IT assets connected on internetwill encounter alien protocols and few parameters of protocol process are exposed as vulnerabilities. Intrusion Detection Systems (IDS) are installed to alerton suspicious traffic or activity. IDS issuesfalse positives alerts, if any behavior construe for partial attack pattern or the IDS lacks environment knowledge. Continuous monitoring of alerts to evolve whether, an alert is false positive or not is a major concern. In this paper we present design of an external module to IDS,to identify false positive alertsbased on anomaly based adaptive learning model. The novel feature of this design is that the system updates behavior profile of assets and environment with adaptive learning process.A mixture model is used for behavior modeling from reference data. The design of the detection and learning process are based on normal behavior and of environment. The anomaly alert identification algorithm isbuiltonSparse Markov Transducers (SMT) based probability.The total process is presented using real-time data. The Experimental results are validated and presentedwith reference to lab environment.
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of
business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of
information between various organizations.
Intrusion Detection Systems have become a needful component in terms of computer and network security. Intrusion detection is
one of the important security constraints for maintaining the integrity of information. Intrusion detection systems are the tools
used for prevention and detection of threats to computer systems. Various approaches have been applied in past that are less
effective to curb the menace of intrusion.
In this paper, a survey on applications of genetic algorithms in intrusion detection systems is carried out.
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
A comprehensive study on classification of passive intrusion and extrusion de...csandit
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in
cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system
attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems
namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet
systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic.
Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods
of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging
endlessly. So it is critical to protect the networks from attackers and the Intrusion detection
technology becomes popular. Therefore, it is necessary that this security concern must be articulate
right from the beginning of the network design and deployment. The intrusion detection technology is the
process of identifying network activity that can lead to a compromise of security policy. Lot of work has
been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a
novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and
manage misuse and anomaly detects
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of
business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of
information between various organizations.
Intrusion Detection Systems have become a needful component in terms of computer and network security. Intrusion detection is
one of the important security constraints for maintaining the integrity of information. Intrusion detection systems are the tools
used for prevention and detection of threats to computer systems. Various approaches have been applied in past that are less
effective to curb the menace of intrusion.
In this paper, a survey on applications of genetic algorithms in intrusion detection systems is carried out.
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
A comprehensive study on classification of passive intrusion and extrusion de...csandit
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in
cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system
attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems
namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet
systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic.
Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods
of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging
endlessly. So it is critical to protect the networks from attackers and the Intrusion detection
technology becomes popular. Therefore, it is necessary that this security concern must be articulate
right from the beginning of the network design and deployment. The intrusion detection technology is the
process of identifying network activity that can lead to a compromise of security policy. Lot of work has
been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a
novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and
manage misuse and anomaly detects
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
In today's interconnected world, one of pervasive issue is how to protect system from intrusion based security attacks. It is an important issue to detect the intrusion attacks for the security of network communication.Denial of Service (DoS) attacks is evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money.Significance of Intrusion detection system (IDS) in computer network security well proven. Intrusion Detection Systems (IDSs) have become an efficient defense tool against network attacks since they allow network administrator to detect policy violations. Mining approach can play very important role in developing intrusion detection system. Classification is identified as an important technique of data mining. This paper evaluates performance of well known classification algorithms for attack classification. The key ideas are to use data mining techniques efficiently for intrusion attack classification. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
A Study of Intrusion Detection System Methods in Computer NetworksEditor IJCATR
Intrusion detection system (IDS) is an application system monitoring the network for malicious or intrusive activity. In these
systems, malicious or intrusive activities intrusion can be detected by using information like port scanning and detecting unusual traffic,
and then they can be reported to the network. Since intrusion detection systems do not involve predefined detection power and intrusion
detection, they require being intelligent. In this case, systems have the capability of learning. They can analyze packages entering the
network, and detect normal and unusual users. The common intelligent methods are neural networks, fuzzy logic, data mining techniques,
and genetic algorithms. In this research, the purpose is to study various intelligent methods.
The Practical Data Mining Model for Efficient IDS through Relational DatabasesIJRES Journal
Enterprise network information system is not only the platform for information sharing and information exchanging, but also the platform for enterprise production automation system and enterprise management system working together. As a result, the security defense of enterprise network information system does not only include information system network security and data security, but also include the security of network business running on information system network, which is the confidentiality, integrity, continuity and real-time of network business. Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements – they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, data mining-based intrusion detection systems (IDSs) have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. Still, significant challenges exist in the design and implementation of production quality IDSs. Incrementing components such as data transformations, model deployment, and cooperative distributed detection remain a labor intensive and complex engineering endeavor. This paper describes DAID, a database-centric architecture that leverages data mining within the Relational RDBMS to address these challenges. DAID also offers numerous advantages in terms of scheduling capabilities, alert infrastructure, data analysis tools, security, scalability, and reliability. DAID is illustrated with an Intrusion Detection Center application prototype that leverages existing functionality in Relational Database 10g. Intrusion detection system work at many levels in the network fabric and are taking the concept of security to a whole new sphere by incorporating intelligence as a tool to protect networks against un-authorized intrusions and newer forms of attack. We have described formal model for the construction of network security situation measurement based on d-s evidence theory, frequent mode, and sequence model extracted from the data on network security situation based on the knowledge found method and convert the pattern on the related rules of the network security situation, and automatic generation of network security situation.
Managing Intrusion Detection Alerts Using Support Vector MachinesCSCJournals
In the computer network world Intrusion detection systems (IDS) are used to identify attacks
against computer systems. They produce security alerts when an attack is done by an intruder.
Since IDSs generate high amount of security alerts, analyzing them are time consuming and error
prone. To solve this problem IDS alert management techniques are introduced. They manage
generated alerts and handle true positive and false positive alerts. In this paper a new alert
management system is presented. It uses support vector machine (SVM) as a core component of
the system that classify generated alerts. The proposed algorithm achieves high accurate result
in false positives reduction and identifying type of true positives. Because of low classification
time per each alert, the system also could be used in active alert management systems.
