing information. We need a very safe and secure intrusion detection system. So, intrusion detection has become an important area of research the existing systems are not completely flawless and secure. So, there is the need to improve the existing system. Many methods have been developed to secure the network infrastructure and communication over the Internet [8]. Intrusion detection systems monitor the network resources and sensing whether a system or network is being used by an authorized person. There are two ways to protect our network against malicious attempts. First is to build complete secure network system by applying all complicated cryptographic, authentication and authorization methods. However, this solution is not realistic. In practice, it is impossible to have completely secure system, because the user uses operating system and other applications to accomplish his/her job. Almost all applications have one or the other vulnerabilities. Second way is to detect an attack as soon as possible preferably in real-time and take appropriate action [6]. This is essentially what an Intrusion Detection and Preventation System (IDS and IPS) does. An IDS does not usually take preventive measures when an attack is detected; it is a reactive rather than pro-active. There are two general types of intrusion detection systems: misuse detection and anomaly detection. Misuse detection systems detect intruders with known patterns and anomaly detection systems identity deviation from normal network behaviors and alert for the potential unknown attacks [2]. IDS have three common issues: speed, accuracy and adaptability. The speed issue arises from the extensive set of data that needs to be monitored in order to observe the entire situation. An existing approach to solving this problem is to split the network stream into few more manageable streams and analyze each in real time using separate IDSs [1]. The traditional network security technology is a static, passive defense technology, which prevent most of the external attack, but cannot solve the internal attack. In order to solve the shortcomings of traditional passive defense system passive and rigid, experts propose a new security system-active defense system. The core of active defense system is intrusion detection, which can Real-time detect the intrusion of host or network, not only internet, intranet or some operations of computers, but also authorized operation, as long as the intrusion was detected it should immediately report and collect intrusion evidence, even track the source of the attack [7]. A number of soft computing based approaches have been proposed for detecting network intrusions. The principle constitutes of soft computing are Fuzzy Logic, Artificial Neural Networks, Probabilistic Reasoning and Genetic Algorithms. When used for intrusion detection soft computing techniques are often 93
2 used in conjunction with rule based expert systems acquiring expert knowledge where the knowledge is represented as a set of if then rules. This work present GA based approach to network intrusion detection system. GA is best approach because of some of its good properties e.g. robust to noise; no gradient information is required to find a global optimal or sub-optimal solution, self learning capabilities, etc. In the recent past there has been a growing recognition of deploying intelligent techniques for the creation of efficient and reliable intrusion detection systems. [10] These all the techniques have two steps: training and testing. GA-based techniques are appropriate for dealing with rare classes. As they work with populations of candidate solutions rather than a single solution and employ stochastic operators to guide the search process, GAs cope well with attribute interactions and avoid getting stuck in local maxima, which together make them very suitable for dealing with classifying rare classes. We have gone further by deploying standard F-measure as fitness function. F-value is proven to be very suitable when dealing with rare classes [10]. 2. Genetic Algorithm Genetic algorithm attempts to incorporate ideas of natural evaluation. In general, genetic learning starts as follows. An initial population is created consisting of randomly generated rules. Each rule can be represented by a string of bits [11]. Genetic algorithms are easily parallelizable and have been used for classification as well as other optimization problem. In data mining, they may be used to evaluate the fitness of other algorithms. There is a large class of interesting problem for which no reasonably fast algorithms have been developed. Many of these problems are optimization problems that arise frequently in applications. For some hard optimization problems we can use probabilistic algorithms as well these algorithms do no guarantee the optimum value, but randomly choosing sufficiently many fitnesses the probability of error may be made as small as we like [3]. GA operates on a population of potential solutions applying the principle of the survival of the fittest to produce better and better approximations to the solution of the problem that GA is trying to solve. At each generation, a new