Abstract
With the growth of information technology. There emerges many intrusion detection problem such as cyber security. Intrusion detection system provides basic infrastructure to detect a number of attacks. This research work focuses on intrusion detection problem of network security. The main goal is to detect network behaviour as normal or abnormal. In this research work, two different machine learning algorithm have been combined together to reduce its weakness and takes positive feature of both algorithm. Its experimental results generates better result than other algorithm in terms of performance, accuracy and false positive rate. These combined algorithm has been applied on KDDCUP99 dataset to find better result by improving its performance, accuracy and reducing its false positive rate.
Keywords: Intrusion detection system, KDDCUP99 dataset, False positive rate.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
Abstract This piece of work researches the intrusion detection problem of the network sanctuary; the primary task is to classify network behavior as normal or abnormal while reducing misclassification. In this paper, two efficient data mining algorithms are combined together to detect the network intrusion. Combining SVM and Ant colony (CSVAC) used for well-organized data classification, this technique takes the advantage of both the algorithm while avoiding their weaknesses. This algorithm is implemented and evaluated using standard benchmark KDDCUP99 data set. Experimental results drastically well produce superior results than the other algorithm in terms of accuracy rate and run time efficiency, and this algorithm able to detect the new types of attacks Keywords: Intrusion Detection; Support Vector Machine; Ant colony; Combined Support vector with ant colony
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
Abstract This piece of work researches the intrusion detection problem of the network sanctuary; the primary task is to classify network behavior as normal or abnormal while reducing misclassification. In this paper, two efficient data mining algorithms are combined together to detect the network intrusion. Combining SVM and Ant colony (CSVAC) used for well-organized data classification, this technique takes the advantage of both the algorithm while avoiding their weaknesses. This algorithm is implemented and evaluated using standard benchmark KDDCUP99 data set. Experimental results drastically well produce superior results than the other algorithm in terms of accuracy rate and run time efficiency, and this algorithm able to detect the new types of attacks Keywords: Intrusion Detection; Support Vector Machine; Ant colony; Combined Support vector with ant colony
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Now a day the technology is improving day by day. The wired network has been changed to wireless network. There are many advantages of wireless network over wired network. One of the main advantage is we can walk around freely in a network area and accesses internet. Security is one of the challenging issues. Intrusion Detection System is one of the systematic ways to detect malicious node in a mobile ad hoc network MANET and it is driven by battery power. This paper gives a survey on various intrusion detection systems in MANET. Praveen Mourya | Prof. Avinash Sharma ""Review on Intrusion Detection in MANETs"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29970.pdf
Paper Url : https://www.ijtsrd.com/engineering/computer-engineering/29970/review-on-intrusion-detection-in-manets/praveen-mourya
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
Online intrusion alert aggregation with generative data stream modeling is a approach which uses generative modeling. It also use a method called as probabilistic methods. It can be assume that instances of an attack is similar as a process may be a random process which is producing alerts. This paper aims at collecting and modeling these attacks on some similar parameters, so that attack from beginning to completion can be identified. This collected and modeled alerts is given to security
personnel to estimate conclusion and take relative action. With some data sets, we show that it is easy to
deduct number of alerts and count of missing meta alerts is also extremely low. Also we demonstrate that generation of meta alerts having delay of only few seconds even after
first alert is produced already.
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
IT assets connected on internetwill encounter alien protocols and few parameters of protocol process are exposed as vulnerabilities. Intrusion Detection Systems (IDS) are installed to alerton suspicious traffic or activity. IDS issuesfalse positives alerts, if any behavior construe for partial attack pattern or the IDS lacks environment knowledge. Continuous monitoring of alerts to evolve whether, an alert is false positive or not is a major concern. In this paper we present design of an external module to IDS,to identify false positive alertsbased on anomaly based adaptive learning model. The novel feature of this design is that the system updates behavior profile of assets and environment with adaptive learning process.A mixture model is used for behavior modeling from reference data. The design of the detection and learning process are based on normal behavior and of environment. The anomaly alert identification algorithm isbuiltonSparse Markov Transducers (SMT) based probability.The total process is presented using real-time data. The Experimental results are validated and presentedwith reference to lab environment.
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
Cyber security is a Major concern in the world. As a result of frequent and consistent daily cyber attack, this journal was written to enlighten viewers and readers on zero day attack prediction
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...gerogepatton
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...ijaia
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So, these result in model not able to efficiently learn the characteristics of rare categories and this will result in poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Now a day the technology is improving day by day. The wired network has been changed to wireless network. There are many advantages of wireless network over wired network. One of the main advantage is we can walk around freely in a network area and accesses internet. Security is one of the challenging issues. Intrusion Detection System is one of the systematic ways to detect malicious node in a mobile ad hoc network MANET and it is driven by battery power. This paper gives a survey on various intrusion detection systems in MANET. Praveen Mourya | Prof. Avinash Sharma ""Review on Intrusion Detection in MANETs"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29970.pdf
Paper Url : https://www.ijtsrd.com/engineering/computer-engineering/29970/review-on-intrusion-detection-in-manets/praveen-mourya
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
Online intrusion alert aggregation with generative data stream modeling is a approach which uses generative modeling. It also use a method called as probabilistic methods. It can be assume that instances of an attack is similar as a process may be a random process which is producing alerts. This paper aims at collecting and modeling these attacks on some similar parameters, so that attack from beginning to completion can be identified. This collected and modeled alerts is given to security
personnel to estimate conclusion and take relative action. With some data sets, we show that it is easy to
deduct number of alerts and count of missing meta alerts is also extremely low. Also we demonstrate that generation of meta alerts having delay of only few seconds even after
first alert is produced already.
