This document describes a computer intrusion detection system that uses a two-objective fuzzy genetic algorithm. The system aims to (1) maximize detection rate and (2) minimize the number of rules while maintaining a low false rate. It generates fuzzy rules from training data to classify known attack patterns. A genetic algorithm is then applied to find non-dominated sets of rules that optimize the two objectives. The best performing rule set is used as signatures to detect known intrusions in test data.
Survey of network anomaly detection using markov chainijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Minkowski Distance based Feature Selection Algorithm for Effective Intrusion ...IJMER
Intrusion Detection System (IDS) plays a major role in the provision of effective security to various types of networks. Moreover, Intrusion Detection System for networks need appropriate rule set for classifying network bench mark data into normal or attack patterns. Generally, each dataset is characterized by a large set of features. However, all these features will not be relevant or fully contribute in identifying an attack. Since different attacks need various subsets to provide better detection accuracy. In this paper an improved feature selection algorithm is proposed to identify the most appropriate subset of features for detecting a certain attacks. This proposed method is based on Minkowski distance feature ranking and an improved exhaustive search that selects a better combination of features. This system has been evaluated using the KDD CUP 1999 dataset and also with EMSVM [1] classifier. The experimental results show that the proposed system provides high classification accuracy and low false alarm rate when applied on the reduced feature subsets
ANALYSIS OF MACHINE LEARNING ALGORITHMS WITH FEATURE SELECTION FOR INTRUSION ...IJNSA Journal
In recent times, various machine learning classifiers are used to improve network intrusion detection. The researchers have proposed many solutions for intrusion detection in the literature. The machine learning classifiers are trained on older datasets for intrusion detection, which limits their detection accuracy. So, there is a need to train the machine learning classifiers on the latest dataset. In this paper, UNSW-NB15, the latest dataset is used to train machine learning classifiers. The selected classifiers such as K-Nearest Neighbors (KNN), Stochastic Gradient Descent (SGD), Random Forest (RF), Logistic Regression (LR), and Naïve Bayes (NB) classifiers are used for training from the taxonomy of classifiers based on lazy and eager learners. In this paper, Chi-Square, a filter-based feature selection technique, is applied to the UNSW-NB15 dataset to reduce the irrelevant and redundant features. The performance of classifiers is measured in terms of Accuracy, Mean Squared Error (MSE), Precision, Recall, F1-Score, True Positive Rate (TPR) and False Positive Rate (FPR) with or without feature selection technique and comparative analysis of these machine learning classifiers is carried out.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
An Empirical Comparison and Feature Reduction Performance Analysis of Intrusi...ijctcm
This paper reports on the empirical evaluation of five machine learning algorithm such as J48, BayesNet, OneR, NB and ZeroR using ten performance criteria: accuracy, precision, recall, F-Measure, incorrectly classified instances, kappa statistic, mean absolute error, root mean squared error, relative absolute error, root relative squared error. The aim of this paper is to find out which classifier is better in its performance for intrusion detection system. Machine Learning is one of the methods used in the intrusion detection system (IDS).Based on this study, it can be concluded that J48 decision tree is the most suitable associated algorithm than the other four algorithms. In this paper we compared the performance of Intrusion Detection System (IDS) Classifiers using seven feature reduction techniques.
Survey of network anomaly detection using markov chainijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Minkowski Distance based Feature Selection Algorithm for Effective Intrusion ...IJMER
Intrusion Detection System (IDS) plays a major role in the provision of effective security to various types of networks. Moreover, Intrusion Detection System for networks need appropriate rule set for classifying network bench mark data into normal or attack patterns. Generally, each dataset is characterized by a large set of features. However, all these features will not be relevant or fully contribute in identifying an attack. Since different attacks need various subsets to provide better detection accuracy. In this paper an improved feature selection algorithm is proposed to identify the most appropriate subset of features for detecting a certain attacks. This proposed method is based on Minkowski distance feature ranking and an improved exhaustive search that selects a better combination of features. This system has been evaluated using the KDD CUP 1999 dataset and also with EMSVM [1] classifier. The experimental results show that the proposed system provides high classification accuracy and low false alarm rate when applied on the reduced feature subsets
ANALYSIS OF MACHINE LEARNING ALGORITHMS WITH FEATURE SELECTION FOR INTRUSION ...IJNSA Journal
In recent times, various machine learning classifiers are used to improve network intrusion detection. The researchers have proposed many solutions for intrusion detection in the literature. The machine learning classifiers are trained on older datasets for intrusion detection, which limits their detection accuracy. So, there is a need to train the machine learning classifiers on the latest dataset. In this paper, UNSW-NB15, the latest dataset is used to train machine learning classifiers. The selected classifiers such as K-Nearest Neighbors (KNN), Stochastic Gradient Descent (SGD), Random Forest (RF), Logistic Regression (LR), and Naïve Bayes (NB) classifiers are used for training from the taxonomy of classifiers based on lazy and eager learners. In this paper, Chi-Square, a filter-based feature selection technique, is applied to the UNSW-NB15 dataset to reduce the irrelevant and redundant features. The performance of classifiers is measured in terms of Accuracy, Mean Squared Error (MSE), Precision, Recall, F1-Score, True Positive Rate (TPR) and False Positive Rate (FPR) with or without feature selection technique and comparative analysis of these machine learning classifiers is carried out.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
An Empirical Comparison and Feature Reduction Performance Analysis of Intrusi...ijctcm
This paper reports on the empirical evaluation of five machine learning algorithm such as J48, BayesNet, OneR, NB and ZeroR using ten performance criteria: accuracy, precision, recall, F-Measure, incorrectly classified instances, kappa statistic, mean absolute error, root mean squared error, relative absolute error, root relative squared error. The aim of this paper is to find out which classifier is better in its performance for intrusion detection system. Machine Learning is one of the methods used in the intrusion detection system (IDS).Based on this study, it can be concluded that J48 decision tree is the most suitable associated algorithm than the other four algorithms. In this paper we compared the performance of Intrusion Detection System (IDS) Classifiers using seven feature reduction techniques.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of
business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of
information between various organizations.
Intrusion Detection Systems have become a needful component in terms of computer and network security. Intrusion detection is
one of the important security constraints for maintaining the integrity of information. Intrusion detection systems are the tools
used for prevention and detection of threats to computer systems. Various approaches have been applied in past that are less
effective to curb the menace of intrusion.
In this paper, a survey on applications of genetic algorithms in intrusion detection systems is carried out.
an error in that computer program. In order to improve the software quality, prediction of faulty modules is
necessary. Various Metric suites and techniques are available to predict the modules which are critical and
likely to be fault prone. Genetic Algorithm is a problem solving algorithm. It uses genetics as its model of
problem solving. It’s a search technique to find approximate solutions to optimization and search
problems.Genetic algorithm is applied for solving the problem of faulty module prediction and as well as
for finding the most important attribute for fault occurrence. In order to perform the analysis, performance
validation of the Genetic Algorithm using open source software jEdit is done. The results are measured in
terms Accuracy and Error in predicting by calculating probability of detection and probability of false
Alarms
Software Defect Prediction Using Radial Basis and Probabilistic Neural NetworksEditor IJCATR
Defects in modules of software systems is a major problem in software development. There are a variety of data mining
techniques used to predict software defects such as regression, association rules, clustering, and classification. This paper is concerned
with classification based software defect prediction. This paper investigates the effectiveness of using a radial basis function neural
network and a probabilistic neural network on prediction accuracy and defect prediction. The conclusions to be drawn from this work is
that the neural networks used in here provide an acceptable level of accuracy but a poor defect prediction ability. Probabilistic neural
networks perform consistently better with respect to the two performance measures used across all datasets. It may be advisable to use
a range of software defect prediction models to complement each other rather than relying on a single technique.