set of approximations is created by the process of selecting individuals according to their level of fitness value in the problem domain and breeding them together using the Operators borrowed from the genetic process performed in the nature, i.e. crossover and mutation. This process leads to the evolution of the populations of individuals that are better adapted to their environment than the individuals that they were created from, just as it happens in natural adaptation. The genetic algorithm is employed to derive a set of classification rules from network audit data, and the support-confidence framework is utilized as fitness function to judge the quality of each rule. The generated rules are then used to detect or classify network intrusions in a real-time environment [17]. Figure 1 describes the operation of a general genetic algorithm. The operation starts from an initial population of randomly generated individuals. Then the qualities of the individuals are gradually improved. During each generation, three basic genetic operators are sequentially applied to each individual with certain probabilities, i.e., selection, crossover, and mutation. First, a number of best-fit individuals are selected based on a user-defined fitness function. The remaining individuals are discarded. Next, a number of individuals are selected and paired with each other [1]. Each individual pair produces one offspring by partially exchanging their genes around one or more randomly selected crossing points. At the end, a certain number of individuals are selected and the mutation operations are applied, i.e., a randomly selected gene of an individual abruptly changes its value. 2.1 Structure of Genetic algorithm GA has a population of initial individuals to a population of high quality individuals, where each individual represents a solution of the problem. Each individual is called chromosome. Each chromosome is composed of a certain number of genes that in general case does not have to be fixed. The quality of each rule is measured by a fitness function which is quantitative representation of each rule s adoptions to the environment. The procedure starts from an initial population is evolved for a number of generations while the qualities of increasing the fitness value as the measure of quality. During each generation, three basic genetic operators are sequentially applied to each individual with certain probabilities, i.e. selection, crossover and mutation [5]. Crossover consisting of exchanging of the genes between two chromosomes performed in a certain way, while mutation consists of random changing of a value of a randomly chosen 94
3 gene of a chromosome. Both crossover and mutation are performed with a certain possibility, called crossover/mutation rate. Create a population of the chromosome Determine the fitness of each individual Select next generation Display result Perform reproduction using Perform mutation Figure 1: Process of Genetic Algorithm SNORT is an open source ID that is used on Window or Linux operating system. Snort is rule based detection engine which is freely available. Snort is capable of performing real time traffic, analysis, packet logging on IP network. It can detect variety of attack. By protocol analysis and content searching, snort detects thousand of worms, vulnerability exploit attempts, port scan and other behavior. Snort is configurable in three modes: sniffer mode, packet logger mode, network Intrusion Detection system mode. In sniffer mode it simply reads packets of network and displays them on screen. In packet logger mode record the packet to the disk. Network Intrusion Detection system mode analyzes the network traffic against a user defined rule set. Several network features have higher possibilities to be involved in network intrusions. In our approach, some rules are selected from the snort rule set to compose a classification rule [5]. Following are some example of SNORT rules: Rule 1: alert tcp any any -> any any (Content : " ; msg : "Some one visiting facebook at this time" ; sid : ; rev:2 ;) Rule 2 : alert tcp $EXTERNAL_NET > $HOME_NET any (msg:"scan myscan"; flow:stateless; ack:0; flags:s; ttl:>220; classtype:attempted-recon; sid:613; rev:8;) When snort generates an alert message, it will usually look like the following: [**] [158:11:1] (snort_decoder): T/TCP Detected [**] The first number is the Generator ID, this tells the user what component of Snort generated this alert. In this case, we know that this event came from the decode (158) component of Snort. The second number is the Snort ID (sometimes referred to as Signature ID). Rule-based SIDs are written directly into the rules with the sid option. In this case, 11 represents a T/TCP event. The third number is the revision ID. This number is primarily used when writing signatures, as each rendition of the rule should increment this number with the rev option. 95