Outstanding to the promotion of the Internet and local networks, interruption occasions to computer
systems are emerging. Intrusion detection systems are becoming progressively vital in retaining
appropriate network safety. IDS is a software or hardware device that deals with attacks by gathering
information from a numerous system and network sources, then evaluating signs of security complexities.
Enterprise networked systems are unsurprisingly unprotected to the growing threats posed by hackers as
well as malicious users inside to a network. IDS technology is one of the significant tools used now-a-days,
to counter such threat. In this research we have proposed framework by using advance feature selection
and dimensionality reduction technique we can reduce IDS data then applying Fuzzy ARTMAP classifier
we can find intrusions so that we get accurate results within less time. Feature selection, as an active
research area in decreasing dimensionality, eliminating unrelated data, developing learning correctness,
and improving result unambiguousness.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
In order to avoid illegitimate use of any intruder, intrusion detection over the network is one of the critical
issues. An intruder may enter any network or system or server by intruding malicious packets into the
system in order to steal, sniff, manipulate or corrupt any useful and secret information, this process is
referred to as intrusion whereas when packets are transmitted by intruder over the network for any purpose
of intrusion is referred to as attack. With the expanding networking technology, millions of servers
communicate with each other and this expansion is always in progress every day. Due to this fact, more
and more intruders get attention; and so to overcome this need of smart intrusion detection model is a
primary requirement.
By analyzing the feature selection methods the identification of essential features of NSL-KDD data set is
done, then by using selected features and machine learning approach and analyzing the basic features of
networks over the data set a hybrid algorithm is made. Finally a model is produced over the algorithm
containing the rules for the network features.
A hybrid misuse intrusion detection model is made to find attacks on system to improve the intrusion
detection. Based on prior features, intrusions on the system can be detected without any previous learning.
This model contains the advantage of feature selection and machine learning techniques with misuse
detection.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
Nowadays there are several security tools that used to protect computer systems, computer networks, smart devices and etc. against attackers. Intrusion detection system is one of tools used to detect attacks. Intrusion Detection Systems produces large amount of alerts, security experts could not investigate important alerts, also many of that alerts are incorrect or false positives. Alert management systems are set of approaches that used to solve this problem. In this paper a new alert management system is presented. It uses K-nearest neighbor as a core component of the system that classify generated alerts. The suggested system serves precise results against huge amount of generated alerts. Because of low classification time per each alert, the system also could be used in online systems.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal1
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
In today's interconnected world, one of pervasive issue is how to protect system from intrusion based security attacks. It is an important issue to detect the intrusion attacks for the security of network communication.Denial of Service (DoS) attacks is evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money.Significance of Intrusion detection system (IDS) in computer network security well proven. Intrusion Detection Systems (IDSs) have become an efficient defense tool against network attacks since they allow network administrator to detect policy violations. Mining approach can play very important role in developing intrusion detection system. Classification is identified as an important technique of data mining. This paper evaluates performance of well known classification algorithms for attack classification. The key ideas are to use data mining techniques efficiently for intrusion attack classification. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
A Study of Intrusion Detection System Methods in Computer NetworksEditor IJCATR
Intrusion detection system (IDS) is an application system monitoring the network for malicious or intrusive activity. In these
systems, malicious or intrusive activities intrusion can be detected by using information like port scanning and detecting unusual traffic,
and then they can be reported to the network. Since intrusion detection systems do not involve predefined detection power and intrusion
detection, they require being intelligent. In this case, systems have the capability of learning. They can analyze packages entering the
network, and detect normal and unusual users. The common intelligent methods are neural networks, fuzzy logic, data mining techniques,
and genetic algorithms. In this research, the purpose is to study various intelligent methods.
The Practical Data Mining Model for Efficient IDS through Relational DatabasesIJRES Journal
Enterprise network information system is not only the platform for information sharing and information exchanging, but also the platform for enterprise production automation system and enterprise management system working together. As a result, the security defense of enterprise network information system does not only include information system network security and data security, but also include the security of network business running on information system network, which is the confidentiality, integrity, continuity and real-time of network business. Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements – they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, data mining-based intrusion detection systems (IDSs) have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. Still, significant challenges exist in the design and implementation of production quality IDSs. Incrementing components such as data transformations, model deployment, and cooperative distributed detection remain a labor intensive and complex engineering endeavor. This paper describes DAID, a database-centric architecture that leverages data mining within the Relational RDBMS to address these challenges. DAID also offers numerous advantages in terms of scheduling capabilities, alert infrastructure, data analysis tools, security, scalability, and reliability. DAID is illustrated with an Intrusion Detection Center application prototype that leverages existing functionality in Relational Database 10g. Intrusion detection system work at many levels in the network fabric and are taking the concept of security to a whole new sphere by incorporating intelligence as a tool to protect networks against un-authorized intrusions and newer forms of attack. We have described formal model for the construction of network security situation measurement based on d-s evidence theory, frequent mode, and sequence model extracted from the data on network security situation based on the knowledge found method and convert the pattern on the related rules of the network security situation, and automatic generation of network security situation.
Managing Intrusion Detection Alerts Using Support Vector MachinesCSCJournals
In the computer network world Intrusion detection systems (IDS) are used to identify attacks
against computer systems. They produce security alerts when an attack is done by an intruder.
Since IDSs generate high amount of security alerts, analyzing them are time consuming and error
prone. To solve this problem IDS alert management techniques are introduced. They manage
generated alerts and handle true positive and false positive alerts. In this paper a new alert
management system is presented. It uses support vector machine (SVM) as a core component of
the system that classify generated alerts. The proposed algorithm achieves high accurate result
in false positives reduction and identifying type of true positives. Because of low classification
time per each alert, the system also could be used in active alert management systems.