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsIJNSA Journal
Anomaly-based Intrusion Detection Systems (IDS) have gained increased popularity over time. There are many proposed anomaly-based systems using different Machine Learning (ML) algorithms and techniques, however there is no standard benchmark to compare them based on quantifiable measures. In this paper, we propose a benchmark that measures both accuracy and performance to produce objective metrics that can be used in the evaluation of each algorithm implementation. We then use this benchmark to compare accuracy as well as the performance of four different Anomaly-based IDS solutions based on various ML algorithms. The algorithms include Naive Bayes, Support Vector Machines, Neural Networks, and K-means Clustering. The benchmark evaluation is performed on the popular NSL-KDD dataset. The experimental results show the differences in accuracy and performance between these Anomaly-based IDS solutions on the dataset. The results also demonstrate how this benchmark can be used to create useful metrics for such comparisons.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...gerogepatton
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)IJARIIE JOURNAL
Around 160 million hector unused is available in India. India is the world’s largest producer of castor oil,
producing over 75% of the total world’s supply. There are over a hundred companies in India-small and
medium-that are into castor oil production, producing a variety of the basic grades o castor oil. All the above
factors make it imperative that the India industry relooks at the castor oil sector in order to devise suitable
strategies to derive the most benefits from such an attractive confluence of factors. Castor oil is unique owing to
its exceptional diversity of application. The oil and its derivatives are used in over 100 different applications in
diverse industries such as paints, lubricants, pharma, cosmetics, paper, rubber and more. Recent developments
have successfully derived polyol from natural oils and synthesized range of PU product from them. However,
making flexible solution from natural oil polyol is still proving challenging. The goal of this thesis is to
understand the potentials and the limitations of natural oil as an alternative to petroleum polyol. An initial
attempt to understand natural oil polyol showed that flexible solution could be synthesized from castor oil,
which produced a rigid solution. Characterization results indicate that the glass transition temperature (Tg) was
the predominant factor that determines the rigidity of the solution. The high Tg of solution was attributed to the
low number of covalent bond between cross linkers.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
SURVEY OF NETWORK ANOMALY DETECTION USING MARKOV CHAINijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of
business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of
information between various organizations.
Intrusion Detection Systems have become a needful component in terms of computer and network security. Intrusion detection is
one of the important security constraints for maintaining the integrity of information. Intrusion detection systems are the tools
used for prevention and detection of threats to computer systems. Various approaches have been applied in past that are less
effective to curb the menace of intrusion.
In this paper, a survey on applications of genetic algorithms in intrusion detection systems is carried out.
an error in that computer program. In order to improve the software quality, prediction of faulty modules is
necessary. Various Metric suites and techniques are available to predict the modules which are critical and
likely to be fault prone. Genetic Algorithm is a problem solving algorithm. It uses genetics as its model of
problem solving. It’s a search technique to find approximate solutions to optimization and search
problems.Genetic algorithm is applied for solving the problem of faulty module prediction and as well as
for finding the most important attribute for fault occurrence. In order to perform the analysis, performance
validation of the Genetic Algorithm using open source software jEdit is done. The results are measured in
terms Accuracy and Error in predicting by calculating probability of detection and probability of false
Alarms
Software Defect Prediction Using Radial Basis and Probabilistic Neural NetworksEditor IJCATR
Defects in modules of software systems is a major problem in software development. There are a variety of data mining
techniques used to predict software defects such as regression, association rules, clustering, and classification. This paper is concerned
with classification based software defect prediction. This paper investigates the effectiveness of using a radial basis function neural
network and a probabilistic neural network on prediction accuracy and defect prediction. The conclusions to be drawn from this work is
that the neural networks used in here provide an acceptable level of accuracy but a poor defect prediction ability. Probabilistic neural
networks perform consistently better with respect to the two performance measures used across all datasets. It may be advisable to use
a range of software defect prediction models to complement each other rather than relying on a single technique.
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsIJNSA Journal
Anomaly-based Intrusion Detection Systems (IDS) have gained increased popularity over time. There are many proposed anomaly-based systems using different Machine Learning (ML) algorithms and techniques, however there is no standard benchmark to compare them based on quantifiable measures. In this paper, we propose a benchmark that measures both accuracy and performance to produce objective metrics that can be used in the evaluation of each algorithm implementation. We then use this benchmark to compare accuracy as well as the performance of four different Anomaly-based IDS solutions based on various ML algorithms. The algorithms include Naive Bayes, Support Vector Machines, Neural Networks, and K-means Clustering. The benchmark evaluation is performed on the popular NSL-KDD dataset. The experimental results show the differences in accuracy and performance between these Anomaly-based IDS solutions on the dataset. The results also demonstrate how this benchmark can be used to create useful metrics for such comparisons.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...gerogepatton
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)IJARIIE JOURNAL
Around 160 million hector unused is available in India. India is the world’s largest producer of castor oil,
producing over 75% of the total world’s supply. There are over a hundred companies in India-small and
medium-that are into castor oil production, producing a variety of the basic grades o castor oil. All the above
factors make it imperative that the India industry relooks at the castor oil sector in order to devise suitable
strategies to derive the most benefits from such an attractive confluence of factors. Castor oil is unique owing to
its exceptional diversity of application. The oil and its derivatives are used in over 100 different applications in
diverse industries such as paints, lubricants, pharma, cosmetics, paper, rubber and more. Recent developments
have successfully derived polyol from natural oils and synthesized range of PU product from them. However,
making flexible solution from natural oil polyol is still proving challenging. The goal of this thesis is to
understand the potentials and the limitations of natural oil as an alternative to petroleum polyol. An initial
attempt to understand natural oil polyol showed that flexible solution could be synthesized from castor oil,
which produced a rigid solution. Characterization results indicate that the glass transition temperature (Tg) was
the predominant factor that determines the rigidity of the solution. The high Tg of solution was attributed to the
low number of covalent bond between cross linkers.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
SURVEY OF NETWORK ANOMALY DETECTION USING MARKOV CHAINijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Similar to COMPUTER INTRUSION DETECTION BY TWOOBJECTIVE FUZZY GENETIC ALGORITHM (20)
ANALYSIS OF LAND SURFACE DEFORMATION GRADIENT BY DINSAR cscpconf
The progressive development of Synthetic Aperture Radar (SAR) systems diversify the exploitation of the generated images by these systems in different applications of geoscience. Detection and monitoring surface deformations, procreated by various phenomena had benefited from this evolution and had been realized by interferometry (InSAR) and differential interferometry (DInSAR) techniques. Nevertheless, spatial and temporal decorrelations of the interferometric couples used, limit strongly the precision of analysis results by these techniques. In this context, we propose, in this work, a methodological approach of surface deformation detection and analysis by differential interferograms to show the limits of this technique according to noise quality and level. The detectability model is generated from the deformation signatures, by simulating a linear fault merged to the images couples of ERS1 / ERS2 sensors acquired in a region of the Algerian south.