4 Snort Test Result: 02/12-13:10: [**] [1: :2] Some one visiting facebook at this time [**] [Priority: 0] {TCP} :80 -> : /12-13:17: [**] [1: :2] Some one visiting facebook at this time [**] [Priority: 0] {TCP} :80 -> : Methodology The proposed GA-based intrusion detection approach contains two modules where each works in a different stage. In the training stage; a set of classification rules are generated from network audit data using the GA in an offline environment. In the intrusion detection stage; the generated rules are used to classify incoming network connections in the real time environment. Once the rules are generated; the intrusion detection is simple and efficient. The methodology used by the genetic algorithm is fitness value manipulated on the individuals. The fitness of individuals is dependent upon similarities occurred between different chromosomes corresponding to SNORT rules. A fitness function is a measure of quality that is used to design solution. In the fields of genetic programming and genetic algorithm, each design solution is represented as a string of numbers that is also known as chromosome. After each round of testing the idea is to remove the worst design solution and to keep new ones from the best solutions. Each design solution, needs to be awarded a figure of merit, to indicate how close it came to meeting the overall specification, and this is generated by applying the fitness function to results obtained from that solution. Our development research uses the similarity function as a fitness function for analyzing the performance of the system. To calculate the similarity between two chromosomes many types of similarity function are used. There are a number of possible measures for computing the similarity between chromosomes, but the most common is the Dice, Cosine and Jacard measure. We use the Jacard function as a fitness function for finding the best rules. It is defined as following: Jacard = XY X + Y - XY 3.1 IDS Dataset The dataset was divided into training and test dataset. Training is used to train the work presented here; while test dataset is used to test it. Test dataset contains additional attacks not described in training dataset. The attacks include the four most common categories of attack [8,14]: Denial of service (DoS) attacks; here; the attacker makes some computing or memory resource which makes the system too busy to handle legitimate requests. These attacks may be initiated by flooding a system with communications; abusing legitimate resources; targeting implementation bugs; or exploiting the system s configuration. User to root (U2R) attacks; here; the attacker starts with accessing normal user account and exploits vulnerabilities to gain unauthorized access to the root. The most common U2R attacks cause buffer overflows. Remote to user (R2L) attacks; here; the attacker sends packets to a machine; then exploit the machine s vulnerabilities to gain local access as a user. This unauthorized access from a remote machine may include password guessing. Probing (PROBE); here; the attacker scans a network to gather information or find known vulnerabilities through actions such as port scanning. This table shows some common important network features name. Feature No. Feature Name 1 Flag 2. Src_byte 3. Dst_byte 4. Wrong fragment 5. Urgent 6. hot Table 1: Network Features 96
5 3.2 Results In the experiment; the system was trained with the training dataset; and the JACARD fitness function and the GA parameters were used i.e. 500 generations; 3 initial rules in the population; crossover rate of 0.85; two-point crossover; and mutation rate When the training process was finished; the top best quality rules was taken as the final classification rules. The rules were then used to classify the training data and the testing data respectively. The results are in figure 2: Generations Figure 2: Population generation Kiwi Syslog Server [Freeware] Version /// Kiwi Syslog Server Statistics /// hour period ending on: Mon, 04 Feb :48:57 Syslog Server started on: Mon, 04 Feb :48:29 Syslog Server uptime: 2 hours, 6 minutes Messages received - Total: 8 + Messages received - Last 24 hours: 8 + Messages received - Since Midnight: 8 + Messages received - Last hour: 0 + Message queue overflow - Last hour: 0 + Messages received - This hour: 0 + Message queue overflow - This hour : 0 + Messages per hour - Average: 4 + Messages forwarded: 0 + Messages logged to disk: 8 + Errors - Logging to disk: 2 + Errors - Invalid priority tag: 0 + Errors - No priority tag: 0 + Errors - Oversize message: 0 + Disk space remaining on drive C: MB Message Messages Percentage Level 0 - Emerg % 1 - Alert % 2 - Critical % 3 - Error % 4 - Warning % 5 - Notice % 6 - Info % 7 - Debug % Table 2: Breakdown of Syslog messages by severity 97
