This document summarizes an algorithm called Ant-Miner that uses ant colony optimization to discover classification rules for network intrusion detection. Ant-Miner works by having artificial ants explore paths in a data structure representing the classification problem to discover rules. As more ants take the same path, the path is reinforced through pheromone updating, eventually leading to the discovery of classification rules. The authors apply Ant-Miner to a standard intrusion detection dataset and find it outperforms other classification methods in terms of accuracy and classification rate.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
Constructing a predictive model for an intelligent network intrusion detectionAlebachew Chiche
This document presents a study that constructs a predictive model for network intrusion detection using data mining techniques. The study uses the KDD Cup 99 intrusion detection dataset to build classification models using J48 decision tree, JRip rule induction, Naive Bayes, and multilayer perceptron algorithms. The J48 decision tree algorithm achieved the highest accuracy of 99.91% and was selected to build the predictive model. This model was then integrated with a knowledge-based system to build an intelligent network intrusion detection system capable of automatically detecting network attacks, mapping detections to attack categories, and updating the training data over time. Experimental evaluation found the integrated system achieved 91.43% accuracy and 83% user acceptance in detecting network intrusions
A new clutering approach for anomaly intrusion detectionIJDKP
Recent advances in technology have made our work easier compare to earlier times. Computer network is
growing day by day but while discussing about the security of computers and networks it has always been a
major concerns for organizations varying from smaller to larger enterprises. It is true that organizations
are aware of the possible threats and attacks so they always prepare for the safer side but due to some
loopholes attackers are able to make attacks.
Intrusion detection is one of the major fields of research and researchers are trying to find new algorithms
for detecting intrusions. Clustering techniques of data mining is an interested area of research for detecting
possible intrusions and attacks. This paper presents a new clustering approach for anomaly intrusion
detection by using the approach of K-medoids method of clustering and its certain modifications. The
proposed algorithm is able to achieve high detection rate and overcomes the disadvantages of K-means
algorithm.
This document presents a proposed hybrid intrusion detection system that combines k-means clustering, k-nearest neighbor classification, and decision table majority rule-based approaches. The system is evaluated on the KDD-99 dataset to detect intrusions and classify them into four categories: R2L, DoS, Probe, and U2R. The goal is to decrease the false alarm rate and increase accuracy and detection rate compared to existing intrusion detection systems. The proposed system applies k-means clustering first, then k-nearest neighbor classification, and finally decision table majority rules. Results show the proposed hybrid approach improves performance metrics compared to existing techniques.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not present in training data. Further combining the algorithms into a two-stage process may yield even higher accuracy.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
This summarizes a research paper that proposes a new approach called CSVAC (Combined Support Vector with Ant Colony) for intrusion detection. The approach combines two algorithms, Support Vector Machine (SVM) and Ant Colony Optimization (ACO), to classify network data as normal or abnormal. SVM is used to generate a separating hyperplane and find support vectors, while ACO performs clustering around the support vectors. The clusters are added to the SVM training set and it is retrained in an iterative process until the detection rate exceeds a threshold. The paper evaluates this approach on the standard KDD99 dataset and finds it achieves superior results to other algorithms in terms of accuracy and efficiency.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
Constructing a predictive model for an intelligent network intrusion detectionAlebachew Chiche
This document presents a study that constructs a predictive model for network intrusion detection using data mining techniques. The study uses the KDD Cup 99 intrusion detection dataset to build classification models using J48 decision tree, JRip rule induction, Naive Bayes, and multilayer perceptron algorithms. The J48 decision tree algorithm achieved the highest accuracy of 99.91% and was selected to build the predictive model. This model was then integrated with a knowledge-based system to build an intelligent network intrusion detection system capable of automatically detecting network attacks, mapping detections to attack categories, and updating the training data over time. Experimental evaluation found the integrated system achieved 91.43% accuracy and 83% user acceptance in detecting network intrusions
A new clutering approach for anomaly intrusion detectionIJDKP
Recent advances in technology have made our work easier compare to earlier times. Computer network is
growing day by day but while discussing about the security of computers and networks it has always been a
major concerns for organizations varying from smaller to larger enterprises. It is true that organizations
are aware of the possible threats and attacks so they always prepare for the safer side but due to some
loopholes attackers are able to make attacks.