4D AUTOMATIC LIP-READING FOR SPEAKER'S FACE IDENTIFCATIONcscpconf
A novel based a trajectory-guided, concatenating approach for synthesizing high-quality image real sample renders video is proposed . The lips reading automated is seeking for modeled the closest real image sample sequence preserve in the library under the data video to the HMM predicted trajectory. The object trajectory is modeled obtained by projecting the face patterns into an KDA feature space is estimated. The approach for speaker's face identification by using synthesise the identity surface of a subject face from a small sample of patterns which sparsely each the view sphere. An KDA algorithm use to the Lip-reading image is discrimination, after that work consisted of in the low dimensional for the fundamental lip features vector is reduced by using the 2D-DCT.The mouth of the set area dimensionality is ordered by a normally reduction base on the PCA to obtain the Eigen lips approach, their proposed approach by[33]. The subjective performance results of the cost function under the automatic lips reading modeled , which wasn’t illustrate the superior performance of the
method.
MOVING FROM WATERFALL TO AGILE PROCESS IN SOFTWARE ENGINEERING CAPSTONE PROJE...cscpconf
Universities offer software engineering capstone course to simulate a real world-working environment in which students can work in a team for a fixed period to deliver a quality product. The objective of the paper is to report on our experience in moving from Waterfall process to Agile process in conducting the software engineering capstone project. We present the capstone course designs for both Waterfall driven and Agile driven methodologies that highlight the structure, deliverables and assessment plans.To evaluate the improvement, we conducted a survey for two different sections taught by two different instructors to evaluate students’ experience in moving from traditional Waterfall model to Agile like process. Twentyeight students filled the survey. The survey consisted of eight multiple-choice questions and an open-ended question to collect feedback from students. The survey results show that students were able to attain hands one experience, which simulate a real world-working environment. The results also show that the Agile approach helped students to have overall better design and avoid mistakes they have made in the initial design completed in of the first phase of the capstone project. In addition, they were able to decide on their team capabilities, training needs and thus learn the required technologies earlier which is reflected on the final product quality
PROMOTING STUDENT ENGAGEMENT USING SOCIAL MEDIA TECHNOLOGIEScscpconf
Using social media in education provides learners with an informal way for communication. Informal communication tends to remove barriers and hence promotes student engagement. This paper presents our experience in using three different social media technologies in teaching software project management course. We conducted different surveys at the end of every semester to evaluate students’ satisfaction and engagement. Results show that using social media enhances students’ engagement and satisfaction. However, familiarity with the tool is an important factor for student satisfaction.
A SURVEY ON QUESTION ANSWERING SYSTEMS: THE ADVANCES OF FUZZY LOGICcscpconf
In real world computing environment with using a computer to answer questions has been a human dream since the beginning of the digital era, Question-answering systems are referred to as intelligent systems, that can be used to provide responses for the questions being asked by the user based on certain facts or rules stored in the knowledge base it can generate answers of questions asked in natural , and the first main idea of fuzzy logic was to working on the problem of computer understanding of natural language, so this survey paper provides an overview on what Question-Answering is and its system architecture and the possible relationship and
different with fuzzy logic, as well as the previous related research with respect to approaches that were followed. At the end, the survey provides an analytical discussion of the proposed QA models, along or combined with fuzzy logic and their main contributions and limitations.
DYNAMIC PHONE WARPING – A METHOD TO MEASURE THE DISTANCE BETWEEN PRONUNCIATIONS cscpconf
Human beings generate different speech waveforms while speaking the same word at different times. Also, different human beings have different accents and generate significantly varying speech waveforms for the same word. There is a need to measure the distances between various words which facilitate preparation of pronunciation dictionaries. A new algorithm called Dynamic Phone Warping (DPW) is presented in this paper. It uses dynamic programming technique for global alignment and shortest distance measurements. The DPW algorithm can be used to enhance the pronunciation dictionaries of the well-known languages like English or to build pronunciation dictionaries to the less known sparse languages. The precision measurement experiments show 88.9% accuracy.
INTELLIGENT ELECTRONIC ASSESSMENT FOR SUBJECTIVE EXAMS cscpconf
In education, the use of electronic (E) examination systems is not a novel idea, as Eexamination systems have been used to conduct objective assessments for the last few years. This research deals with randomly designed E-examinations and proposes an E-assessment system that can be used for subjective questions. This system assesses answers to subjective questions by finding a matching ratio for the keywords in instructor and student answers. The matching ratio is achieved based on semantic and document similarity. The assessment system is composed of four modules: preprocessing, keyword expansion, matching, and grading. A survey and case study were used in the research design to validate the proposed system. The examination assessment system will help instructors to save time, costs, and resources, while increasing efficiency and improving the productivity of exam setting and assessments.
TWO DISCRETE BINARY VERSIONS OF AFRICAN BUFFALO OPTIMIZATION METAHEURISTICcscpconf
African Buffalo Optimization (ABO) is one of the most recent swarms intelligence based metaheuristics. ABO algorithm is inspired by the buffalo’s behavior and lifestyle. Unfortunately, the standard ABO algorithm is proposed only for continuous optimization problems. In this paper, the authors propose two discrete binary ABO algorithms to deal with binary optimization problems. In the first version (called SBABO) they use the sigmoid function and probability model to generate binary solutions. In the second version (called LBABO) they use some logical operator to operate the binary solutions. Computational results on two knapsack problems (KP and MKP) instances show the effectiveness of the proposed algorithm and their ability to achieve good and promising solutions.
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINcscpconf
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Control (C&C) network infrastructure to ensure a persistence presence on a compromised host. Amongst the various DDNS techniques, Domain Generation Algorithm (DGA) is often perceived as the most difficult to detect using traditional methods. This paper presents an approach for detecting DGA using frequency analysis of the character distribution and the weighted scores of the domain names. The approach’s feasibility is demonstrated using a range of legitimate domains and a number of malicious algorithmicallygenerated domain names. Findings from this study show that domain names made up of English characters “a-z” achieving a weighted score of < 45 are often associated with DGA. When a weighted score of < 45 is applied to the Alexa one million list of domain names, only 15% of the domain names were treated as non-human generated.
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...cscpconf
The amount of piracy in the streaming digital content in general and the music industry in specific is posing a real challenge to digital content owners. This paper presents a DRM solution to monetizing, tracking and controlling online streaming content cross platforms for IP enabled devices. The paper benefits from the current advances in Blockchain and cryptocurrencies. Specifically, the paper presents a Global Music Asset Assurance (GoMAA) digital currency and presents the iMediaStreams Blockchain to enable the secure dissemination and tracking of the streamed content. The proposed solution provides the data owner the ability to control the flow of information even after it has been released by creating a secure, selfinstalled, cross platform reader located on the digital content file header. The proposed system provides the content owners’ options to manage their digital information (audio, video, speech, etc.), including the tracking of the most consumed segments, once it is release. The system benefits from token distribution between the content owner (Music Bands), the content distributer (Online Radio Stations) and the content consumer(Fans) on the system blockchain.