6 3.4 Conclusion In this paper; to improve the performance of IDS using Genetic Algorithm is presented. One of the major advantages of this technique is that it is just close to the natural environment because the types of intrusions change and become complicated very rapidly. The proposed detection system can upload and update new rules to the systems as the new intrusions become known. Therefore; it is cost effective and adaptive to real world environment. The GA approach is used to derive a set of classification rules from network audit data. A simple but efficient and flexible fitness function; i.e. the support-confidence framework; is used to select the appropriate rules. Depending on the selection of fitness function weight values; the generated rules can be used to either generally detect network intrusions or precisely classify the types of intrusions. References: [1] A. Chittur; Model Generation for an Intrusion Detection System Using Genetic Algorithms, (accessed in January 2005). [2] Ren Hui Gong; Mohammad Zulkernine; Purang, A software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection. Proceeding of IEEE;2005. [3].Wafa S. AI-Sharafat; Reyadh Sh. Naoum, Adaptive Framework for Network Intrusion Detection by using Genetic based Machine Learning Algorithm. IJCSNS; Vol 9;April [4]. Jose M. Moya; Alvaro Araujo; A genetic algorithm based solution for intrusion detection. Journal of information assurance and security; [5] D. Dasgupta and F. A. Gonzalez; An Intelligent Decision Support System for Intrusion Detection and Response ; MMM-ACNS; Lecture Notes in Computer Science; vol. 2052; pp. 1-14; [6] J. Gomez and D. Dasgupta; Evolving Fuzzy Classifiers for Intrusion Detection ; Proceedings of the IEEE; [7] H. Pohlheim; Genetic and Evolutionary Algorithms: Principles; Methods and Algorithms (accessed in January 2005). [8] MITLincoln Laboratory; DARPA datasets. (accessed in November 2004). [9] B. Mukherjee; L. T. Heberlein; and K. N. Levitt, Network intrusion detection ; IEEE Network; 8(3), pp 26-41; May/June [10] T. Xiao; G. Qu; S. Hariri; and M. Yousif, An Efficient Network Intrusion Detection Method Based on Information Theory and Genetic Algorithm, Proceedings of the 24th IEEE International Performance Computing and Communications Conference (IPCCC 05); Phoenix; AZ; USA [11] S.Selvakani; R.S. Rajesh, Genetic Algorithm for framing rules for intrusion Detection, IJCSNS International Journal of Computer Science and Network Security; VOL.7 No.11; November 2007 [12] A.Christie; W. Fithen; J.McHugh; J.Pickel; E. Stoner, State of the Practice of Intrusion Detection Technologies, Technical Report; Carnegie Mellon University; [13] N.Toosi; M. Kahani, A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers, Computer Communications 30(2007), pp ; [14] M. Sabhnani; G. Serpen, Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context, Proceeding of International Conference on Machine Learning: Models; Technology and Application; Las Vegas; Nevada; USA; June [15] Ch. Sinclair; L. Pierce; S. Matzner, An Application of Machine Learning to Network Intrusion Detection, 15th Annual Computer Security Applications Conference Phoenix; Arizona; December 6-10; 1999 [6] KDD-CUP 1999 Data. 98
Role of Genetic Algorithm in Routing for Large Network
Role of Genetic Algorithm in Routing for Large Network *Mr. Kuldeep Kumar, Computer Programmer, Krishi Vigyan Kendra, CCS Haryana Agriculture University, Hisar. Haryana, India verma1.kuldeep@gmail.com
More informationApproach Using Genetic Algorithm for Intrusion Detection System
Approach Using Genetic Algorithm for Intrusion Detection System 544 Abhijeet Karve Government College of Engineering, Aurangabad, Dr. Babasaheb Ambedkar Marathwada University, Aurangabad, Maharashtra-
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationReview on Data Mining Techniques for Intrusion Detection System
Review on Data Mining Techniques for Intrusion Detection System Sandeep D 1, M. S. Chaudhari 2 Research Scholar, Dept. of Computer Science, P.B.C.E, Nagpur, India 1 HoD, Dept. of Computer Science, P.B.C.E,
More informationISSN: (Online) Volume 4, Issue 3, March 2016 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 4, Issue 3, March 2016 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online
More informationANOMALY DETECTION IN COMMUNICTION NETWORKS
Anomaly Detection Summer School Lecture 2014 ANOMALY DETECTION IN COMMUNICTION NETWORKS Prof. D.J.Parish and Francisco Aparicio-Navarro Loughborough University (School of Electronic, Electrical and Systems
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationAn advanced data leakage detection system analyzing relations between data leak activity
An advanced data leakage detection system analyzing relations between data leak activity Min-Ji Seo 1 Ph. D. Student, Software Convergence Department, Soongsil University, Seoul, 156-743, Korea. 1 Orcid
More informationAdaptive Framework for Network Intrusion Detection by Using Genetic-Based Machine Learning Algorithm
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.4, April 2009 55 Adaptive Framework for Network Intrusion Detection by Using Genetic-Based Machine Learning Algorithm Wafa'
More informationIntrusion Detection System with FGA and MLP Algorithm
Intrusion Detection System with FGA and MLP Algorithm International Journal of Engineering Research & Technology (IJERT) Miss. Madhuri R. Yadav Department Of Computer Engineering Siddhant College Of Engineering,
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationDDoS Attacks Detection Using GA based Optimized Traffic Matrix
2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing DDoS Attacks Detection Using GA based Optimized Traffic Matrix Je Hak Lee yitsup2u@gmail.com Dong
More informationCS419 Spring Computer Security. Vinod Ganapathy Lecture 13. Chapter 6: Intrusion Detection
CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 13 Chapter 6: Intrusion Detection Security Intrusion & Detection Security Intrusion a security event, or combination of multiple security events,
More informationIntrusion Detection - Snort. Network Security Workshop April 2017 Bali Indonesia
Intrusion Detection - Snort Network Security Workshop 25-27 April 2017 Bali Indonesia Issue Date: [31-12-2015] Revision: [V.1] Sometimes, Defenses Fail Our defenses aren t perfect Patches weren t applied
More informationHSNORT: A Hybrid Intrusion Detection System using Artificial Intelligence with Snort
HSNORT: A Hybrid Intrusion Detection System using Artificial Intelligence with Snort Divya Asst. Prof. in CSE Department Haryana Institute of Technology, India Surender Lakra Asst. Prof. in CSE Department
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationAN EVOLUTIONARY APPROACH TO DISTANCE VECTOR ROUTING
International Journal of Latest Research in Science and Technology Volume 3, Issue 3: Page No. 201-205, May-June 2014 http://www.mnkjournals.com/ijlrst.htm ISSN (Online):2278-5299 AN EVOLUTIONARY APPROACH
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationPreprocessing of Stream Data using Attribute Selection based on Survival of the Fittest
Preprocessing of Stream Data using Attribute Selection based on Survival of the Fittest Bhakti V. Gavali 1, Prof. Vivekanand Reddy 2 1 Department of Computer Science and Engineering, Visvesvaraya Technological
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationIntrusion Detection System based on Support Vector Machine and BN-KDD Data Set
Intrusion Detection System based on Support Vector Machine and BN-KDD Data Set Razieh Baradaran, Department of information technology, university of Qom, Qom, Iran R.baradaran@stu.qom.ac.ir Mahdieh HajiMohammadHosseini,
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationA Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks
A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks S. Balachandran, D. Dasgupta, L. Wang Intelligent Security Systems Research Lab Department of Computer Science The University of
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationIDS Using Machine Learning Techniques
Overview IDS Using Machine Learning Techniques COMP 290-40 Brian Begnoche March 23, 2005 What is ML? Why use ML with IDS? ML methods 3 examples ML methods 2 examples Using ML to improve existing NIDSs
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationApplication of Genetic Algorithm in Intrusion Detection System
Application of Genetic Algorithm in Intrusion Detection System Omprakash Chandrakar (Corresponding author) Associate Professor, Department of Computer Science and Technology Uka Tarsadia University, Bardoli,
More informationSPIDeR. A Distributed Multi-Agent Intrusion Detection and Response Framework. Patrick Miller
SPIDeR A Distributed Multi-Agent Intrusion Detection and Response Framework Patrick Miller patrick@spider.doriathproject.com Overview Goals Utilize new and existing sensors collaboratively to generate
More informationModeling Intrusion Detection Systems With Machine Learning And Selected Attributes
Modeling Intrusion Detection Systems With Machine Learning And Selected Attributes Thaksen J. Parvat USET G.G.S.Indratrastha University Dwarka, New Delhi 78 pthaksen.sit@sinhgad.edu Abstract Intrusion
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationIntrusion Detection - Snort
Intrusion Detection - Snort 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures not always up to date 0-days get through Someone brings in an infected
More informationA Genetic Algorithm for Graph Matching using Graph Node Characteristics 1 2
Chapter 5 A Genetic Algorithm for Graph Matching using Graph Node Characteristics 1 2 Graph Matching has attracted the exploration of applying new computing paradigms because of the large number of applications
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationHybrid Feature Selection for Modeling Intrusion Detection Systems
Hybrid Feature Selection for Modeling Intrusion Detection Systems Srilatha Chebrolu, Ajith Abraham and Johnson P Thomas Department of Computer Science, Oklahoma State University, USA ajith.abraham@ieee.org,
More informationClassification of Concept-Drifting Data Streams using Optimized Genetic Algorithm
Classification of Concept-Drifting Data Streams using Optimized Genetic Algorithm E. Padmalatha Asst.prof CBIT C.R.K. Reddy, PhD Professor CBIT B. Padmaja Rani, PhD Professor JNTUH ABSTRACT Data Stream
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationIDuFG: Introducing an Intrusion Detection using Hybrid Fuzzy Genetic Approach
International Journal of Network Security, Vol.17, No.6, PP.754-770, Nov. 2015 754 IDuFG: Introducing an Intrusion Detection using Hybrid Fuzzy Genetic Approach Ghazaleh Javadzadeh 1, Reza Azmi 2 (Corresponding
More informationThe k-means Algorithm and Genetic Algorithm
The k-means Algorithm and Genetic Algorithm k-means algorithm Genetic algorithm Rough set approach Fuzzy set approaches Chapter 8 2 The K-Means Algorithm The K-Means algorithm is a simple yet effective
More informationAPPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.
APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS. Item Type text; Proceedings Authors Kalibjian, Jeffrey R. Publisher International Foundation
More information1. Introduction. 2. Motivation and Problem Definition. Volume 8 Issue 2, February Susmita Mohapatra
Pattern Recall Analysis of the Hopfield Neural Network with a Genetic Algorithm Susmita Mohapatra Department of Computer Science, Utkal University, India Abstract: This paper is focused on the implementation
More informationDetermining the Number of Hidden Neurons in a Multi Layer Feed Forward Neural Network
Determining the Number of Hidden Neurons in a Multi Layer Feed Forward Neural Network Lynn Ray University of Maryland University College 3501 University Blvd East Adelphi, MD 20783. USA ABSTRACT: A neural
More informationDetection of DDoS Attack on the Client Side Using Support Vector Machine
Detection of DDoS Attack on the Client Side Using Support Vector Machine Donghoon Kim * and Ki Young Lee** *Department of Information and Telecommunication Engineering, Incheon National University, Incheon,
More informationFramework For Cloud Computing Networks Pdf
A Cooperative Intrusion Detection System Framework For Cloud Computing Networks Pdf of Intrusion Detection Systems proposed over the years. Cloud Computing Cloud Computing suffers from various network
More informationCHAPTER V KDD CUP 99 DATASET. With the widespread use of computer networks, the number of attacks has grown
CHAPTER V KDD CUP 99 DATASET With the widespread use of computer networks, the number of attacks has grown extensively, and many new hacking tools and intrusive methods have appeared. Using an intrusion
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationAnomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model
264 IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.8, August 2008 Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model M. Bahrololum and M. Khaleghi
More informationEnhancing the features of Intrusion Detection System by using machine learning approaches
International Journal of Scientific and Research Publications, Volume 2, Issue 2, February 2012 1 Enhancing the features of Intrusion Detection System by using machine learning approaches Swati Jaiswal,
More informationNIDS: Snort. Group 8. Niccolò Bisagno, Francesco Fiorenza, Giulio Carlo Gialanella, Riccardo Isoli
NIDS: Snort Group 8 Niccolò Bisagno, Francesco Fiorenza, Giulio Carlo Gialanella, Riccardo Isoli 1 Summary NIDS Snort Syn Flood Attack Exploit Kit Detection: Bleeding Life Packet Level Evasion Snort as
More informationAN OPTIMIZATION GENETIC ALGORITHM FOR IMAGE DATABASES IN AGRICULTURE
AN OPTIMIZATION GENETIC ALGORITHM FOR IMAGE DATABASES IN AGRICULTURE Changwu Zhu 1, Guanxiang Yan 2, Zhi Liu 3, Li Gao 1,* 1 Department of Computer Science, Hua Zhong Normal University, Wuhan 430079, China
More informationIntrusion Detection - Snort
Intrusion Detection - Snort Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures
More informationSoftware Defined Networking based Intrusion Detection System
Software Defined Networking based Intrusion Detection System Payal Kapre 1, Riya Shreshthi 2, Madhuri Kalgane 3, Kalyani Shekatkar 4,Yogita Hande 5 1,2,3,4,5 Dept.Of Comp. Engg.Sinhgad Institutes Of Technology
More informationDenial of Service (DoS) Attack Detection by Using Fuzzy Logic over Network Flows
Denial of Service (DoS) Attack Detection by Using Fuzzy Logic over Network Flows S. Farzaneh Tabatabaei 1, Mazleena Salleh 2, MohammadReza Abbasy 3 and MohammadReza NajafTorkaman 4 Faculty of Computer
More informationCHAPTER 4 DATA PREPROCESSING AND FEATURE SELECTION
55 CHAPTER 4 DATA PREPROCESSING AND FEATURE SELECTION In this work, an intelligent approach for building an efficient NIDS which involves data preprocessing, feature extraction and classification has been
More informationInternational Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013 ISSN
1 Review: Boosting Classifiers For Intrusion Detection Richa Rawat, Anurag Jain ABSTRACT Network and host intrusion detection systems monitor malicious activities and the management station is a technique
More informationCurrent Trends in Network Intrusion Detection Techniques
Current Trends in Network Intrusion Detection Techniques Ritika Lohiya Pranav Varma Yaman patel Dept of CSE, Dept of CSE, Dept of CSE, Nirma University, Nirma University, Nirma University, Ahmedabad. Ahmedabad.