Outstanding to the promotion of the Internet and local networks, interruption occasions to computer
systems are emerging. Intrusion detection systems are becoming progressively vital in retaining
appropriate network safety. IDS is a software or hardware device that deals with attacks by gathering
information from a numerous system and network sources, then evaluating signs of security complexities.
Enterprise networked systems are unsurprisingly unprotected to the growing threats posed by hackers as
well as malicious users inside to a network. IDS technology is one of the significant tools used now-a-days,
to counter such threat. In this research we have proposed framework by using advance feature selection
and dimensionality reduction technique we can reduce IDS data then applying Fuzzy ARTMAP classifier
we can find intrusions so that we get accurate results within less time. Feature selection, as an active
research area in decreasing dimensionality, eliminating unrelated data, developing learning correctness,
and improving result unambiguousness.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
In order to avoid illegitimate use of any intruder, intrusion detection over the network is one of the critical
issues. An intruder may enter any network or system or server by intruding malicious packets into the
system in order to steal, sniff, manipulate or corrupt any useful and secret information, this process is
referred to as intrusion whereas when packets are transmitted by intruder over the network for any purpose
of intrusion is referred to as attack. With the expanding networking technology, millions of servers
communicate with each other and this expansion is always in progress every day. Due to this fact, more
and more intruders get attention; and so to overcome this need of smart intrusion detection model is a
primary requirement.
By analyzing the feature selection methods the identification of essential features of NSL-KDD data set is
done, then by using selected features and machine learning approach and analyzing the basic features of
networks over the data set a hybrid algorithm is made. Finally a model is produced over the algorithm
containing the rules for the network features.
A hybrid misuse intrusion detection model is made to find attacks on system to improve the intrusion
detection. Based on prior features, intrusions on the system can be detected without any previous learning.
This model contains the advantage of feature selection and machine learning techniques with misuse
detection.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
Nowadays there are several security tools that used to protect computer systems, computer networks, smart devices and etc. against attackers. Intrusion detection system is one of tools used to detect attacks. Intrusion Detection Systems produces large amount of alerts, security experts could not investigate important alerts, also many of that alerts are incorrect or false positives. Alert management systems are set of approaches that used to solve this problem. In this paper a new alert management system is presented. It uses K-nearest neighbor as a core component of the system that classify generated alerts. The suggested system serves precise results against huge amount of generated alerts. Because of low classification time per each alert, the system also could be used in online systems.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal1
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
When talk about intrusion, then it is pre- assume
that the intrusion is happened or it is stopped by the intrusion
detection system. This is all done through the process of collection
of network traffic information at certain point of networks in the
digital system. In this way the IDS perform their job to secure the
network. There are two types of Intrusion Detection: First is
Misuse based detection and second one is Anomaly based detection.
The detection which uses data set of known predefined set of
attacks is called Misuse - Based IDSs and Anomaly based IDSs are
capable of detecting new attacks which are not known to previous
data set of attacks and is based on some new heuristic methods. In
our hybrid IDS for computer network security we use Min-Min
algorithm with neural network in hybrid method for improving
performance of higher level of IDS in network. Data releasing is
the problem for privacy point of view, so we first evaluate training
for error from neural network regression state, after that we can get
outer sniffer by using Min length from source, so that we
hybridized as with Min – Min in neural network in hybrid system
which we proposed in our research paper
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)IJARIIE JOURNAL
Around 160 million hector unused is available in India. India is the world’s largest producer of castor oil,
producing over 75% of the total world’s supply. There are over a hundred companies in India-small and
medium-that are into castor oil production, producing a variety of the basic grades o castor oil. All the above
factors make it imperative that the India industry relooks at the castor oil sector in order to devise suitable
strategies to derive the most benefits from such an attractive confluence of factors. Castor oil is unique owing to
its exceptional diversity of application. The oil and its derivatives are used in over 100 different applications in
diverse industries such as paints, lubricants, pharma, cosmetics, paper, rubber and more. Recent developments
have successfully derived polyol from natural oils and synthesized range of PU product from them. However,
making flexible solution from natural oil polyol is still proving challenging. The goal of this thesis is to
understand the potentials and the limitations of natural oil as an alternative to petroleum polyol. An initial
attempt to understand natural oil polyol showed that flexible solution could be synthesized from castor oil,
which produced a rigid solution. Characterization results indicate that the glass transition temperature (Tg) was
the predominant factor that determines the rigidity of the solution. The high Tg of solution was attributed to the
low number of covalent bond between cross linkers.
Articles - International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Supervised Machine Learning Algorithms for Intrusion Detection.pptxssuserf3a100
Intrusion detection systems using supervised machine learning algorithms are considered one of the most important tools used in the field of information security. These systems analyze data and detect illegal activities and intrusions into networks and systems. These systems rely on machine learning techniques to classify data as either normal activity or a hack. These systems include training and testing phases, where the algorithms are trained on a set of pre-labeled data to learn the natural pattern of the data and distinguish between normal activities and intrusions. Many supervisory machine learning algorithms are available for intrusion detection systems, such as Gaussian Naive Bayes, Decision Tree, Random Forest, Support Vector Machine, and Logistic Regression.
The problem of security and electronic breaches targeting networks is one of the biggest problems facing organizations today. To solve this problem, intrusion detection systems (IDS) and their tools can be used to detect and prevent these threats. This file provides an introductory overview of this problem
Security breaches
networks
Infiltration (IDS)
Algorithms
Machine learning
A Survey of Various Intrusion Detection Systemsijsrd.com
In this paper, we present an overview of existing intrusion detection techniques. All these algorithms are described more or less on their own. Intrusion detection system is a very popular and computationally expensive task. We also explain the fundamentals of intrusion detection system. We describe today's approaches for intrusion detection system. From the broad variety of efficient techniques that have been developed we will compare the most important ones. We will systematize the techniques and analyze their performance based on both their run time performance and theoretical considerations. Their strengths and weaknesses are also investigated. It turns out that the behavior of the algorithms is much more similar as to be expected.