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
IT assets connected on internetwill encounter alien protocols and few parameters of protocol process are exposed as vulnerabilities. Intrusion Detection Systems (IDS) are installed to alerton suspicious traffic or activity. IDS issuesfalse positives alerts, if any behavior construe for partial attack pattern or the IDS lacks environment knowledge. Continuous monitoring of alerts to evolve whether, an alert is false positive or not is a major concern. In this paper we present design of an external module to IDS,to identify false positive alertsbased on anomaly based adaptive learning model. The novel feature of this design is that the system updates behavior profile of assets and environment with adaptive learning process.A mixture model is used for behavior modeling from reference data. The design of the detection and learning process are based on normal behavior and of environment. The anomaly alert identification algorithm isbuiltonSparse Markov Transducers (SMT) based probability.The total process is presented using real-time data. The Experimental results are validated and presentedwith reference to lab environment.
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
Cyber security is a Major concern in the world. As a result of frequent and consistent daily cyber attack, this journal was written to enlighten viewers and readers on zero day attack prediction
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...gerogepatton
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So,these result in model not able to efficiently learn the characteristics of rare categories and this will result in
poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
A SURVEY ON DIFFERENT MACHINE LEARNING ALGORITHMS AND WEAK CLASSIFIERS BASED ...ijaia
Network intrusion detection often finds a difficulty in creating classifiers that could handle unequal distributed attack categories. Generally, attacks such as Remote to Local (R2L) and User to Root (U2R) attacks are very rare attacks and even in KDD dataset, these attacks are only 2% of overall datasets. So, these result in model not able to efficiently learn the characteristics of rare categories and this will result in poor detection rates of rare attack categories like R2L and U2R attacks. We even compared the accuracy of KDD and NSL-KDD datasets using different classifiers in WEKA.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
The overwhelming threat may be a challenge to
general security system. Fundamentally diverse alert and threat
techniques are been researched in order to reduce deceptive
warnings. Threat Detection Systems generates huge amount of
alerts which becomes challenging to deal with them and prepare
solution. The detection System checks inbound and outbound
network activities and finds an suspicious pattern that indicate
an ongoing steps for attack. Large amount of alert may contain
false alarm therefore need of alert analysis mechanisms to offer
high level information of seriousness of threat, how dangerous
device are and which device admin has to pay more attention. To
solve this query we would make use of time and space based alert
analysis technique that provides a solution in form of attack
graph and its evaluation that provides severity of attack to
administrator.
A combined approach to search for evasion techniques in network intrusion det...eSAT Journals
Abstract Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks. Keywords: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
Similar to False positive reduction by combining svm and knn algo (20)
Mechanical properties of hybrid fiber reinforced concrete for pavementseSAT Journals
Abstract
The effect of addition of mono fibers and hybrid fibers on the mechanical properties of concrete mixture is studied in the present
investigation. Steel fibers of 1% and polypropylene fibers 0.036% were added individually to the concrete mixture as mono fibers and
then they were added together to form a hybrid fiber reinforced concrete. Mechanical properties such as compressive, split tensile and
flexural strength were determined. The results show that hybrid fibers improve the compressive strength marginally as compared to
mono fibers. Whereas, hybridization improves split tensile strength and flexural strength noticeably.
Keywords:-Hybridization, mono fibers, steel fiber, polypropylene fiber, Improvement in mechanical properties.
Material management in construction – a case studyeSAT Journals
Abstract
The objective of the present study is to understand about all the problems occurring in the company because of improper application
of material management. In construction project operation, often there is a project cost variance in terms of the material, equipments,
manpower, subcontractor, overhead cost, and general condition. Material is the main component in construction projects. Therefore,
if the material management is not properly managed it will create a project cost variance. Project cost can be controlled by taking
corrective actions towards the cost variance. Therefore a methodology is used to diagnose and evaluate the procurement process
involved in material management and launch a continuous improvement was developed and applied. A thorough study was carried
out along with study of cases, surveys and interviews to professionals involved in this area. As a result, a methodology for diagnosis
and improvement was proposed and tested in selected projects. The results obtained show that the main problem of procurement is
related to schedule delays and lack of specified quality for the project. To prevent this situation it is often necessary to dedicate
important resources like money, personnel, time, etc. To monitor and control the process. A great potential for improvement was
detected if state of the art technologies such as, electronic mail, electronic data interchange (EDI), and analysis were applied to the
procurement process. These helped to eliminate the root causes for many types of problems that were detected.
Managing drought short term strategies in semi arid regions a case studyeSAT Journals
Abstract
Drought management needs multidisciplinary action. Interdisciplinary efforts among the experts in various fields of the droughts
prone areas are helpful to achieve tangible and permanent solution for this recurring problem. The Gulbarga district having the total
area around 16, 240 sq.km, and accounts 8.45 per cent of the Karnataka state area. The district has been situated with latitude 17º 19'
60" North and longitude of 76 º 49' 60" east. The district is situated entirely on the Deccan plateau positioned at a height of 300 to
750 m above MSL. Sub-tropical, semi-arid type is one among the drought prone districts of Karnataka State. The drought
management is very important for a district like Gulbarga. In this paper various short term strategies are discussed to mitigate the
drought condition in the district.
Keywords: Drought, South-West monsoon, Semi-Arid, Rainfall, Strategies etc.