More informationCE Advanced Network Security
CE 817 - Advanced Network Security Lecture 5 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other
More informationNetDetector The Most Advanced Network Security and Forensics Analysis System
Get Real......Real Solutions For Global Networks www.niksun.com NetDetector The Most Advanced Network Security and Forensics Analysis System NIKSUN, Inc. 1100 Cornwall Road Monmouth Junction, NJ 08852
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationAn Ensemble Data Mining Approach for Intrusion Detection in a Computer Network
International Journal of Science and Engineering Investigations vol. 6, issue 62, March 2017 ISSN: 2251-8843 An Ensemble Data Mining Approach for Intrusion Detection in a Computer Network Abisola Ayomide
More informationA Neuro-Fuzzy Classifier for Intrusion Detection Systems
. 11 th International CSI Computer Conference (CSICC 2006), School of Computer Science, IPM, Jan. 24-26, 2006, Tehran, Iran. A Neuro-Fuzzy Classifier for Intrusion Detection Systems Adel Nadjaran Toosi
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationKeywords Intrusion Detection System, Artificial Neural Network, Multi-Layer Perceptron. Apriori algorithm
Volume 3, Issue 6, June 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Detecting and Classifying
More informationUsing a Particle Swarm Optimization Approach for Evolutionary Fuzzy Rule Learning: A Case Study of Intrusion Detection
Using a Particle Swarm Optimization pproach for Evolutionary Fuzzy Rule Learning: Case Study of Intrusion Detection Mohammad Saniee badeh saniee@ce.sharif.edu Jafar Habibi habibi@sharif.edu Department
More informationIntroduction to Genetic Algorithms
Advanced Topics in Image Analysis and Machine Learning Introduction to Genetic Algorithms Week 3 Faculty of Information Science and Engineering Ritsumeikan University Today s class outline Genetic Algorithms
More informationIDS / SNORT. Matsuzaki maz Yoshinobu stole slides from Fakrul Alam
IDS / SNORT Matsuzaki maz Yoshinobu stole slides from Fakrul Alam 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches weren t applied promptly enough Antivirus signatures not
More information9. Security. Safeguard Engine. Safeguard Engine Settings
9. Security Safeguard Engine Traffic Segmentation Settings Storm Control DoS Attack Prevention Settings Zone Defense Settings SSL Safeguard Engine D-Link s Safeguard Engine is a robust and innovative technology
More informationTraining And Testing Anomaly-Based Neural Network Intrusion Detection Systems
Training And Testing Anomaly-Based Neural Network Intrusion Detection Systems Loye Lynn Ray Cyber Security and Information Assurance Department, Adjunct Associate Professor, University of Maryland University
More informationGenetic Algorithm for Finding Shortest Path in a Network
Intern. J. Fuzzy Mathematical Archive Vol. 2, 2013, 43-48 ISSN: 2320 3242 (P), 2320 3250 (online) Published on 26 August 2013 www.researchmathsci.org International Journal of Genetic Algorithm for Finding
More informationFeature Selection in the Corrected KDD -dataset
Feature Selection in the Corrected KDD -dataset ZARGARI, Shahrzad Available from Sheffield Hallam University Research Archive (SHURA) at: http://shura.shu.ac.uk/17048/ This document is the author deposited
More informationVirtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE
International Journal of Scientific & Engineering Research, Volume 4, Issue 4, April-2013 1492 Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE,
More informationEvolving SQL Queries for Data Mining
Evolving SQL Queries for Data Mining Majid Salim and Xin Yao School of Computer Science, The University of Birmingham Edgbaston, Birmingham B15 2TT, UK {msc30mms,x.yao}@cs.bham.ac.uk Abstract. This paper
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 9
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 9 Attacks and Attack Detection (Prevention, Detection and Response) Attacks and Attack
More informationWhy Machine Learning Algorithms Fail in Misuse Detection on KDD Intrusion Detection Data Set
Why Machine Learning Algorithms Fail in Misuse Detection on KDD Intrusion Detection Data Set Maheshkumar Sabhnani and Gursel Serpen Electrical Engineering and Computer Science Department The University
More informationA Flow Based Horizontal Scan Detection Using Genetic Algorithm Approach. These authors contributed to the same extend
A Flow Based Horizontal Scan Detection Using Genetic Algorithm Approach BARATI, M. 1*,, HAKIMI, Z. 1*, JAVADI, A.H. 2 1 Department of Computer Engineering, Qazvin Branch, Islamic Azad University, Qazvin,
More informationIntrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
More informationSelecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets
Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets H. Günes Kayacık, A. Nur Zincir-Heywood, Malcolm I. Heywood Dalhousie University, Faculty
More informationIntroduction to IA Class Notes. 2 Copyright 2018 M. E. Kabay. All rights reserved. 4 Copyright 2018 M. E. Kabay. All rights reserved.