IMPORTANCE OF VERB SUFFIX MAPPING IN DISCOURSE TRANSLATION SYSTEMcscpconf
This paper discusses the importance of verb suffix mapping in Discourse translation system. In
discourse translation, the crucial step is Anaphora resolution and generation. In Anaphora
resolution, cohesion links like pronouns are identified between portions of text. These binders
make the text cohesive by referring to nouns appearing in the previous sentences or nouns
appearing in sentences after them. In Machine Translation systems, to convert the source
language sentences into meaningful target language sentences the verb suffixes should be
changed as per the cohesion links identified. This step of translation process is emphasized in
the present paper. Specifically, the discussion is on how the verbs change according to the
subjects and anaphors. To explain the concept, English is used as the source language (SL) and
an Indian language Telugu is used as Target language (TL)
EXACT SOLUTIONS OF A FAMILY OF HIGHER-DIMENSIONAL SPACE-TIME FRACTIONAL KDV-T...cscpconf
In this paper, based on the definition of conformable fractional derivative, the functional
variable method (FVM) is proposed to seek the exact traveling wave solutions of two higherdimensional
space-time fractional KdV-type equations in mathematical physics, namely the
(3+1)-dimensional space–time fractional Zakharov-Kuznetsov (ZK) equation and the (2+1)-
dimensional space–time fractional Generalized Zakharov-Kuznetsov-Benjamin-Bona-Mahony
(GZK-BBM) equation. Some new solutions are procured and depicted. These solutions, which
contain kink-shaped, singular kink, bell-shaped soliton, singular soliton and periodic wave
solutions, have many potential applications in mathematical physics and engineering. The
simplicity and reliability of the proposed method is verified.
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
The using of information technology resources is rapidly increasing in organizations,
businesses, and even governments, that led to arise various attacks, and vulnerabilities in the
field. All resources make it a must to do frequently a penetration test (PT) for the environment
and see what can the attacker gain and what is the current environment's vulnerabilities. This
paper reviews some of the automated penetration testing techniques and presents its
enhancement over the traditional manual approaches. To the best of our knowledge, it is the
first research that takes into consideration the concept of penetration testing and the standards
in the area.This research tackles the comparison between the manual and automated
penetration testing, the main tools used in penetration testing. Additionally, compares between
some methodologies used to build an automated penetration testing platform.
CLASSIFICATION OF ALZHEIMER USING fMRI DATA AND BRAIN NETWORKcscpconf
Since the mid of 1990s, functional connectivity study using fMRI (fcMRI) has drawn increasing
attention of neuroscientists and computer scientists, since it opens a new window to explore
functional network of human brain with relatively high resolution. BOLD technique provides
almost accurate state of brain. Past researches prove that neuro diseases damage the brain
network interaction, protein- protein interaction and gene-gene interaction. A number of
neurological research paper also analyse the relationship among damaged part. By
computational method especially machine learning technique we can show such classifications.
In this paper we used OASIS fMRI dataset affected with Alzheimer’s disease and normal
patient’s dataset. After proper processing the fMRI data we use the processed data to form
classifier models using SVM (Support Vector Machine), KNN (K- nearest neighbour) & Naïve
Bayes. We also compare the accuracy of our proposed method with existing methods. In future,
we will other combinations of methods for better accuracy.
VALIDATION METHOD OF FUZZY ASSOCIATION RULES BASED ON FUZZY FORMAL CONCEPT AN...cscpconf
In order to treat and analyze real datasets, fuzzy association rules have been proposed. Several
algorithms have been introduced to extract these rules. However, these algorithms suffer from
the problems of utility, redundancy and large number of extracted fuzzy association rules. The
expert will then be confronted with this huge amount of fuzzy association rules. The task of
validation becomes fastidious. In order to solve these problems, we propose a new validation
method. Our method is based on three steps. (i) We extract a generic base of non redundant
fuzzy association rules by applying EFAR-PN algorithm based on fuzzy formal concept analysis.
(ii) we categorize extracted rules into groups and (iii) we evaluate the relevance of these rules
using structural equation model.
PROBABILITY BASED CLUSTER EXPANSION OVERSAMPLING TECHNIQUE FOR IMBALANCED DATAcscpconf
In many applications of data mining, class imbalance is noticed when examples in one class are
overrepresented. Traditional classifiers result in poor accuracy of the minority class due to the
class imbalance. Further, the presence of within class imbalance where classes are composed of
multiple sub-concepts with different number of examples also affect the performance of
classifier. In this paper, we propose an oversampling technique that handles between class and
within class imbalance simultaneously and also takes into consideration the generalization
ability in data space. The proposed method is based on two steps- performing Model Based
Clustering with respect to classes to identify the sub-concepts; and then computing the
separating hyperplane based on equal posterior probability between the classes. The proposed
method is tested on 10 publicly available data sets and the result shows that the proposed
method is statistically superior to other existing oversampling methods.
CHARACTER AND IMAGE RECOGNITION FOR DATA CATALOGING IN ECOLOGICAL RESEARCHcscpconf
Data collection is an essential, but manpower intensive procedure in ecological research. An
algorithm was developed by the author which incorporated two important computer vision
techniques to automate data cataloging for butterfly measurements. Optical Character
Recognition is used for character recognition and Contour Detection is used for imageprocessing.
Proper pre-processing is first done on the images to improve accuracy. Although
there are limitations to Tesseract’s detection of certain fonts, overall, it can successfully identify
words of basic fonts. Contour detection is an advanced technique that can be utilized to
measure an image. Shapes and mathematical calculations are crucial in determining the precise
location of the points on which to draw the body and forewing lines of the butterfly. Overall,
92% accuracy were achieved by the program for the set of butterflies measured.
SOCIAL MEDIA ANALYTICS FOR SENTIMENT ANALYSIS AND EVENT DETECTION IN SMART CI...cscpconf
Smart cities utilize Internet of Things (IoT) devices and sensors to enhance the quality of the city
services including energy, transportation, health, and much more. They generate massive
volumes of structured and unstructured data on a daily basis. Also, social networks, such as
Twitter, Facebook, and Google+, are becoming a new source of real-time information in smart
cities. Social network users are acting as social sensors. These datasets so large and complex
are difficult to manage with conventional data management tools and methods. To become
valuable, this massive amount of data, known as 'big data,' needs to be processed and
comprehended to hold the promise of supporting a broad range of urban and smart cities
functions, including among others transportation, water, and energy consumption, pollution
surveillance, and smart city governance. In this work, we investigate how social media analytics
help to analyze smart city data collected from various social media sources, such as Twitter and
Facebook, to detect various events taking place in a smart city and identify the importance of
events and concerns of citizens regarding some events. A case scenario analyses the opinions of
users concerning the traffic in three largest cities in the UAE
SOCIAL NETWORK HATE SPEECH DETECTION FOR AMHARIC LANGUAGEcscpconf
The anonymity of social networks makes it attractive for hate speech to mask their criminal
activities online posing a challenge to the world and in particular Ethiopia. With this everincreasing
volume of social media data, hate speech identification becomes a challenge in
aggravating conflict between citizens of nations. The high rate of production, has become
difficult to collect, store and analyze such big data using traditional detection methods. This
paper proposed the application of apache spark in hate speech detection to reduce the
challenges. Authors developed an apache spark based model to classify Amharic Facebook
posts and comments into hate and not hate. Authors employed Random forest and Naïve Bayes
for learning and Word2Vec and TF-IDF for feature selection. Tested by 10-fold crossvalidation,
the model based on word2vec embedding performed best with 79.83%accuracy. The
proposed method achieve a promising result with unique feature of spark for big data.