Life cycle cost analysis of overlay for an urban road in bangaloreeSAT Journals
Abstract
Pavements are subjected to severe condition of stresses and weathering effects from the day they are constructed and opened to traffic
mainly due to its fatigue behavior and environmental effects. Therefore, pavement rehabilitation is one of the most important
components of entire road systems. This paper highlights the design of concrete pavement with added mono fibers like polypropylene,
steel and hybrid fibres for a widened portion of existing concrete pavement and various overlay alternatives for an existing
bituminous pavement in an urban road in Bangalore. Along with this, Life cycle cost analyses at these sections are done by Net
Present Value (NPV) method to identify the most feasible option. The results show that though the initial cost of construction of
concrete overlay is high, over a period of time it prove to be better than the bituminous overlay considering the whole life cycle cost.
The economic analysis also indicates that, out of the three fibre options, hybrid reinforced concrete would be economical without
compromising the performance of the pavement.
Keywords: - Fatigue, Life cycle cost analysis, Net Present Value method, Overlay, Rehabilitation
Laboratory studies of dense bituminous mixes ii with reclaimed asphalt materialseSAT Journals
Abstract
The issue of growing demand on our nation’s roadways over that past couple of decades, decreasing budgetary funds, and the need to
provide a safe, efficient, and cost effective roadway system has led to a dramatic increase in the need to rehabilitate our existing
pavements and the issue of building sustainable road infrastructure in India. With these emergency of the mentioned needs and this
are today’s burning issue and has become the purpose of the study.
In the present study, the samples of existing bituminous layer materials were collected from NH-48(Devahalli to Hassan) site.The
mixtures were designed by Marshall Method as per Asphalt institute (MS-II) at 20% and 30% Reclaimed Asphalt Pavement (RAP).
RAP material was blended with virgin aggregate such that all specimens tested for the, Dense Bituminous Macadam-II (DBM-II)
gradation as per Ministry of Roads, Transport, and Highways (MoRT&H) and cost analysis were carried out to know the economics.
Laboratory results and analysis showed the use of recycled materials showed significant variability in Marshall Stability, and the
variability increased with the increase in RAP content. The saving can be realized from utilization of recycled materials as per the
methodology, the reduction in the total cost is 19%, 30%, comparing with the virgin mixes.
Keywords: Reclaimed Asphalt Pavement, Marshall Stability, MS-II, Dense Bituminous Macadam-II
Laboratory investigation of expansive soil stabilized with natural inorganic ...eSAT Journals
Abstract
Soil stabilization has proven to be one of the oldest techniques to improve the soil properties. Literature review conducted revealed
that uses of natural inorganic stabilizers are found to be one of the best options for soil stabilization. In this regard an attempt has
been made to evaluate the influence of RBI-81 stabilizer on properties of black cotton soil through laboratory investigations. Black
cotton soil with varying percentages of RBI-81 viz., 0, 0.5, 1, 1.5, 2, and 2.5 percent were studied for moisture density relationships
and strength behaviour of soils. Also the effect of curing period was evaluated as literature review clearly emphasized the strength
gain of soils stabilized with RBI-81 over a period of time. The results obtained shows that the unconfined compressive strength of
specimens treated with RBI-81 increased approximately by 250% for a curing period of 28 days as compared to virgin soil. Further
the CBR value improved approximately by 400%. The studies indicated an increasing trend for soil strength behaviour with
increasing percentage of RBI-81 suggesting its potential applications in soil stabilization.
Influence of reinforcement on the behavior of hollow concrete block masonry p...eSAT Journals
Abstract
Reinforced masonry was developed to exploit the strength potential of masonry and to solve its lack of tensile strength. Experimental
and analytical studies have been carried out to investigate the effect of reinforcement on the behavior of hollow concrete block
masonry prisms under compression and to predict ultimate failure compressive strength. In the numerical program, three dimensional
non-linear finite elements (FE) model based on the micro-modeling approach is developed for both unreinforced and reinforced
masonry prisms using ANSYS (14.5). The proposed FE model uses multi-linear stress-strain relationships to model the non-linear
behavior of hollow concrete block, mortar, and grout. Willam-Warnke’s five parameter failure theory has been adopted to model the
failure of masonry materials. The comparison of the numerical and experimental results indicates that the FE models can successfully
capture the highly nonlinear behavior of the physical specimens and accurately predict their strength and failure mechanisms.
Keywords: Structural masonry, Hollow concrete block prism, grout, Compression failure, Finite element method,
Numerical modeling.
Influence of compaction energy on soil stabilized with chemical stabilizereSAT Journals
Abstract
Increase in traffic along with heavier magnitude of wheel loads cause rapid deterioration in pavements. There is a need to improve
density, strength of soil subgrade and other pavement layers. In this study an attempt is made to improve the properties of locally
available loamy soil using twin approaches viz., i) increasing the compaction of soil and ii) treating the soil with chemical stabilizer.
Laboratory studies are carried out on both untreated and treated soil samples compacted by different compaction efforts. Studies
show that increase in compaction effort results in increase in density of soil. However in soil treated with chemical stabilizer, rate of
increase in density is not significant. The soil treated with chemical stabilizer exhibits improvement in both strength and performance
properties.
Keywords: compaction, density, subgradestabilization, resilient modulus
Geographical information system (gis) for water resources managementeSAT Journals
Abstract
Water resources projects are inherited with overlapping and at times conflicting objectives. These projects are often of varied sizes
ranging from major projects with command areas of millions of hectares to very small projects implemented at the local level. Thus,
in all these projects there is seldom proper coordination which is essential for ensuring collective sustainability.
Integrated watershed development and management is the accepted answer but in turn requires a comprehensive framework that can
enable planning process involving all the stakeholders at different levels and scales is compulsory. Such a unified hydrological
framework is essential to evaluate the cause and effect of all the proposed actions within the drainage basins.