Information Systems and Networks are subjected to electronic attacks. When
network attacks hit, organizations are thrown into crisis mode. From the IT department to
call centers, to the board room and beyond, all are fraught with danger until the situation is
under control. Traditional methods which are used to overcome these threats (e.g. firewall,
antivirus software, password protection etc.) do not provide complete security to the system.
This encourages the researchers to develop an Intrusion Detection System which is capable
of detecting and responding to such events. This review paper presents a comprehensive
study of Genetic Algorithm (GA) based Intrusion Detection System (IDS). It provides a
brief overview of rule-based IDS, elaborates the implementation issues of Genetic Algorithm
and also presents a comparative analysis of existing studies.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
Similar to A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF FALSE POSITIVES IN IDS (20)
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF FALSE POSITIVES IN IDS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
DOI : 10.5121/ijnsa.2012.4205 63
A BAYESIAN CLASSIFICATION ON ASSET
VULNERABILITY FOR REAL TIME
REDUCTION OF FALSE POSITIVES IN IDS
G. JACOB VICTOR1
Dr. M SREENIVASA RAO2
Dr. V. CH. VENKAIAH3
1
Director, SERP, RD Department, Hermitage Complex, Hill Fort Road, Hyderabad
jacob.victor@gmail.com
2
Director, School of Information Technology, JNTU, Hyderabad -85
srmeda@jntuap.ac.in
3
Professor, CRRao AIMS & CS, UoH Campus, Hyderabad – 46
venkaiah@hotmail.com
ABSTRACT
IT assets connected on internetwill encounter alien protocols and few parameters of protocol process are
exposed as vulnerabilities. Intrusion Detection Systems (IDS) are installed to alerton suspicious traffic or
activity. IDS issuesfalse positives alerts, if any behavior construe for partial attack pattern or the IDS
lacks environment knowledge. Continuous monitoring of alerts to evolve whether, an alert is false
positive or not is a major concern. In this paper we present design of an external module to IDS,to
identify false positive alertsbased on anomaly based adaptive learning model. The novel feature of this
design is that the system updates behavior profile of assets and environment with adaptive learning
process.A mixture model is used for behavior modeling from reference data. The design of the detection
and learning process are based on normal behavior and of environment. The anomaly alert identification
algorithm isbuiltonSparse Markov Transducers (SMT) based probability.The total process is presented
using real-time data. The Experimental results are validated and presentedwith reference to lab
environment.
KEYWORDS
Anomaly, Common Vulnerability Exposure (CVE),IT policy, True positives, False Positives
1. INTRODUCTION
Computers and internet have become a part of human life. With availability of Internet
connectivity everywhere, there is an increase in the number of computers and devices
connected to the internet. The excess dependence on computers leads to threats and attacks on
the vulnerabilities in IT setup. To address these challenging threats, security tools like Anti-
viruses, Firewalls, Intrusion Detection / Prevention Systems are deployed.
In the last 30 years, after the first report on Intrusion detection publishedby [Anderson1
, 1980),
Intrusion Detection Systems became an interesting and important subject of study. The concept
of IDS design is based on the viewpoint that attackers pattern of actions are unusual compared
to a genuine client. The difference in behavior can be detected. As per [Peng Ning2,
2005]
Intrusion detection systems (IDSs) are a subset of preventive security mechanisms and
deployed along with authentication, access control systems as a subsequent level of protection
1
The work of this author is supported by the Department of Science and Technology, Govt. of India,
New Delhi, under Project No. SR/s4/MS: 516/07 dated 21st April 2008.
2. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
64
to IT Assets. Intrusion Detection/Prevention Systemshave become mandatory security tool to
monitor systems and detect possible attacks [Debar 3
, 1999].
Most of IT systems and user applications were developed in their respective context without
security awareness, thereby susceptible to attacks. In the rest of cases, applications and systems
were developed to operate in one set of environment parameters, deployed in the different setup
resulting in vulnerability.The vigilant security experts introduce more stringent rules by
increasing the security thresholds, to reduce false negatives, resulting in high False Positives.
Figure 1Intrusion Detection System – components
The components of IDS are shown in figure 1. The target system (network) is protected by the
security policy, which defines legitimate actions(profile) on each entity. The Data captured by
sensor will be processed by IDS, consist of commands executed by a user, attacker or by an
application etc. IDS issues alerts, if an intrusion is suspected or detected.Alerts are of two
categories, intrusion alerts and suspected intrusion alerts.
The main reason for large number of false positivesgenerated by IDS is that IDS classifies an
event as anomalous, based on the probability threshold of event depending on current
profile(asset) or rule. The other reason is anomaly-based system may not differentiate
anomalous behavior of legitimate user actions with intrusive behavior (actions). The objective
of this work is to address these scenarios and minimize false positives.
The contribution of this paper is in the design of an adaptive external module for real-time
identification of anomaly in alerts generated by IDS. To attain a linear complexity for detection
algorithm, the case of Mixture Model is used for behavior modeling and Sparse Markov
Transducers based algorithm for identification of anomaly in alerts generated. The novel
Feature is that, the alert is validated with vulnerability on victim system. The experimental
results are showcased to validate the proposed techniques. In the remainder of this paper, we
present these findingssuccessively.