GENERAL REGRESSION NEURAL NETWORK BASED POS TAGGING FOR NEPALI TEXTcscpconf
This article presents Part of Speech tagging for Nepali text using General Regression Neural
Network (GRNN). The corpus is divided into two parts viz. training and testing. The network is
trained and validated on both training and testing data. It is observed that 96.13% words are
correctly being tagged on training set whereas 74.38% words are tagged correctly on testing
data set using GRNN. The result is compared with the traditional Viterbi algorithm based on
Hidden Markov Model. Viterbi algorithm yields 97.2% and 40% classification accuracies on
training and testing data sets respectively. GRNN based POS Tagger is more consistent than the
traditional Viterbi decoding technique.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
2. 282 Computer Science & Information Technology (CS & IT)
choose a small number of fuzzy if-then rules for constructing a fuzzy system that is easily
understood by human users. Recently a genetic-algorithm-based approach was proposed for
constructing a compact fuzzy classification system with a small number of fuzzy if-then rules.
Genetic algorithms have been used as rule selection and optimization tools in the design of fuzzy
rule-based systems. Those GA-based studies on the design of fuzzy rule-based systems are
usually referred to as fuzzy genetics-based machine learning methods (fuzzy GBML
methods)[4][5], each of which can be classified into the Michigan, Pittsburgh or iterative rule
learning (IRL) approaches [2][6].
In this paper, we use fuzzy GBML methods to develop a two objective IDS based on misuse
detection. We are generating signatures in the form of rules for every known attack. Our aim is to
generate signatures which,
i) Maximize detection rate,
(ii) Contains minimum number of rules with low false rate.
These two objectives were combined into a single scalar fitness function and genetic algorithms
are applied on same fitness function which generates rules for classification of known patterns.
The whole block diagram of the system is shown in Figure 1.
The rest of the paper is as follows: Related Work is presented in 1.1. Background is presented
in II. Fuzzy rule base for pattern classification is presented in section III. Two objective genetic
algo is presented in IV. Experimental results are reported in Section V. And last we conclude the
work.
1.1Related Work
Nowadays, There are many approaches for solving intrusion detection problems. Lee built
intrusion detection models that can that can recognize anomalies and known intrusions. He
proposed to use the association rules and frequent episodes computed from audit data as the basis
for guiding the audit data gathering and feature selection processes [7].
Mukkamala shows Feature Selection for Intrusion Detection using Neural Networks and
Support Vector Machines. He addresses the related issue of ranking the importance of input
features that elimination of the insignificant and/or useless inputs leads to a simplification of the
problem and possibly faster and more accurate detection, feature selection is very important in
intrusion detection[8].
Some other applied techniques on intrusion detection problem are genetic algorithms
Mohammad Saniee Abadeh [2] proposed Computer Intrusion Detection Using an Iterative Fuzzy
Rule Learning Approach. The proposed method is based on the iterative rule learning approach
(IRL) to fuzzy rule base system design. The fuzzy rule base is generated in an incremental
fashion, in that the evolutionary algorithm optimizes one fuzzy classifier rule at a time.
Performance of this system has been evaluated using intrusion detection problem as a high
dimensional classification problem. Tansel O zyer [9] proposed a method based on iterative rule
learning using a fuzzy rule-based genetic classifier. His approach is mainly composed of two
phases. First, a large number of candidate rules are generated and they are pre-screened using two
rule evaluation criteria. He employs Boosting genetic algorithm that evaluates the weight of each
data item to help the rule extraction mechanism focus more on data having relatively more
weight.
Cho and Cha[10] empirically demonstrate that the Bayesian parameter estimation method is
effective in analysing web logs and detecting anomalous sessions. They developed a technique,
session anomaly detection (SAD) which has detected nearly all such attacks without having to
rely on attack signatures at all. SAD works by first developing normal usage profile and
comparing the web logs, as they are generated, against the expected frequencies. He develops
SAD to provide secure and reliable web services only.
Saqib Ashfaq[11] has proposed Efficient Rule Generation for Cost-Sensitive Misuse Detection
Using Genetic Algorithms. He employs only the five most relevant features for each attack
3. Computer Science & Information Technology (CS & IT) 283
category for rule generation. Furthermore, it incorporates the different costs of misclassifying
attacks in its fitness function to yield rules that are cost sensitive.
M. Saniee Abadeh[12] proposed Design and analysis of genetic fuzzy systems for intrusion
detection in computer networks. He present three kinds of genetic fuzzy systems based on
Michigan, Pittsburgh and iterative rule learning (IRL) approaches to deal with intrusion detection
as a high-dimensional classification problem.
Hu proposes a data mining technique to discover fuzzy classification rules based on the
Apriori algorithm. In his technique, genetic algorithms are incorporated into the proposed method
to determine minimum support and confidence with binary chromosomes[13].
Some recent researches have utilized artificial immune systems to detect intrusive behaviors in
a computer network [14].
Figure 1. Block Diagram of Computer Intrusion Detection by Two Objective Genetic Algorithms
Detection Block
KDDCup-99 Data set
Training Data
(41 features)
Modified Training
Data (20 features)
Apply Prescreening
criteria on rules
Find Support and
Confidence of fuzzy
rules
Generate fuzzy rules
Generate best rule set
among all non-
dominated rule sets
Find non-dominated
rule sets according to
two objectives
Appling genetic
algorithm on non-
dominated rule set
Store rule set as
signature set of all
known attacks
Test Data (41
features)
Modified Test Data
(20 features)
No Action
Block and inform to
security manager
Match not
Match
4. 284 Computer Science & Information Technology (CS & IT)
2. THE BACKGROUND
2.1. Fuzzy logic
A classical set is characterized by having the membership degree of an element takes only
one of two values as either 0 or 1. It is a set with a sharp boundary, where there are no
unambiguous boundaries. In other words, an object is either entirely belongs to set or not.
Whereas a fuzzy set as its name implies is a set without sharp boundaries. The transition from
‘‘belonging to a set’’ to ‘‘not belonging to a set’’ is gradual; and this smooth transition is
characterized by membership functions that give flexibility in modeling commonly used linguistic
expressions. Membership is not restricted to two values; rather it may take any value from the
range (0, 1). This reflects a degree of membership and this represents uncertainty as practiced
daily by humans. Fuzziness comes from the uncertain and imprecise nature of abstract thoughts
and concepts [3,4,5].
Let assume, X represents the universe of discourse. If X is a collection of objects denoted
each by x, then fuzzy set A is a set of ordered pairs as below:
A = {x, µA(x) |x X},
Where µA is called the membership function that maps each object x of domain X to a
continuous membership value between 0 and 1.
There are several classes of parameterized ways to define membership functions, like
trapezoidal, bell functions, Gaussian and triangular. A parameterized membership function can be
defined in terms of a number of parameters. For example, a triangular membership function is
specified by three parameters (a, b, c); and for a given value x, with known a, b, and c, the
membership of x may be computed as:
Triangle(x; a, b, c) = max (min( )0),,
bc
xc
ab
ax
−
−
−
−
.