The present paper describes a hydrological framework developed in the form of a Hydrologic Information System (HIS) which is
intended to meet the specific information needs of the various line departments of a typical State connected with water related aspects.
The HIS consist of a hydrologic information database coupled with tools for collating primary and secondary data and tools for
analyzing and visualizing the data and information. The HIS also incorporates hydrological model base for indirect assessment of
various entities of water balance in space and time. The framework would be maintained and updated to reflect fully the most
accurate ground truth data and the infrastructure requirements for planning and management.
Keywords: Hydrological Information System (HIS); WebGIS; Data Model; Web Mapping Services
Forest type mapping of bidar forest division, karnataka using geoinformatics ...eSAT Journals
Abstract
The study demonstrate the potentiality of satellite remote sensing technique for the generation of baseline information on forest types
including tree plantation details in Bidar forest division, Karnataka covering an area of 5814.60Sq.Kms. The Total Area of Bidar
forest division is 5814Sq.Kms analysis of the satellite data in the study area reveals that about 84% of the total area is Covered by
crop land, 1.778% of the area is covered by dry deciduous forest, 1.38 % of mixed plantation, which is very threatening to the
environmental stability of the forest, future plantation site has been mapped. With the use of latest Geo-informatics technology proper
and exact condition of the trees can be observed and necessary precautions can be taken for future plantation works in an appropriate
manner
Keywords:-RS, GIS, GPS, Forest Type, Tree Plantation
Factors influencing compressive strength of geopolymer concreteeSAT Journals
Abstract
To study effects of several factors on the properties of fly ash based geopolymer concrete on the compressive strength and also the
cost comparison with the normal concrete. The test variables were molarities of sodium hydroxide(NaOH) 8M,14M and 16M, ratio of
NaOH to sodium silicate (Na2SiO3) 1, 1.5, 2 and 2.5, alkaline liquid to fly ash ratio 0.35 and 0.40 and replacement of water in
Na2SiO3 solution by 10%, 20% and 30% were used in the present study. The test results indicated that the highest compressive
strength 54 MPa was observed for 16M of NaOH, ratio of NaOH to Na2SiO3 2.5 and alkaline liquid to fly ash ratio of 0.35. Lowest
compressive strength of 27 MPa was observed for 8M of NaOH, ratio of NaOH to Na2SiO3 is 1 and alkaline liquid to fly ash ratio of
0.40. Alkaline liquid to fly ash ratio of 0.35, water replacement of 10% and 30% for 8 and 16 molarity of NaOH and has resulted in
compressive strength of 36 MPa and 20 MPa respectively. Superplasticiser dosage of 2 % by weight of fly ash has given higher
strength in all cases.
Keywords: compressive strength, alkaline liquid, fly ash
Experimental investigation on circular hollow steel columns in filled with li...eSAT Journals
Abstract
Composite Circular hollow Steel tubes with and without GFRP infill for three different grades of Light weight concrete are tested for
ultimate load capacity and axial shortening , under Cyclic loading. Steel tubes are compared for different lengths, cross sections and
thickness. Specimens were tested separately after adopting Taguchi’s L9 (Latin Squares) Orthogonal array in order to save the initial
experimental cost on number of specimens and experimental duration. Analysis was carried out using ANN (Artificial Neural
Network) technique with the assistance of Mini Tab- a statistical soft tool. Comparison for predicted, experimental & ANN output is
obtained from linear regression plots. From this research study, it can be concluded that *Cross sectional area of steel tube has most
significant effect on ultimate load carrying capacity, *as length of steel tube increased- load carrying capacity decreased & *ANN
modeling predicted acceptable results. Thus ANN tool can be utilized for predicting ultimate load carrying capacity for composite
columns.
Keywords: Light weight concrete, GFRP, Artificial Neural Network, Linear Regression, Back propagation, orthogonal
Array, Latin Squares
Experimental behavior of circular hsscfrc filled steel tubular columns under ...eSAT Journals
Abstract
This paper presents an outlook on experimental behavior and a comparison with predicted formula on the behaviour of circular
concentrically loaded self-consolidating fibre reinforced concrete filled steel tube columns (HSSCFRC). Forty-five specimens were
tested. The main parameters varied in the tests are: (1) percentage of fiber (2) tube diameter or width to wall thickness ratio (D/t
from 15 to 25) (3) L/d ratio from 2.97 to 7.04 the results from these predictions were compared with the experimental data. The
experimental results) were also validated in this study.
Keywords: Self-compacting concrete; Concrete-filled steel tube; axial load behavior; Ultimate capacity.
Evaluation of punching shear in flat slabseSAT Journals
Abstract
Flat-slab construction has been widely used in construction today because of many advantages that it offers. The basic philosophy in
the design of flat slab is to consider only gravity forces; this method ignores the effect of punching shear due to unbalanced moments
at the slab column junction which is critical. An attempt has been made to generate generalized design sheets which accounts both
punching shear due to gravity loads and unbalanced moments for cases (a) interior column; (b) edge column (bending perpendicular
to shorter edge); (c) edge column (bending parallel to shorter edge); (d) corner column. These design sheets are prepared as per
codal provisions of IS 456-2000. These design sheets will be helpful in calculating the shear reinforcement to be provided at the
critical section which is ignored in many design offices. Apart from its usefulness in evaluating punching shear and the necessary
shear reinforcement, the design sheets developed will enable the designer to fix the depth of flat slab during the initial phase of the
design.
Keywords: Flat slabs, punching shear, unbalanced moment.