2. RELATED WORK
Different approaches to build anomaly detection models have been proposed and implemented
at design level by many researchers. Statistical Methods are proposed by [Johnson4
, 1998] and
[Roberts5
, 1998] for Anomaly Detection, Adaptive, Model-based Monitoring for Cyber Attack
Detection by [Alfonso6
, 2000]. [Stephanie7
3, 1996] used normal sequences for look ahead
pairs and contiguous sequences. [Sobirey8
, 1996] used expert system to collect data from audit
sources and used it for adaptive intrusion detection. [H S Teng25
, 1990] using inductively
generated sequential patterns, performed adaptive real time anomaly detection. A statistical
method to determine sequences which occur more frequently in intrusion data as opposed to
normal data was implemented by [Helman9
5, 1997]. Many anomaly detection techniques
3. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
65
models were compared by [Christe10
, 1999]. A decision tree applied over the normal data was
used by [Lee11
, 1999]for design of trained prediction model. Neural networks were used to
model normal data by [Ghosh12
,1999]. Model to examine unlabeled data to compare during
intrusion and normal use for anomaly detection was proposed by [Lane13
, 1999]
[Srivastava14
, 2006] proposed Database Intrusion Detection using Weighted Sequence Mining.
[Emmanuel Hooper15
06] designed Intelligent IDS Using Network Quarantine Channels and
Adaptive Policies and Alert Filters. [Venkatachalam16
, 2007]proposed theLAMSTAR neural
network to learn patterns of normal and intrusive activities and to also classify system
activities. [Thoosi17
, 2007]proposed IDS based on An Evolutionary Soft computing model
using Neuro-Fuzzy classifiers.[Victor18
, 2008] proposed a model for Data Mining Approaches
for Intrusion Detection in Email System. Used data mining technique to discover consistent and
useful patterns of email system and recognized anomalies.[Chen19
, 2008] proposed a
classification method based on Support Vector Machines (SVM) with a weighted voting
schema to detect intrusions. [Neelakantan20
, 2008] proposed Approach for Obtaining Network-
Specific Useful Alarms. [Ramana Murthy21
09] Incorporated both anomaly and misuse
detection into the NIDS, to improve Performance of the NIDS. [Rung-Ching22
, 2009] “Using
Rough Set and Supporting Vector Machine for Network Intrusion System to detect
intrusions.[Subbulakshmi23
, 2010] et al proposed “Real Time Classification and Clustering of
IDS Alerts Using Machine Learning Algorithms”. [Vignesh24
, 2010] et al proposed “A Cache
Oblivious based Genetic Algorithm(GA) Solution for Clustering, for eliminating false positives
using a parallelized version of Genetic Algorithm”.
The preparation of behavior profiles to reflect behavior profile of multiple applications running
on a network with multiple communication protocols is a difficult task. At times, it is difficult
to identify profiles of present behavior. We modeled this base reference behavior from the
manual observations of the target network, a representative set of legitimate, non-malicious
entities (users, services, etc). The add-on module with reference profile was created from
vulnerability of target network. The anomalies are detected to update the configuration
(profile), and thereby minimize them.
Bayesian behavior classification is created manually and used for system training, using
parametrical mixture model [Cheeseman26
]. The mixture model parameters of the EM
algorithm [Dampster27
, 1977], [McLachlan28
, 1999] are fitted to accomplish the unsupervised
learning.The model updates the changes in behavior in last phase of process as learning. The
design is such that, the model update behavior profile only after re-estimation of
parameters.The Bayesian techniques used for design of learning, detection and update are
adopted from the earlier works. The process additional adaptive module to IDS will
updateknowledge base automatically.
3. ANOMALY IN ALERT GENERATION MODEL
The IDS functions as anintrusion detection tool by capturing data related to processes or events
in target area and analyze them as per the security policy defined by the organization. Intrusion
activity occurs as a sequence of events. The intrusion activity can be classified into three stages:
(i) Reconnaissance - Sweeps, automated scans and Port scans
(ii) Penetration – Ping, Denial of service (DOS) attacks
(iii) Attack and damage - Compromises the target.
IDS identifies intrusions or suspicious behavior and generate alerts. Suspicious behavior
identification process depends on characterization of behavior or signature. The alerts generated
by IDS can be categorized into four types:
4. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
66
TP ‘True Positive’, alarm issued on intrusive attempt;
FP ‘False Positive’, alarm issued on non-intrusive attempt;
TN ‘True Negative’, no alarm issued and no attempt;
FN ‘False Negative’, no alarm issued on intrusive attempt.
As per Bayesian model,detection rate Dr of IDS can be computed as
Dr=
்
்ାிே
……………………………………….(1)
The false positive rate Fr can be computed as
Fr=
ி
்ேାி
……………………………………….(2)
In the event, IDS does not generate an alarm Dr=0 and therefore the Fr =0; In case, IDS
generate alarms for all cases, Dr= 1 and Fr= 1, as FN=TN=0; in between IDS can exhibit its
behavior. The detection rate Dr is proportionate to environment of target area and IDS
configuration.
Total number of intrusions in a given period of time is sum of the True Positives and False
Negatives. The total number of non-intrusions is the sum of True Negatives and False Positives.
Therefore the Base Rate(BR), which is the probability of an attack on target system is number
of intrusions over the number of events.
BR =
்ାிே
்ାிା்ேାிே
……………………………………….(3)
The Dr and Fr depend on:
(i) Design criteria of IDS
(ii) Environment of target area
a. Security Policy and configuration
b. Vulnerability profile on assets
(iii) The intruder behavior
To build a model to minimize false positives, we propose a probability based algorithm to
tolerate noises in alert data. The assumption is that non-intrusions (false positives alarms) alerts
generated by IDS are more compared to intrusions (true positives) alerts. Therefore occurrence
of actual intrusions is relatively small in number compared with alerts generated by IDS. A
false positive identification model is devised to separate the intrusions on the target network.
4. MODELING PROBABILITY DISTRIBUTIONS TO IDENTIFY FALSE
POSITIVES
A probabilistic approach is proposed to examine whether an alert generated is afalse positive or
a true positive. A mixture model is proposed to model the adaptive learning. Anomaly detection
techniqueusesSparse Markov Transducers probability distribution.