A fuzzy space having a normalized domain may be partitioned with five linguistic variables
(L, LM, M, MH, H) and each linguistic variable is a parameterized triangular membership
function as shown in Figure 2.
A given object x may be member of a given fuzzy set with a certain membership degree.
Object x may also be member of other fuzzy sets at the same time, but with different membership
degree values.
IF x1 is Aj1 and x2 is Aj2 and….and n is Ajn THEN class is cj,where Rj is the jth fuzzy rule, x=(
x1, x2, . . . , xn) is an n-dimensional object of X, cj is the consequent class and each Aji is an
antecedent fuzzy set. If the degree of membership () of an object with each corresponding
antecedent Aji is denoted µi, then the strength µAj of a rule is µAj = min(m1,m2,….,mn).
Figure 2. Fuzzy space partitioned with five fuzzy classes (L—low, LM—low medium, M medium, MH—
medium high, H—high)[9].
5. Computer Science & Information Technology (CS & IT) 285
3. RULE GENERATION FROM TRAINING DATA
Let us assume that our pattern classification problem is a c- class problem in the n-
dimensional pattern space with continuous attributes. We also assume that m real vectors xp =
(xp1, xp2, ..., xpn ), p = 1, 2,..., m, are given as training patterns from the c classes ( c << m
).Because the pattern space is [0, 1]n
, attribute values of each pattern are xpi [0,1] for p=1,2,...,m
and i= 1,2,...,n. In computer simulations of this paper, we normalize all attribute values of each
data set into the unit interval [0, 1]. In the presented fuzzy classifier system, we use fuzzy if then
rules of the following form.
Rule Rj: If x1 is Aj1 and ... and xn is Ajn , then Class Cj with CF=CFj. (1)
Where Rj is the label of the jth
fuzzy if-then rule, Aj1 . ..Ajn are antecedent fuzzy sets on the
unit interval [0,1], Cj is the consequent class (i.e., one of the given c classes), and CFj is the grade
of certainty of the fuzzy if-then rule Rj. In computer simulations, we use a typical set of linguistic
values in Fig. 1 as antecedent fuzzy sets. The membership function of each linguistic value in Fig.
1 is specified by homogeneously partitioning the domain of each attribute into symmetric
triangular fuzzy sets. We use such a simple specification in computer simulations to show the
high performance of our fuzzy classifier system, even if the membership function of each
antecedent fuzzy set is not tailored. However, we can use any tailored membership functions in
our fuzzy classifier system for a particular pattern classification problem.
The total number of fuzzy if-then rules is 5n
in the case of the n-dimensional pattern
classification problem. It is Impossible to use all the 5n
fuzzy if-then rules in a single fuzzy rule
base when the number of attributes (i.e. n) is large (e.g., intrusion detection problem which n =
41). Our fuzzy classifier system searches for a relatively small number of fuzzy if-then rules with
high classification ability. Initially, we consider all the training pattern as rules. Since the
consequent class and the certainty grade of each fuzzy if-then rule can be determined from
training patterns by a simple heuristic procedure, the task of our fuzzy classifier system is to
generate combinations of antecedent fuzzy sets for a set of fuzzy if-then rules.
To determine Cj and CFj of each rule in the population the following steps should be
done:
Step 1: Calculate the compatibility of each training pattern xp = (xp1, xp2, ... ,xpn ) with the fuzzy if-
then rule Rj by the following product operation:
)(.........)()( 11 pnjnpjpj xxx µµµ ××= , (2)
where µji (xpi) is the membership function of ith
attribute of pth
pattern and m denotes total number
of patterns.
Step 2: For each class, calculate the relative sum of the compatibility grades of the training
patterns with the fuzzy if-then rule Rj :
βClass h (R j) = ( ) classhpj
classhx
Nx
p
µ
∈
∑ , h =1,2, ... ,c (3)
where βClass h (R j) is the sum of the compatibility grades of the training patterns in Class h with
the fuzzy if-then rule Rj and Nclassh is the number of training patterns which their corresponding
class is Class h .
Step 3: Find Class hj that has the maximum value of βClass h (R j) :
βClass hj (R j) = max{ βClass 1 (R j),….., βClass c (R j) }. (4)
If two or more classes take the maximum value, the consequent Class Cj of the fuzzy if-then rule
Rj cannot be determined uniquely. In this case, let Cj be null. If a single class takes the maximum
6. 286 Computer Science & Information Technology (CS & IT)
value, let Cj be Class hi .If there is no training pattern compatible with the fuzzy if-then rule Rj
(i.e., if βClass h (R j) = 0 for h = 1, 2,. . ., c ) the consequent Class Cj is also specified as null. When
cj is null we don’t consider them in ruleset.
Step 4: When the consequent class Cj is determined by (4), the certainty grade CFj is specified as
CFj = ( βClass hj(R j) -β )/
c
h 1=
∑βClass h (R j) , (5)
Where,
β =
jch≠
∑βClass h(Rj)/(c-1) (6)
By the proposed heuristic procedure we can specify the consequent class and the certainty grade
for any combination of antecedent fuzzy sets. Such a combination is generated by a fuzzy
classifier system. The task of our fuzzy classifier system is to generate combinations of
antecedent fuzzy sets for generating a rule set S with high classification ability. When a rule set S
is given, an input pattern xp = (xp1, xp2 ... ,xpn) is classified by a single winner rule Rj in S, which is
determined as follows:
Rj (xp).CFj = max{ Rj(xp).CFj| Rj S}. (7)
That is, the winner rule has the maximum product of the compatibility and the certainty grade CFj
In this procedure, a new pattern xp = ( xp1,..., xpn ) is classified by the linguistic rule that has the
maximum product of Rj ( xp ) and CFj [1].
Fuzzy if-then rules in this approach are coded as a string. The following symbols are used for
denoting the five languishing values:(Fig.1) 1:low(L), 2:medium low(ML), 3:medium(M),
4:medium high(MH), 5:high(H). This approach consists c the number of classes. Each classifier
contains a subset of rules with the same labels. The proposed algorithm focuses on learning of
each class to improve the total accuracy of the main classifier. Therefore, this evolutionary fuzzy
rule learning algorithm repeated for each class of the classification problem separately.
4. PROBLEM FORMULATION
Our rule selection problem is to select a smaller number of linguistic rules from the rule set S to
construct a compact classification system. Therefore our problem can be written as follows:
Maximize NCP(S) and (i)
minimize |S| , subject to S SALL , (ii)
where NCP(S) is the number of correctly classified training patterns by linguistic rules in a rule
set S, and |S| is the number of the linguistic rules in S. here we select Npop rules from the
descending order of CFj.
4.1 Two objective Genetic Algorithm
We use two objective genetic algorithms to the rule selection problem. Its scalar fitness function
is defined below:
f (S ) =WNCP.NCP(S ) −WS .|S| (8)
7. Computer Science & Information Technology (CS & IT) 287
Where WNCP and WS are positive constant weights. Because the weight for each objective in the
fitness function is constant, the choice of the weight values in (8) has a significant effect on the
final solution (i.e., rule set S) obtained by the genetic algorithm. Because the importance of each
objective in the rule selection problem depends on the preference of human users, it is not easy to
assign constant values to the weights WNCP and WS. Therefore we can find multiple non-
dominated solutions of the two-objective rule selection problem. Before we go further, let first
discuss how to find non dominated set with respect to two objectives.