Evaluation of performance of intake tower dam for recent earthquake in indiaeSAT Journals
Abstract
Intake towers are typically tall, hollow, reinforced concrete structures and form entrance to reservoir outlet works. A parametric
study on dynamic behavior of circular cylindrical towers can be carried out to study the effect of depth of submergence, wall thickness
and slenderness ratio, and also effect on tower considering dynamic analysis for time history function of different soil condition and
by Goyal and Chopra accounting interaction effects of added hydrodynamic mass of surrounding and inside water in intake tower of
dam
Key words: Hydrodynamic mass, Depth of submergence, Reservoir, Time history analysis,
Evaluation of operational efficiency of urban road network using travel time ...eSAT Journals
Abstract
Efficiency of the road network system is analyzed by travel time reliability measures. The study overlooks on an important measure of
travel time reliability and prioritizing Tiruchirappalli road network. Traffic volume and travel time were collected using license plate
matching method. Travel time measures were estimated from average travel time and 95th travel time. Effect of non-motorized vehicle
on efficiency of road system was evaluated. Relation between buffer time index and traffic volume was created. Travel time model has
been developed and travel time measure was validated. Then service quality of road sections in network were graded based on
travel time reliability measures.
Keywords: Buffer Time Index (BTI); Average Travel Time (ATT); Travel Time Reliability (TTR); Buffer Time (BT).
Estimation of surface runoff in nallur amanikere watershed using scs cn methodeSAT Journals
Abstract
The development of watershed aims at productive utilization of all the available natural resources in the entire area extending from
ridge line to stream outlet. The per capita availability of land for cultivation has been decreasing over the years. Therefore, water and
the related land resources must be developed, utilized and managed in an integrated and comprehensive manner. Remote sensing and
GIS techniques are being increasingly used for planning, management and development of natural resources. The study area, Nallur
Amanikere watershed geographically lies between 110 38’ and 110 52’ N latitude and 760 30’ and 760 50’ E longitude with an area of
415.68 Sq. km. The thematic layers such as land use/land cover and soil maps were derived from remotely sensed data and overlayed
through ArcGIS software to assign the curve number on polygon wise. The daily rainfall data of six rain gauge stations in and around
the watershed (2001-2011) was used to estimate the daily runoff from the watershed using Soil Conservation Service - Curve Number
(SCS-CN) method. The runoff estimated from the SCS-CN model was then used to know the variation of runoff potential with different
land use/land cover and with different soil conditions.
Keywords: Watershed, Nallur watershed, Surface runoff, Rainfall-Runoff, SCS-CN, Remote Sensing, GIS.
Estimation of morphometric parameters and runoff using rs & gis techniqueseSAT Journals
Abstract
Land and water are the two vital natural resources, the optimal management of these resources with minimum adverse environmental
impact are essential not only for sustainable development but also for human survival. Satellite remote sensing with geographic
information system has a pragmatic approach to map and generate spatial input layers of predicting response behavior and yield of
watershed. Hence, in the present study an attempt has been made to understand the hydrological process of the catchment at the
watershed level by drawing the inferences from moprhometric analysis and runoff. The study area chosen for the present study is
Yagachi catchment situated in Chickamaglur and Hassan district lies geographically at a longitude 75⁰52’08.77”E and
13⁰10’50.77”N latitude. It covers an area of 559.493 Sq.km. Morphometric analysis is carried out to estimate morphometric
parameters at Micro-watershed to understand the hydrological response of the catchment at the Micro-watershed level. Daily runoff
is estimated using USDA SCS curve number model for a period of 10 years from 2001 to 2010. The rainfall runoff relationship of the
study shows there is a positive correlation.
Keywords: morphometric analysis, runoff, remote sensing and GIS, SCS - method
-
Effect of variation of plastic hinge length on the results of non linear anal...eSAT Journals
Abstract The nonlinear Static procedure also well known as pushover analysis is method where in monotonically increasing loads are applied to the structure till the structure is unable to resist any further load. It is a popular tool for seismic performance evaluation of existing and new structures. In literature lot of research has been carried out on conventional pushover analysis and after knowing deficiency efforts have been made to improve it. But actual test results to verify the analytically obtained pushover results are rarely available. It has been found that some amount of variation is always expected to exist in seismic demand prediction of pushover analysis. Initial study is carried out by considering user defined hinge properties and default hinge length. Attempt is being made to assess the variation of pushover analysis results by considering user defined hinge properties and various hinge length formulations available in literature and results compared with experimentally obtained results based on test carried out on a G+2 storied RCC framed structure. For the present study two geometric models viz bare frame and rigid frame model is considered and it is found that the results of pushover analysis are very sensitive to geometric model and hinge length adopted. Keywords: Pushover analysis, Base shear, Displacement, hinge length, moment curvature analysis
Effect of use of recycled materials on indirect tensile strength of asphalt c...eSAT Journals
Abstract
Depletion of natural resources and aggregate quarries for the road construction is a serious problem to procure materials. Hence
recycling or reuse of material is beneficial. On emphasizing development in sustainable construction in the present era, recycling of
asphalt pavements is one of the effective and proven rehabilitation processes. For the laboratory investigations reclaimed asphalt
pavement (RAP) from NH-4 and crumb rubber modified binder (CRMB-55) was used. Foundry waste was used as a replacement to
conventional filler. Laboratory tests were conducted on asphalt concrete mixes with 30, 40, 50, and 60 percent replacement with RAP.