The assumption is that,the number of true positives (intrusions) may be very small, first it was
assumed that every alert as a non-intrusion. The probability distribution is used to test each
element to determine whether it is a non-intrusion or not.Therefore the model assumes two
cases for each alert and λ is the probability of true positives (intrusions), while with (1-λ)
probability alerts corresponds to the non-intrusions (false positives). This motivates a mixture
model for explaining the presence of false positive alerts.
The framework proposes two probability distributions, a majority (non-intrusion) distributionM
and minority (intrusions) distributionI. The properties or types of the distributions M and I are
independent from the framework of mixture model used for explaining the presence of false
5. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
67
positives in the alert data. An element is either generated in the majority distribution with
probability 1-λor from the alternate distribution Iwith probability λ. The distribution for the
entire alerts data is:
D = (1- λ)M+ λI ……………………………………….(4)
The framework is to determine which alerts generated by distribution M and which elements
were generated by the distribution I. Elements generated by I are intrusions (true positives).The
machine learning method is used to model probability distributions.
We assume that for the non-intrusions, a likelihood function ℒMwhich takes as a parameter, a
set of non-intrusion elements Mt, and outputs a probability distribution PMt on the data.
Similarly for intrusions we have likelihood function ℒIand probability distribution PIt.
ܲெ௧ሺܺሻ = ℒெሺܯ௧ሻሺܺሻ …….………………………………….(5)
ܲூ௧ሺܺሻ = ℒூሺܫ௧ሻሺܺሻ ……………………………………….(6)
To identify anomalies in alerts, we have to testelements generated by distribution M or I.For
each element xt, we have to compute and determine whether it is outlier by comparing the
likelihood. If determined asintrusion, should be flagged and moved to It+1, else should remain in
Mt+1as it is false positive alert.
To examine the likelihood of these two cases, we make this determination and the likelihoodℒ
of the distribution D at time t is:
ܮ௧ሺܦሻ = ∏ ܲሺݔሻ =ே
ୀଵ ቀሺ1 − ߣሻ|ெ| ∏ ܲெ
.
௫∈ெ
ሺݔሻቁ ൬ሺߣሻ|ூ| ∏ ܲூ
.
௫ೕ∈ூ
൫ݔ൯൰……..(7)
Where, PMtand PItare the probability distributions over the majority and minority (intrusions)
alerts respectively. For ease of computation, log likelihood (LL) at a time t is computed.
ܮܮ௧ሺDሻ = |ܯ௧| logሺ1 − ߣሻ + ሺlogܲெ௧ሺݔሻሻ + |ܫ௧| log ߣ
.
.
௫∈ெ
+ ൫logܲூሺݔሻ൯
.
.
௫ೕ∈ூ
………..(8)
We compute whether an element is more likely to be a false positive or a true positive using an
external module based on the probability.In other words, we examine the change in behavior
of an activity.
Mt = Mt-1 {xt} …..……………………………………..
(9)
It = It-1∪ {xt} ………………………..………………..
(10)
If this ratio (Lt :Lt-1) or (Lt :Lt-2) or (Lt :Lt+1) is meeting the environment criteria, we declare
the alert as false positive, It = It-1. Otherwise, the alert remains in normal distributionMt =
Mt-1.
5. METHODOLOGY
In order to determine whether alert trace subsequence corresponds to an exploit or normal trace,
we build a probabilistic prediction model which predicts the last (nth
) alert /events given the
previous (n-1) events in the subsequence. In this model, this can be represented as a probability
estimate of the last events conditional on the sequence of previous events. The size of the
window and the placement of the wild cards correspond to the length of the conditioning
sequence and the specific positions in the conditioning sequence on which the probability is
conditioned. To model this type of probability distribution, we use sparse Markov
transducers.Sparse Markov Transducers compute probabilistic mappings over sparse data.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
68
A Sparse Markov Transducers is defined as a probability distribution on a finite set of inputs. A
Sparse Markov Transducers of order L is the conditional probability distribution of the form:
ܲሺܻ௧|ܺ௧ܺ௧ିଵ ܺ௧ିଶ ܺ௧ିଷ ….ܺ௧ሺିଵሻሻ
Where, Xk are random variables over the input alert vectors Σin and Yk is random variable over
the output alert Σout. The distribution stochastically defines a mapping from input to output of
the alerts. We use the Sparse Markov Transducers to model this distribution of order L, which
is a conditional probability of the form:
ܲሺܻ௧|∅ଵ
ܺ௧ଵ ∅ଶ
ܺ௧ଶ … ∅
ܺ௧ሻ
Where, ∅ represents a wild card symbol and ݐ = ݐ − ∑ ݊ − ሺ݅ − 1ሻ
ୀଵ . The Sparse Markov
Transducer estimation algorithm estimates a conditional probability based on a set of inputs and
their outputs. The priori data set is created manually using the tools. In variable order Markov
the value of n changes depending on context. Few data elements may use a bigram, while
others use trigram or n-gram. The Sparse Markov Transducer uses a weighted sum of n-grams
for different values of n, and the weights depend on the context. In this context to have low
complexity, the n is considered as 5. The specific weights of each element depends on the
context or the actual values of Ci,Tt-2,Tt-1, TtTt+1,Tt+2. Each alert in the weighted sum uses a
pseudo-count predictor. This predictor computes the probability of output by number of times
that that specific output was seen in a given context.
The intrusion alerts generated by IDS are independent of any specific probability distribution as
they are random and sparse. The sequence of the events, activities will be tagged at time t. The
intrusive behavior can be result of any of the activity at time Tt-2,Tt-1, TtTt+1,Tt+2. Using Sparse
Markov Transducers Probability model, the alert will be determined to be an element of Mi orIi,.