IDS & IPD CSH6 Chapter 27 Intrusion Detection & Intrusion Prevention Devices Rebecca Gurley Bace Topics Security Behind the Firewall Main Concepts Intrusion Prevention Information Sources Analysis Schemes
More informationClassification Of Attacks In Network Intrusion Detection System
International Journal of Scientific & Engineering Research Volume 4, Issue 2, February-2013 1 Classification Of Attacks In Network Intrusion Detection System 1 Shwetambari Ramesh Patil, 2 Dr.Pradeep Deshmukh,
More informationOutline. Intrusion Detection. Intrusion Detection History. Some Challenges. Network-based Host Compromises. Host-based Network Intrusion Detection
Intrusion Detection CS 161/194-1 Anthony D. Joseph September 14, 2005 History Outline Network-based Host Compromise Host-based Network Intrusion Detection Signature-based Anomaly-based Distributed Network
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationComparison of variable learning rate and Levenberg-Marquardt back-propagation training algorithms for detecting attacks in Intrusion Detection Systems
Comparison of variable learning rate and Levenberg-Marquardt back-propagation training algorithms for detecting attacks in Intrusion Detection Systems Tummala Pradeep 1 IV th Year Student, Department of
More informationINTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK
INTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK Abinesh Kamal K. U. and Shiju Sathyadevan Amrita Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa
More informationREMINDER course evaluations are online
REMINDER course evaluations are online http://web.mit.edu/subjectevaluation please fill them out they provide extremely valuable feedback to all instructors 6.033 Spring 2016 Lecture #23 Combating network
More informationThe Parallel Software Design Process. Parallel Software Design
Parallel Software Design The Parallel Software Design Process Deborah Stacey, Chair Dept. of Comp. & Info Sci., University of Guelph dastacey@uoguelph.ca Why Parallel? Why NOT Parallel? Why Talk about
More informationData Reduction and Ensemble Classifiers in Intrusion Detection
Second Asia International Conference on Modelling & Simulation Data Reduction and Ensemble Classifiers in Intrusion Detection Anazida Zainal, Mohd Aizaini Maarof and Siti Mariyam Shamsuddin Faculty of
More informationAn Intelligent CRF Based Feature Selection for Effective Intrusion Detection
44 The International Arab Journal of Information Technology An Intelligent CRF Based Feature Selection for Effective Intrusion Detection Sannasi Ganapathy 1, Pandi Vijayakumar 2, Palanichamy Yogesh 1,
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationEfficient Network Intrusion Detection System Navaneethakrishnan.P a*,theivanathan.g b
World Journal of Technology, Engineering and Research, Volume 2, Issue 1 (2017) 168-173 Contents available at WJTER World Journal of Technology, Engineering and Research Journal Homepage: www.wjter.com
More informationFlow-based Anomaly Intrusion Detection System Using Neural Network
Flow-based Anomaly Intrusion Detection System Using Neural Network tational power to analyze only the basic characteristics of network flow, so as to Intrusion Detection systems (KBIDES) classify the data
More informationNetwork Intrusion Detection Using Fast k-nearest Neighbor Classifier
Network Intrusion Detection Using Fast k-nearest Neighbor Classifier K. Swathi 1, D. Sree Lakshmi 2 1,2 Asst. Professor, Prasad V. Potluri Siddhartha Institute of Technology, Vijayawada Abstract: Fast
More informationINTRUSION DETECTION WITH TREE-BASED DATA MINING CLASSIFICATION TECHNIQUES BY USING KDD DATASET
INTRUSION DETECTION WITH TREE-BASED DATA MINING CLASSIFICATION TECHNIQUES BY USING KDD DATASET Bilal Ahmad Department of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics,
More informationA Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence
2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 206) A Network Intrusion Detection System Architecture Based on Snort and Computational Intelligence Tao Liu, a, Da
More informationInternational Journal of Scientific & Engineering Research, Volume 6, Issue 6, June ISSN
International Journal of Scientific & Engineering Research, Volume 6, Issue 6, June-2015 1496 A Comprehensive Survey of Selected Data Mining Algorithms used for Intrusion Detection Vivek Kumar Srivastava
More informationStudy on the Application Analysis and Future Development of Data Mining Technology
Study on the Application Analysis and Future Development of Data Mining Technology Ge ZHU 1, Feng LIN 2,* 1 Department of Information Science and Technology, Heilongjiang University, Harbin 150080, China
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationANALYSIS ON IDS EVALUATION USING A QUANTITATIVE ASSESSMENT APPROACH
ANALYSIS ON IDS EVALUATION USING A QUANTITATIVE ASSESSMENT APPROACH HATIM MOHAMAD TAHIR NOORULSADIQIN AZBIYA YAACOB SHAHRUDIN AWANG NOR NOR IZZAH YAHYA Computer Security Group Faculty of Information Technology
More informationA Rough Set Based Feature Selection on KDD CUP 99 Data Set
Vol.8, No.1 (2015), pp.149-156 http://dx.doi.org/10.14257/ijdta.2015.8.1.16 A Rough Set Based Feature Selection on KDD CUP 99 Data Set Vinod Rampure 1 and Akhilesh Tiwari 2 Department of CSE & IT, Madhav
More information