These test results were compared with conventional mixes and asphalt concrete mixes with complete binder extracted RAP
aggregates. Mix design was carried out by Marshall Method. The Marshall Tests indicated highest stability values for asphalt
concrete (AC) mixes with 60% RAP. The optimum binder content (OBC) decreased with increased in RAP in AC mixes. The Indirect
Tensile Strength (ITS) for AC mixes with RAP also was found to be higher when compared to conventional AC mixes at 300C.
Keywords: Reclaimed asphalt pavement, Foundry waste, Recycling, Marshall Stability, Indirect tensile strength.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Immunizing Image Classifiers Against Localized Adversary Attacks
False positive reduction by combining svm and knn algo
1. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
_______________________________________________________________________________________
Volume: 04 Issue: 02 | Feb-2015, Available @ http://www.ijret.org 451
FALSE POSITIVE REDUCTION BY COMBINING SVM AND KNN
ALGO
Sushil Kumar Mishra1
, Pankaj Bhatt2
1
PG Student, Computer Science Engineering, Graphic Era Hill University, Uttarakhand, India
2
PG Student, Computer Science Engineering, Graphic Era Hill University, Uttarakhand, India
Abstract
With the growth of information technology. There emerges many intrusion detection problem such as cyber security. Intrusion
detection system provides basic infrastructure to detect a number of attacks. This research work focuses on intrusion detection
problem of network security. The main goal is to detect network behaviour as normal or abnormal. In this research work, two
different machine learning algorithm have been combined together to reduce its weakness and takes positive feature of both
algorithm. Its experimental results generates better result than other algorithm in terms of performance, accuracy and false
positive rate. These combined algorithm has been applied on KDDCUP99 dataset to find better result by improving its
performance, accuracy and reducing its false positive rate.
Keywords: Intrusion detection system, KDDCUP99 dataset, False positive rate.
--------------------------------------------------------------------***----------------------------------------------------------------------
1. INTRODUCTION
In this century, Information security is a most menacing
problem. For handling these problem, many intrusion
detection method has been introduced but no one is perfect.
Intrusion detection system can provide protection for a
computer network from malicious files such as virus,
spyware and torjan horse. In which many computers are
interconnected. An intrusion detection system can monitor
the behaviour of all files those are coming in that computer
network. If any file is suspicious or malicious. So Intrusion
detection system can detect that malicious file or virus.
Intrusion detection system has created many clustering
based models separate normal and abnormal files. Intrusion
detection system can be used for neural network also to
provide security for computer network. Neural network first
uses trained dataset to recognize normal as well as abnormal
activity. Intrusion detection system protects a network
traffics from malicious files. It basically maintains
confidentiality and integrity of computer network. Any
unauthorized access of any personal data can not be made
possibled. So secrecy of network traffic and information
can be well maintained. Intrusion detection system can only
takes preventive majors to protect a computer network. No
intrusion detection system (IDS) is perfect to protect a
computer network. A very deep research work is going on
intrusion detection system to develop a such system that can
fully provide protection for a network traffic or a computer
network. In this research work, support vector machine
(SVM) basically creates clustering model. Which contains
normal as well as abnormal data. Which can monitor normal
as well as malicious behaviour to protect a computer
network from any malicious attack such as virus , worms,
torjan horse, rootkits attacks.
Intrusion detection system has been divided into two parts.
Fig. 1 Types of IDS
1.1 Anomaly Based Detection
Anomaly based intrusion detection system is based on a set
of heuristic rule. Which basically monitors a normal as well
as abnormal behaviour in a computer network. If any file is
self replicating in nature or trying to damage any other file,
such behaviours are detected by anomaly based detection.
The main disadvantage of anomaly based detection system
is higher false positive rate.
1.2 Signature Based Detection
Signature based intrusion detection system can detect only
known computer virus in a computer network. The computer
virus, those are discovered. Its signatures are created. These
signatures are stored in database. If any file comes in a
computer network. So its signatures are matched with all
file. If file matches with virus signature so it is declared a
computer virus otherwise a normal file. The main
disadvantage of signature based intrusion detection system
is that it can not detect a new computer virus.
2. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
_______________________________________________________________________________________
Volume: 04 Issue: 02 | Feb-2015, Available @ http://www.ijret.org 452
2. EXPERIMENTAL PARAMETERS
There are many parameters such performance, accuracy and
false positive rate, that can be calculated for intrusion
detection system.
Performance : Performance deals with achieving a target in
more efficient manner.
Performance = (True Positive)/(True Positive)+(True
Negative)
Accuracy : Accuracy deals with achieving a goal more
close to its actual value.
Accuracy = (True positive+True Negative)/(True
Positive+True Negative+False positive+False Negative).
False positive rate : Falsely detect a normal file as
abnormal file.
False positive rate =(False Positive)/(False Positive+True
Negative).
3. EVALUATION DATA SOURCES
False positive rate was calculated by the standard data set
KDDCUP99 given by the MIT laboratory. In this data set,
there are different types of attacks. Those may categorize
normal as well as abnormal data.
MIT Lincoln laboratory basically establishes a computer
network. About 7 days, monitors network traffic. Which
contains normal as well as abnormal data.
KDDCUP99 data set basically contains normal, denial of
service, buffer overflow, guess_passwd(53) and probe
attacks.
Denial of service : Denial of service (DOS) intrusion is an
intrusion. In which , legitmate information can not be make
available to legitmate receiver. DOS intrusion also slows
down computer system.
User to Root(U2R) : In this type of attack, attacker accesses
client’s password in unauthorized manner and can access
personal information or secret information from computer
system by using stolen password.