Based on this discussion, we formulate our task of designing comprehensible fuzzy rule based
with high classification systems as the following :
Maximize f1(S), minimizef2(S),
Where f1(S) is correctly classified training patterns by ruleset S, f2(S) is number of fuzzy rules in
S.A ruleset S is said to be dominated by another ruleset S* if two following in equalities’ hold:
f1(S) <=f1(S*) , f2(S)>=f2(S*), (9)
and at least one of the following inequalities’ holds:
f1(S) <f1(S*) , f2(S)>f2(S*), (10)
The first condition means that no objective of S* is worst than S. The second condition means
that at least one objective of S* is better than S. If there exists no S* that satisfies above both
conditions than S* is called non-dominated ruleset with respect to S [4]. The characteristic feature
of two objective genetic algorithm is that non-dominated rule sets are stored in a tentative pool
separately from the current population. Tentative pool is updated at every generation in order to
store only non-dominated rule sets among examined ones. From the tentative pool, Nelite ruleset
randomly selected as elite individuals, which are added to new population. Human users will
choose a final solution (i.e., rule set S) from the obtained non-dominated solutions.
Here, each rule set S is treated as an individual in our two-objective genetic algorithm. Each
rule set S (i.e., each individual) is presented by a string as S = s1 s2... sr, where r is the number of
all the linguistic rules in S. So, any rule set is presented in “0”,”1” string sequence.suppose,s1 is in
S then its place is filled by 1 if its not in S then its place is filled by 0. So, this way any ruleset is
coded in the sequence of “0”,”1”string.
The selection probability in our two-objective genetic algorithm is specified according to the
fitness function f (S) in (8) with randomly specified weight values. That is, when each pair of
parent individuals are selected, the values of the weights WNCP and WS are assigned as,
WNCP : a random real number in [0, 1],
WS : WS = 1−WNCP .
In two-objective genetic algorithm, multiple solutions are preserved from the current
generation to the next generation as elite solutions. Those elite solutions are randomly selected
from a tentative set of non-dominated solutions that is stored and updated at each generation of
two-objective genetic algorithm IDS. Multiple search directions are realized by the selection
procedure with random weight values and the elitist strategy with multiple elite solutions [15].
The outline of two-objective genetic algorithm can be written as follows:
Step 0 (Initialization): Generate an initial population containing Npop strings where Npop is the
number of possible solution strings for current scenario.
Step 1 (Evaluation): Calculate the values of the two objectives for the generated strings. Update
the tentative set of non-dominated solutions.
8. 288 Computer Science & Information Technology (CS & IT)
Step 2 (Selection): Calculate the fitness value of each string using random weight values. Select a
pair of strings from the current population according to the following selection probability. The
selection probability P(S) of a string S in a population SALL is specified as
p(S)
)}()({
)()(
min
min
SfitnessSfitness
SfitnessSfitness
AllSS
−
−
∑ ∈
,
Where fitnessmin (S) = min {fitness (S) | S ∈SAll} .
Here we are using “fitness “and “f “in the same meaning so don’t be confused in. This procedure
is repeated for selecting Npop / 2 pairs of parent strings.
Step 3 (Crossover): For each selected pair, apply a crossover operation to generate two strings.
Step 4 (Mutation): For each value of the generated strings by the crossover operation, apply a
mutation operation with a pre-specified mutation probability.
Step 5 (Elitist strategy): Randomly remove Nelite strings from the generate N pop strings, and add
Nelite solutions that are randomly selected from the tentative set of non-dominated solutions.
Step 6 (Termination test): If a pre-specified stopping condition is not satisfied, return to Step1.
5. EXPERIMENTAL EVALUATION
The fuzzy genetic algorithm for misuse detection is implemented in Java, tested and evaluated on
the KDDCup 99 dataset [16]. We use the 10% labeled data (file name: kddcup.data
10_percent.gz) for training and testing of the genetic algorithm. KDDCup 99 dataset has 41
attributes in which we have used 20 attributes; 8 basic and remaining are domain knowledge
features. Five output classes are namely Normal, PRB-probe, DOS-denial of service, U2R-user to
root and R2L-remote to local. Selected attributes are shown in below table 1.
Table 1. Selected attributes with description
Selected attributes description Types
duration length (number of seconds) of the connection continuous
protocol_type type of the protocol, e.g. tcp, udp, etc. symbolic
flag normal or error status of the connection symbolic
src_bytes number of data bytes from source to destination continuous
Dest_bytes number of data bytes from destination to source continuous
land 1 if connection is from/to the same host/port; 0
otherwise
symbolic
Wrong_fragment number of ”wrong'' fragments continuous
urgent number of urgent packets continuous
Hot number of ``hot'' indicators continuous
Num_failed_logins number of failed login attempts continuous
Logged_in 1 if successfully logged in; 0 otherwise symbolic
Num_compromised number of ``compromised'' conditions continuous
Root_shells 1 if root shell is obtained; 0 otherwise continuous
Su_attempted 1 if ``su root'' command attempted; 0 otherwise continuous
Num_root number of ``root'' accesses continuous
Num_file_creations number of file creation operations continuous
Num_shells number of shell prompts continuous
num_access_files number of operations on access control files continuous
9. Computer Science & Information Technology (CS & IT) 289
num_outbound_cmds number of outbound commands in an ftp session continuous
is_host_login 1 if successfully host logged in; 0 otherwise symbolic
We discuss the experimental evaluation of applying genetic fuzzy systems on the intrusion
detection data set. The parameter specifications that we have used in our computer simulations
are shown below.
Number of elite solutions: Nelite =20%
Crossover probability: =0.9
Mutation probability: = 0.1
Number of generation=50
Table 2. Specification of number of training and testing data
Class Train Test
Normal500 200
U2R 100 100
R2L 200 200
DOS 500 1000
PRB 100 200
Here we are going to find non dominated ruleset. So, first we decide constraint for that
suppose f1(S) =1600 and f2(S) =70. We get bellow different non dominated rule set. We can find
many different solutions for the same constraints. We have shown very few among them in Table
4. , by which two objectives are going to be satisfied. Here suppose our rule is:”attribute a1 is
low, attribute a2 is medium-high, attribute a10 is low and attribute a15 is medium Then Class is
normal”, this rule’s antecedent part is coded as “L MH L M”. We are not coded its consequent
part because that we are going to find out for new pattern. Here we are doing crossover and
mutation operation among same class.
The performance of the system is evaluated using Precision, recall and Overall accuracy.
Precision=
FPTP
TP
+
Recall =
FNTP
TP
+
Overall accuracy =
FPFNTNTP
TNTP
+++
+
Where,
TP = True positive
TN = True negative
FN = False negative
FP = False positive
These are computed using the confusion matrix in Table 3, and defined as follows:
10. 290 Computer Science & Information Technology (CS & IT)
Table 3. The confusion matrix
Actual Predicted
Positive Class Negative Class
Positive Class TP FN
Negative Class FP TN
Here, Positive Class means all attack class and Negative Class means Normal class.TP(True
Positive) means attack class is classified correctly. FP(False Positive) means normal class
misclassified to attack class. TN(True Negative) means normal class is classified correctly.