Intrusion detection is one of the major fields of research and researchers are trying to find new algorithms
for detecting intrusions. Clustering techniques of data mining is an interested area of research for detecting
possible intrusions and attacks. This paper presents a new clustering approach for anomaly intrusion
detection by using the approach of K-medoids method of clustering and its certain modifications. The
proposed algorithm is able to achieve high detection rate and overcomes the disadvantages of K-means
algorithm.
This document presents a proposed hybrid intrusion detection system that combines k-means clustering, k-nearest neighbor classification, and decision table majority rule-based approaches. The system is evaluated on the KDD-99 dataset to detect intrusions and classify them into four categories: R2L, DoS, Probe, and U2R. The goal is to decrease the false alarm rate and increase accuracy and detection rate compared to existing intrusion detection systems. The proposed system applies k-means clustering first, then k-nearest neighbor classification, and finally decision table majority rules. Results show the proposed hybrid approach improves performance metrics compared to existing techniques.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not present in training data. Further combining the algorithms into a two-stage process may yield even higher accuracy.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
This summarizes a research paper that proposes a new approach called CSVAC (Combined Support Vector with Ant Colony) for intrusion detection. The approach combines two algorithms, Support Vector Machine (SVM) and Ant Colony Optimization (ACO), to classify network data as normal or abnormal. SVM is used to generate a separating hyperplane and find support vectors, while ACO performs clustering around the support vectors. The clusters are added to the SVM training set and it is retrained in an iterative process until the detection rate exceeds a threshold. The paper evaluates this approach on the standard KDD99 dataset and finds it achieves superior results to other algorithms in terms of accuracy and efficiency.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
11.a genetic algorithm based elucidation for improving intrusion detection th...Alexander Decker
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions. The genetic algorithm evolves rules over generations to maximize fitness. Experiments show this approach can improve detection rates and reduce false alarms compared to existing intrusion detection systems.
1.[1 9]a genetic algorithm based elucidation for improving intrusion detectio...Alexander Decker
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions with a condensed feature set. The genetic algorithm is used to evolve rules from the reduced training data, with a fitness function evaluating rule quality. Experiments and evaluations are conducted on the KDD Cup 99 dataset to test the proposed method.
Visualize network anomaly detection by using k means clustering algorithmIJCNCJournal
With the ever increasing amount of new attacks in today’s world the amount of data will keep increasing,
and because of the base-rate fallacy the amount of false alarms will also increase. Another problem with
detection of attacks is that they usually isn’t detected until after the attack has taken place, this makes
defending against attacks hard and can easily lead to disclosure of sensitive information.
In this paper we choose K-means algorithm with the Kdd Cup 1999 network data set to evaluate the
performance of an unsupervised learning method for anomaly detection. The results of the evaluation
showed that a high detection rate can be achieve while maintaining a low false alarm rate .This paper
presents the result of using k-means clustering by applying Cluster 3.0 tool and visualized this result by
using TreeView visualization tool .
Survey of network anomaly detection using markov chainijcseit
This document summarizes research on using Markov chain models for anomaly detection in network intrusion detection systems. It first provides background on intrusion detection and different approaches. It then reviews several related works that use techniques like k-means clustering, decision trees, genetic algorithms, and Markov chains. The paper proposes using a k-means algorithm combined with a Markov chain model to detect attacks. The Markov chain model analyzes system state transitions over time to probabilistically model normal behavior and detect anomalies. The existing system has low detection and prevention rates. Future work could explore using eigenvectors and thresholds to improve performance.
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
Intrusion detection with Parameterized Methods for Wireless Sensor Networksrahulmonikasharma
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
This document describes a proposed hybrid intrusion detection model that uses feature selection and machine learning algorithms with misuse detection. The model first selects important features from the NSL-KDD dataset and generates rules based on the behaviors of those features using J48 and CART algorithms. These rules are then used to build an intrusion detection framework that is tested on the NSL-KDD dataset, achieving an accuracy of 88.23%, outperforming other models that require prior learning of attacks. The proposed model works on the concept of misuse detection and can detect intrusions based on feature behaviors without any previous training.
This document summarizes research on intrusion detection systems using data mining techniques. It first describes the architecture of a data mining-based IDS, including sensors to collect data, detectors to evaluate the data using models, a data warehouse to store data and models, and a model generator to develop and distribute new models. It then discusses supervised and unsupervised learning approaches for intrusion detection. The document concludes by summarizing several papers on intrusion detection using techniques like neural networks, decision trees, clustering, and ensemble methods.