Remote to User(R2U) : In this attack, attacker can transmit
a packet over network. Which is not legitmate for that
network. Which increases network traffic. Remote to
user(R2U) can adversly affacts performance of that
computer network and can slow down computer system or
can restart a computer system again and again.
Probe : In this attack, attacker monitors all information.
Which are being sent in that network and can access it.
4. COMBINING SVM AND KNN ALGORITHM
Support vector machine(SVM) is a supervised learning
method for classification. In which, a hyperplane is created
through which a normal as well as abnormal data is
separated from each other. Support vector machine(SVM)
basically contains two phases-
1- Training phase
2- Testing phase
1-Training phase : Support vector machine(SVM) is able
to learn a huge set of pattern from dataset. In the dataset,
there are various kind of homogeneous pattern and
heterogeneous pattern of data . That can provide better
classification between normal and abnormal data.
2-Testing phase : By using training phases, Testing can be
done by support vector machine. Support vector machine
can evaluate accuracy, performance etc.
Support vector machine can evaluate false positive rate but
it generates very high false positive rate.
K nearest neighbor algorithm is basically a machine
learning algorithm. Which can be used to solve traveling
salesman problem.
By using K nearest neighbor algorithm, false positive rate
can be evaluated but it gives higher false positive rate.
Fig. 2: Intrusion detection system using CSVMKNN
Support vector machine(SVM) basically uses support
vectors to create a hyperplane. Hyperplane is used to
separate normal and abnormal data. Knn algorithm is used
to find new data added to training data set.
3. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
_______________________________________________________________________________________
Volume: 04 Issue: 02 | Feb-2015, Available @ http://www.ijret.org 453
so here, Support vector machine(SVM) and K nearest
neighbor (KNN) algorithms are combined together to
evaluate false positive rate is known as COMBINED
SUPPORT VECTOR K NEAREST NEIGHBOR
(CSVMKNN) algorithm. CSVMKNN algorithm is a
mixture of support vector machine (SVM) and K nearest
neighbor (KNN) algorithm. These two algorithm works
together in CSVMKNN algorithm. In which, support vector
machine (SVM) uses training data set to learn something
from data set. If any new is added to its dataset. so it is
updated by K nearest neighbor (KNN) algorithm.
CSVMKNN algorithm can be used as support vector
machine (SVM) and K nearest neighbor (KNN) algorithm to
evaluate false positive rate or false alarm rate. False positive
rate evaluated by using CSVMKNN algorithm, Can
produce better result. CSVMKNN algorithm is applied on
KDDCUP99 data set. This data set contains several type of
attack such as buffer overflow, Denial of service (DOS) etc.
CSVMKNN algorithm generates false positive rate. Which
is better than Support vector machine (SVM) and K nearest
neighbor (KNN) algorithm.
5. CSVMKNN ALGORITHM
Algorithm1 : SVM with KNN clustering
Input: Use training data set containing normal and
abnormal data (Class type).
Output: Generate SVM classifier.
1 start
2 select data from different class;
3 Separate normal and abnormal data by SVM classifier;
4 While number of iteration to add data to data set
5 Use support vector to create hyperplane;
6 Hyperplane separate normal and abnormal data;
7 Apply KNN clustering
8 KNN clustering classified normal and abnormal cluster.
9 If new data added to data set
10 update dataset;
11 else
12 Continues it as it;
13 end.
After this algorithm, SVM learning process is applied on
data set. Its main goal is to randomly choose data points
from KDDCUP99 data set. Hyperplane is used to separate
normal and abnormal data points. So there must be a
separate hyperplane between each training data points. So it
can provide a better selection method for each data points.
Support vector machine (SVM) training phase should be
introduced. In which. Hyperplane can allocate between
each data points. KNN clustering phase is introduced to
separate normal data and abnormal data. If new data is
added to training data set. So by using K nearest neighbor
(KNN) clustering phase, these new added data can be
updated to training data set. So these strategy is carried out
in next algorithm.
Algorithm2:
Input: Training data set (KDDCUP99).
Input: S1-Number of iteration.
Input: S2-Maximum detection rate.
Input: S3-Minimum detection rate.
Output: Support vector machine(SVM) and K nearest
neighbor (KNN) Classifier.
1 Start
2 initialize the data;
3 Let S2 is maximum detection rate, initially zero;
4 Let S3 is minimum detection rate, initially Zero
5 While S3<S2
6 initialize i=0;
7 for i=1,……..,….S1
8 Training phase :
9 Support vector machine (SVM) training phase;
10 Clustering Phase :
11 K nearest neighbor (KNN) clustering phase;
12 end
13 Use Support vector machine(SVM) Classifier;
14 Use hyperplane to separate normal and abnormal data;
15 if new data is added to data set ;
15 Use Knn algorithm to update S2;
16 Update learning process;
17 else
18 continue it as it:
19 end
20 end
The KNN clustering phase is used for better selection
strategy. False positive can be decreased by using
CSVMKNN algorithm. If new added data is declared as
normal. Otherwise, it increases its true positive rate. Which
basically adversely affacts performance and accuracy. In
SVM training phase, if new data is declared as abnormal
but in KNN clustering phase, it is declared as normal. So
such new data is declared a new kind of intrusion. In SVM
training phase, if new data is added to training data set ,
declared as normal and in KNN clustering phase, it is again
declared as normal. So such data decreases false positive
rate or false alarm rate. It increases performance and
accuracy of that machine learning algorithm.
Combined support vector machine k nearest neighbor
(CSVMKNN) algorithm basically provides better selection
strategy than support vector machine (SVM) and K nearest
neighbor (KNN) algorithm. CSVMKNN algorithm takes
positive features of support vector machine (SVM)
algorithm and K nearest neighbor (KNN) algorithm and
avoids weakness of Support vector machine (SVM)
algorithm and K nearest neighbor (KNN) algorithm.