FN(False Negative) means attack class is misclassified to normal class.
Table 4. Non dominated ruleset
|S| 30 40 50 80 90 100
NCP(S) 1100 1100 1250 1400 1650 1695
total number of rules
Figure 3. Number of rules vs classification rate
Computer Intrusion Detection by two objective genetic algorithms is a five-class problem with
19 attributes. Non-dominated solutions are obtained by genetic algorithms are shown in Table 4,
where 1650 patterns are correctly classified by 100 rules, 1650 patterns by 90 linguistic rules and
so on. If the human user prefers a high detection rate, he/she would choose the rule set with 100
linguistic rules in Table 4. On the contrary, if the human user prefers the compactness of rule sets
to the high classification performance, he/she would choose the rule set with 90 linguistic rules
and gives 99.8% detection rate. In Figure 3 we shows classification rate of the system. By
analysing the result from Table 5, the overall performance of the proposed system is improved
significantly and it achieves 99% accuracy for all types of attacks.
Table 5. The Classification performance of the proposed NIDS
Metric Proposed system
|S|=90 Precision
Recall
Accuracy
0.9979
1
0.985
11. Computer Science & Information Technology (CS & IT) 291
|S|=100 Precision
Recall
Accuracy
1
0.998
0.9983
APPENDIX A. LEARNING OF LINGUISTIC CLASSIFICATION RULES
The classification accuracy of fuzzy rule-based systems can be improved by adjusting the rule
weight of each fuzzy if-then rule [15]. When a training pattern xp is correctly classified by the
winner rule Rˆj in a rule set, its rule weight CFˆj is increased as
)CF1(CFCF jjj ˆ1ˆˆ
oldoldnew
−⋅+= η , (11)
Where 1η is a learning rate for increasing rule weights. The rule weights of the other rules in the
rule set are not changed. On the other hand, when the training pattern xp is misclassified by the
winner rule Rˆj , its rule weight CFˆj is decreased as
)CF1(CFCF jjj ˆ2ˆˆ
oldoldnew
−⋅−= η , (12)
Where 2η is a learning rate for decreasing rule weights. The rule weights of the other rules are
not changed.
3. CONCLUSIONS
We use the idea of two objective fuzzy genetic based classifications for intrusion detection. This
classification algorithm uses a specified number of fuzzy rules obtained from the non-dominated
ruleset with two objectives: to maximize the number of correctly classified training patterns and
to minimize the number of selected rules. It will reduce the search space of finding rules for new
patterns and also takes lesser CPU time than without usage of non-dominated rule sets. We can
extend the two-objective genetic algorithm to a hybrid algorithm where a learning method given
in appendix A could be applied to rule sets generated by genetic operations. The selection of a
final rule set from the obtained non-dominated solutions should be done based on the preference
of human users for a NIDS.
REFERENCES
[1] Abhinav Srivastava, Shamik Sural and A.K. Majumdar, “Database Intrusion Detection using
Weighted Sequence Mining” Journal Of Computers, Vol. 1, No. 4, July 2006.
[2] Mohammad Saniee Abadeh and Jafar Habibi,”Computer Intrusion Detection Using an Iterative
Fuzzy Rule Learning Approach”, 1-4244-1210-2/07,2007 IEEE. Technologies, Page(s):233 - 240, 27-
28 Aug. 2005.
[3] 0. Cordon, F. Gomide, F. Herrera, F. Hofmann, L. Magdalena, "Ten years of genetic fuzzy systems
current framework and new trends", Fuzzy Sets and Systems 141, pp. 5-31, 2004.
[4] Ishibuchi et al., 2001 H. Ishibuchi, T. Nakashima and T. Murata, Three-objective genetics-based
machine learning for linguistic rule extraction, Information Sciences (2001), pp. 109–133.
[5] Ishibuchi et al., 2005 H. Ishibuchi, T. Yamamoto and T. Nakashima, Hybridization of fuzzy GBML
approaches for pattern classification problems, IEEE Transactions on Systems, Man, and
Cybernetics—Part B: Cybernetics 35 (2) (2005).
[6] Hisao Ishibuchi, Tomoharu Nakashima and Tadahiko Murata,” The Comparison of Michigan and
Pittsburgh Approaches to the design of Fuzzy Classification System”,Electronics and
Communications in Japan,Part 3,Vol. 80,No. 12,1997.
12. 292 Computer Science & Information Technology (CS & IT)
[7] Lee et al., 1998 Lee, W., Salvatore, J. S., & Mok, K. W. M. (1998). Mining audit data to build
intrusion detection models. In Proceedings of ACM SIGKDD international conference on knowledge
discovery and data mining (pp. 66–72).
[8] Mukkamala et al., 2003 Mukkamala, S., & Sung, A. H. (2003). Feature selection for intrusion
detection using neural networks and support vector machines. Journal of the Transport Research
Board National Academy. Transport research record no. 1822, pp. 33–39. Full Text via CrossRef |
View Record in Scopus | Cited By in Scopus (21).
[9] Tansel O¨ zyer, Reda Alhajja, Ken Barker,” Intrusion detection by integrating boosting genetic fuzzy
classifier and data mining criteria for rule pre-screening “,Journal of Network and Computer
Applications 30 (2007) 99–113.
[10] Cho and Cha, 2004 S. Cho and S. Cha, SAD: Web session anomaly detection based on parameter
estimation, Computers & Security 23 (4) (2004), pp. 265–351.
[11] Saqib Ashfaq, M. Umar Farooq, Asim Karim”, Efficient Rule Generation for Cost-Sensitive Misuse
Detection”,Using Genetic Algorithms”,1-4244-0605-6/06/,2006 IEEE.
[12] Mohammad Saniee Abadeh, Hamid Mohamad and Jafar Habibi,“Design and analysis of genetic
fuzzy systems for intrusion detection in computer networks”, Available online 24 December 2010.
[13] Yi-Chung Hu, Ruey-Shun Chen, Gwo-Hshiung Tzeng, "Finding fuzzy classification rules using data
mining techniques," Pattern Recognition Letters 24, pp. 509-519, 2003.
[14] Dasgupta and González, 2002 D. Dasgupta and F. González, An immunity-based technique to
characterize intrusions in computer networks, IEEE Transactions on Evolutionary Computation 6 (3)
(2002).
[15] H. Ishibuchi, T. Murata, and I. B. Turksen, “ Selecting linguistic classification rules by two-
objective genetic algorithms,” Proc. of 1995 IEEE International Conference on Systems, Man and
Cybernetics, pp. 1410-1415, Vancouver, Canada, October 1995.
[16] KDD-Cup data set :< http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html>.
Authors
Madhuri Agravat a M.Tech. student from Sardar
Vallabhbhai National Institute Technology, Surat,
Gujarat, India. She comleted her graduate from
Nirma University, Ahmedabad, Gujarat, India.
Udai Pratap Rao received the B.E. degree in
Computer Science and Engineering in 2002 &
M.Tech degree in Computer Science and Engineering
in 2006, and currently working as Assistant Professor
in the Department of Computer Engineering at S. V.
National Institute of Technology Surat (Gujarat)-
INDIA. His research interests include Data Mining,
Database security, Information Security, and
distributed systems.