The data packets in the window between the Ti-2 alert to the Ti+2alert will be tagged and
analyzed. The alert vectors are tagged as:
The Common Vulnerability Exposure (CVE) of the alert is Ci
The alert being examined is Ti
The next alert Ti+1
The previous alert Ti-1
The previous alerts, previous alerts Ti-2
The following parameters are examined from tagged alert vectors:
i. Common Vulnerability Exposure (CVE) ID (code) of the attack: Common
Vulnerability Score System (CVSS) of the CVE, Security authorization controls
impact base line, Source name[BUGTRAQ, OVAL(Open Vulnerability and
assessment Language), CISCO, IBM, OSVDB, MS, REDHAT, SUN, SGI etc]
ii. IP address of the victim
iii. Vulnerability on the victim - Vulnerability status on the victim system (Existing |
Closed)
iv. Alerts previous activity
v. Victim system environment
vi. Connection number, Timestamp, Source IP, Destination IP, Source port,
Destination port, Protocol, Duration, Source bytes, Destination bytes, TCP Flags,
Land packet,
vii. % wrong frag, % urgent, % Resent, % Wrong resent, % Duplicate ACK, % wrong
data packet size, % data packets, # SYN flags, # RST flags, # FIN flags
The packets in the window Ti-2 to the Ti+2will be analyzed.To decide an alert is true positive or
false positive, the environment dependent threshold is computed.The tagged data in the window
is validated by computing the thresholds. This process is repeated for every element and in the
7. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
69
end we get a partition of alerts data into two sets, majority elements (false positives) and a set
of intrusion elements.The computations are as per the Sparse Markov Transducers probability
distribution.The vulnerability data created will be used for further updation by the learning
process by adding a recod in that class. Further, the alert is validated with the asset vulnerability
data to reconfirm respective attack is feasible and possible.
The schematic representation of the process is given below:
Figure 2 Model for Asset Vulnerabilities compliance to minimize the false positives
6. EXPERIMENTAL RESULTS
The work was evaluated on a gigabit network in a campus with online real-time traffic data on
LAN segment. The IDS is configured on a LAN segment to observe the traffic. The
environment consists of Snort(Version 2.6) intrusion detection system for obtaining network
specific alarms, Winpcap(Version 4.0), software sensor to collect the packets to feed the IDS
and MySql(Version 4.0.25) for storing the data. Retina free download version was used to
creating the vulnerability database of the target area.
The base knowledgebase was created with major classifications. The first calcification is based
on of sequences of events. The other is sequence of events linked with the asset and its
vulnerability. The vulnerability data will be updated as and when the patches are released for
the retina database. For every sequence of length n, the sequence database will be updated for
every sequence validated by the system, if the same sequence not exists.
The observed results are indicative of the Knowledgebase was updated with respect to
environment. 25,592 sequences were examined by the system during the experiment. 9156
records were updated in knowledgebase for cases of true positives, false positives and false
negatives. The system identified 1612, 2466, 2372 and 2412 false positive alerts in four equal
intervals after examining 6879, 7419, 5890 and 5404 sequences (classes) respective intervals.
Further the system identified and confirmed 369, 563, 708 and 782 alerts as true positives.
The alert data could be classified in to two major categories True positive (TP) and False
Positive (FP). The probability distribution for the alarms data is not clearly known, hence
Alert data (Ti-2,Ti-1,
Ti and Ti+1)
Mining of
Knowledge Base
/ sparse data
StandardIDS Not Mapped
Alert
False positive
Alert
Matched
vulnerability
Verify Vulnerability on the
victim Asset
Network Traffic
Knowledge base
(KB) CVE of alert,
IP, the Victim
system, etc
Update Knowledge Base (KB)
in the IDS external Module
Mapped Alert
True Positive
alert
Not Matched Vulnerability
8. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
70
Receiver Operating Characteristic (ROC) curve used for analyze and to visualize two-
dimensional data at their decision threshold levels. It is considered that the real-time data used
in evaluation is representative of the environment in target area. The accuracy of one set of live
data varies from its accuracy, at different testing intervals. The experiment was performed in
four equal intervals.
The ROC curve, illustrate the complete, i.e., two-dimensional accuracy of signal detectors on a
given data set. The ROC curve gives a sense of how IDS is behaving on a particular
environment. The ROC curve is starting point for more detailed analyses about expected
accuracy and cost of detector.
Table1 True Positive, False Positives and base Rate
S
no
True
positive
False
Positives
False
Negatives
True
Negatives
FP
Rate
TP
Rate
Total
alerts % of FPs
1 0 0 0 0 0.000 0.000
2 369 1612 70 4828 0.250 0.84 6879 23.43
3 563 2466 68 4322 0.363 0.89 7419 33.24
4 708 2372 78 2732 0.465 0.90 5890 40.27
5 782 2412 78 2132 0.531 0.91 5404 44.63
We use ROC curve to indicate the accuracy of the IDS. The accuracy is revealed in the shape of
curve, is two-dimensional because there are two kinds of events, and hence two kinds of
accuracies possible. The first dimension is the success rate (probability of true positives) on y-
axis. The second dimension falsely identifying alarms (probability of false positives) on x-axis.
If, ROC curve with y-values grow at a faster rate than its x-values, resulting in a curve shape
which rises swiftly upward is an ideal ROC curve. The decision threshold shall change to be
more lenient, the x-values must also grow large, catching up with the success values for signals
(y-values).
IDS accuracy is indicated by the rise or “bowness” of the ROC curve (a). A perfect ROC curve
passes through the point (0,1) (b) each point along the ROC curve corresponds to a different
operating mode, or decision threshold. Points (0,0) indicate exclusive criterion; The more
accurate curves bulge outward to the upper-left, nearing the point of perfection at (0,1).