CSVMKNN algorithm reduces false positive rate of its
algorithm by using better selection strategy and improves
performance of machine learning (CSVMKNN) algorithm.
So, CVMKNN algorithm generates lesser false positive
rate than support vector machine (SVM) algorithm and K
nearest neighbor algorithm (KNN) algorithm. CSVMKNN
algorithm can produce higher performance and accuracy
than support vector machine (SVM) and K nearest neighbor
(KNN) algorithm.
4. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
_______________________________________________________________________________________
Volume: 04 Issue: 02 | Feb-2015, Available @ http://www.ijret.org 454
6. RESULTS
Support vector machine (SVM) algorithm, KNN nearest
neighbor (KNN) algorithm and CSVMKNN algorithm are
applied on training data set (KDDCUP99). Through which ,
false positive rate can be calculated. These false positive
rate will be compared to determine. Which algorithm has
generated lesser false positive rate
Support vector machine (SVM) classifier: SVM classifier
is used to create a hyperplane between different data points
by using support vector . These hyperplane is used to
separate normal and abnormal data. On the basis of this, we
can evaluate performance, accuracy, false positive rate.
Class Normal Denial
Of
service
User
To
Root
Remote
To
User
Probe
Normal 900 7 8 1 0
Denial
Of
service
3 345 0 2 11
User
To
Root
400 0 0 0 10
Remote
To
User
345 0 41 34 0
Probe 127 100 0 10 0
Fig-3 SVM classifier
K nearest neighbor (KNN) classifier is used to discover
new data added to training data set. KNN classifier also
determines that new added data is normal or abnormal.
KNN algorithm is applied on KDDCUP99 data set to
evaluate performance, accuracy and false positive rate.
Class Normal Denial
Of
service
User
To
Root
Remote
To
User
Probe
Normal 928 1 5 0 1
Denial
Of
service
0 45 0 200 1
User
To
Root
4 3 6 5 0
Remote
To
User
0 0 412 234 15
Probe 1 4 0 0 23
Fig-4 KNN classifier
CSVMKNN classifier basically contains feature of both
algorithm support vector machine (SVM) and K nearest
neighbor (KNN) algorithm. CSVMKNN algorithm is
applied on KDDCUP99 dataset to generate its performance,
accuracy, false positive rate.
Class Normal Denial
Of
service
User
To
Root
Remote
To
User
Probe
Normal 100 0 8 9 70
Denial
Of
service
30 35 0 0 89
User
To
Root
0 0 0 50 0
Remote
To
User
0 0 0 24 0
Probe 1 4 0 0 0
Fig-5 CSVMKNN Classifier
Evaluation
Measure
SVM KNN CSVMKNN
False
positive Rate
12.00 11.00 6.00
False
Negative
Rate
26.00 6.00 0.89
Performance 8.00 9.00 14.50
Accuracy 7.50 3.50 16.00
Fig-6 Comparison of false positive rate
CSVMKNN algorithm generates lesser false positive rate
than Support vector machine (SVM) and K nearest neighbor
(KNN) algorithm.
7. CONCLUSION
In this research work, Support vector machine (SVM)
algorithm, K nearest neighbor (KNN) algorithm and
CSVMKNN algorithm have been applied on KDDCUP99
data set separately. In which CSVMKNN algorithm has
generated lower false positive rate than SVM and KNN
algorithm. CSVMKNN algorithm has enhanced
performance , accuracy and higher detection rate than other
machine learning algorithm. Still , there is area of
improvement in this algorithm until we are not getting zero
false positive rate.
REFERENCES
[1]. pgale, Robert, Sheodoor schote, rengin and
Christopher kruegel.”A Literature analysis on automated
malware analysis technique”
[2]. Pargas, Rob Jonathan jarcy, Eleazar Aguirre Anaya ,
Samon Galeana Huerta and Alba Felix Moreno
Hernandez,"Security controls for Android" In
Computational Aspects of Social Networks (CASoN), 2012
Fourth International Conference on, pp.212-216,IEEE,2012
[3]. Blasing, Thomas, Leonid Batyuk, A-D.Schmidt, Seyit
Ahmet Camtepe, and Sahin Albayrak." An android
application sandbox system for suspicious software
detection" In Malicious and Unwanted Software
(MALWARE), 2010 5th
International Conference on ,pp.
55-62 IEEE, 2010.
5. IJRET: International Journal of Research in Engineering and Technology eISSN: 2319-1163 | pISSN: 2321-7308
_______________________________________________________________________________________
Volume: 04 Issue: 02 | Feb-2015, Available @ http://www.ijret.org 455
[4]. Johnson Ryan, Zhaohui Wang , Corey Gagnon and
Angelos Stavrou." Analysis of Android Applications'
Permissions. " In Software Security and Reliability
Companion(SERE-C),2012 IEEE Sixth International
Conference on, pp. 45 - 46.IEEE,2012.
[5]. Susan M. B. and Rayford B.V. (2000). Intrusion
detection via fuzzy data mining, Proceedings of the 12th
Annual Canadian Information Technology,Ottawa, Canada,
June 19-23, 2000, PP.109-122.
[6]. A Detailed Analysis of the KDD CUP 99 Data Set,
Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A.
BIOGRAPHIES
Sushil kumar Mishra is a M.tech student
and doing research work in computer
security
Pankaj Bhatt is pursuing M.tech and
doing research work in computer security.