Graph 1 ROC Curve with VDB application First Trail
0.00
0.84
0.89 0.900.91
1.00
0.00
0.20
0.40
0.60
0.80
1.00
1.20
0.000 0.200 0.400 0.600 0.800 1.000 1.200
Intrusiondetectionrate
False Positives rate
ROC Curve
9. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
71
There is slight increase in reduction of false positives because of learning process of the system.
This experiment was done on the real time data. As the alerts distribution is completely
independent of the vulnerabilities and environment variables.
7. CONCLUSIONS AND FUTURE WORK
The art of detecting intrusions into IT systems is in primitive stage even after 30 years of its
existence. Even though we are able to address intrusions, IDS generate a large number of false
positive alarms. IDS made it mandatory for human intervention to validate alarms. Almost all
work done by the researchers was on reduction of false positives at design level. The current
work is done on implementation end to assist security administrator. The model with add-on
module is developed and implemented. The experiments were carried out on real time data.
Every alarm is examined by an add-on module whether it is a true positive or false positive.
The use of mixture models implies the assumption of statistical independence between trials,
which can be restrictive in some cases, hence Stochastic models are considered for
identification of anomaly.
We have presented a newmodel in identifying anomalies in Alerts generated by IDS, using an
add-on module to IDS, using a mixture model for behavior modeling and Sparse Markov
Transducers for detection of anomaly. Continuous model update is accomplished by model
parameter re-estimation. Algorithms for detection and update phases are designed for real-time
operations. Our experiments show that proposed algorithms present real-time feasibility with no
special or additional hardware requirement. Functional validation has been considered for
intrusion detection in a real-time environment.
The objective is to minimize false positives. The alerts were analyzed and results are presented.
The observed results are indicative of the environment. The system effectively analyzed and
identified false positives alarms. The reduction of false was 22.46%, 32.37%, 39.36% and
43.68% in the first, second, third and fourth weeks, when compared with all alerts. The system
effectively analyzed and identified 100 % true positives alerts.
The critical evaluation is done on alert using an “Anomaly in alert” and supplemented by
“vulnerability complianceof the alert with asset” to reinforce verification process is presented.
The work has established a “framework which enables the administrator to effectively analyze
alerts”and identify the alarm is a false positive or true positives.From this framework, an
adaptive module was modeled.
The model is tested with only with one type of vulnerability Bugtraq ID. The intrusions with
other CVE IDs shall be considered for further stabilization of the system. The proposed system
has limitation of evaluating only alerts data. The data of alerts only considered for evaluating
the model, the remaining data to be considered to examine false Negatives.
8. REFERENCES
[1] Anderson, J P (1980), “Computer Security threat Monitoring and surveillance (Technical Report)”.
Fort Washington, PA: James P Anderson Company.
[2] Peng Ning(2005), “Intrusion Detection Systems Basics”, published in “Hand Book of Computer”,
Volume 3, edited by Hossien Bidgoli, Published by John Wiley& Sons, Inc (PP 685 to 700)
[3] H. Debar, M. Dacier and A. Wespi, “A Revised Taxonomy for Intrusion-Detection Systems,” IBM
Research Report, 1999.
11. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.2, March 2012
73
[22] Rung-Ching Chen, Kai-Fan Cheng, Ying-Hao Chen, Chia-Fen Hsieh, Chaoyang Univ. of Technol.,
Wufeng, Taiwan, Using Rough Set and Supporting Vector Machine for Nwtwork Intrusion System,
Conference on Intelligent Information and Database Systems (April2009, p465),
http://doi.ieeecomputersociety.org/10.1109/ACIIDS.2009.59
[23] Subbulakshmi T, George Mathew,Dr. S. Mercy Shalinie, “Real Time Classification And Clustering
Of Ids Alerts Using Machine Learning Algorithms”, International Journal of Artificial Intelligence
& Applications (IJAIA), Vol. 1, No.1, January 2010.
[24] Vignesh R, Ganesh B, Aarthi G, Iyswarya N, “A Cache Oblivious based GA Solution for
Clustering, Problem in IDS”, International Journal of Computer Applications (0975 – 8887), 2010,
Volume 1 – No. 11
[25] H. S. Teng , K. Chen, and S. C. Lu. Adaptive real-time anomaly detection using inductively
generated sequential patterns. In Proceedings of the IEEE Symposium on Research in Security and
Privacy, pages 278–284, Oakland CA, May 1990.
[26] P. Cheeseman and J. Stutz, 1996. “Bayesian classification (Auto Class): theory and results in
Advances in Knowledge Discovery and Data Mining”, edited by U.M. Fayyad et al., California: The
AAAI Press, pp: 61-83.
[27] A.P. Dempster, N. M. Laird and D. B. Rubin, 1977. Journal of the Royal Statistical Society B 39,
pp: 1-38.
[28] G. J. McLachlan, D. Peel, K. E. Basford and P. Adams, 1999. Journal of Statistical Software 04.
Authors:
1. G Jacob Victor: BE(CS), from Andhra University, M.Tech (CS), from BIT, Ranchi, India; Certified
Software Quality Professional (CSQP), Certified Information System Auditor (CISA), Currently,
Director (IT), SERP, RD Department, Govt. of AP, India. 25 years of IT Experience in Industry &
Government.
2. Dr. M Sreenivasa Rao, Director, School of Information Technology, JNT University, Hyderabad,India,
Obtained his Graduation and Post graduation in Engineering from JNT University, Hyderabad and Ph D
from University of Hyderabad. Over 27 Years of IT Experience in the Academia and Industry.
3. Dr. V. Ch. Venkaiah,Professor,CRRao AIMS & CS, UoH Campus, Gachibowli, Hyderabad, India,
obtained PhD. from IISc, Bangalore, 24 years of research experience & academic Recipient of CSIR’s
both Junior and Senior Research Fellowship. Selected for both CSIR Research Associateship and Indo-
USSR Post doctoral fellowships.