This document summarizes and compares different clustering algorithms that can be used for network anomaly detection. It proposes a method that first applies clustering algorithms like k-means, hierarchical, and expectation maximization clustering to partition network traffic data into clusters. It then applies the ID3 decision tree algorithm on each cluster to classify instances as normal or anomalous. The performance of this combined method is compared to using just the clustering or ID3 algorithms individually. Real network data sets are used to evaluate performance based on various metrics. The combined method is found to outperform the individual algorithms. The document also reviews several other related works applying clustering and decision trees for network anomaly detection and privacy-preserving data mining.
An effective approach for tackling network security
problems is Intrusion detection systems (IDS). These kind of
systems play a key role in network security as they can detect
different types of attacks in networks, including DoS, U2R Probe
and R2L. In addition, IDS are an increasingly key part of the
system’s defense. Various approaches to IDS are now being used,
but are unfortunately relatively ineffective. Data mining techniques
and artificial intelligence play an important role in security
services. We will present a comparative study of three wellknown
intelligent algorithms in this paper. These are Radial Basis
Functions (RBF), Multilayer Perceptrons (MLP) and Support
Vector Machine (SVM).This work’s main interest is to benchmark
the performance of these3 intelligent algorithms. This is done by
using a dataset of about 9,000 connections, randomly chosen from
KDD'99’s 10% dataset. In addition, we investigate these
algorithms’ performance in terms of their attack classification
accuracy. The Simulation results are also analyzed and the
discussion is then presented. It has been observed that SVM with a
linear kernel (Linear-SVM) gives a better performance than MLP
and RBF in terms of its detection accuracy and processing speed.
Contra * Continuous Functions in Topological SpacesIJMER
This document discusses contra α* continuous functions between topological spaces. It begins by introducing α*-open sets and various related concepts like α*-continuity. It then defines a function from one topological space to another to be contra α*-continuous if the preimage of every open set is α*-closed in the domain space. Some properties of contra α*-continuous functions are established, including that every contra-continuous function is contra α*-continuous. Examples are given to show the concepts are independent. The discussion considers the relationships between contra α*-continuity and other variations of contra-continuity.
Sender Authentication with Transmission Power Adjustment Method Using RSSI in...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
This document summarizes research on the surface properties of stainless steel specimens after undergoing plasma polishing in electrolyte. Plasma polishing is presented as an alternative to electrochemical polishing that uses less harsh chemicals. The study examined how surface roughness, gloss level, and thickness of material removed varied with treatment time for stainless steel specimens polished in a plasma electrolyte process. Results were also compared to specimens that underwent standard electrochemical polishing. Key findings included reductions in surface roughness and increases in gloss with longer treatment times for plasma polishing in electrolyte.
This document provides an overview of Turing machines and the Church-Turing thesis. It discusses how Turing machines were conceived of by Alan Turing as a hypothetical computing device and how they helped establish the limits of mechanical computation. It describes the key components of a Turing machine including the tape, head, state register, and finite table of instructions. It also discusses how Turing machines, lambda calculus, and recursive functions were shown to be equivalent, leading to the Church-Turing thesis which states that any function that can be calculated by an algorithm can be simulated on a Turing machine.
Optimal Converge cast Methods for Tree- Based WSNsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
This document discusses the effects of time offset (TO) and carrier frequency offset (CFO) on orthogonal frequency division multiplexing (OFDM) systems and proposes interference cancellation techniques. It introduces the OFDM system model and how CFO causes loss of orthogonality between subcarriers, resulting in inter-carrier interference (ICI) that degrades performance. The paper proposes an ICI reduction scheme using self-cancellation and evaluates its performance compared to standard OFDM. It also discusses using space-time block coding (STBC) with OFDM to improve performance by reducing bit error rate (BER) under different signal-to-noise ratios. Simulation results show STBC effectively mitigates the effects of inter-
This document summarizes an article from the International Journal of Modern Engineering Research about automatically detecting unsafe dynamic component loadings in networked systems. It describes how dynamic loading works and the security issues it can enable if components are loaded from unintended locations. The paper then presents a two-phase approach to detect these unsafe loadings using dynamic instrumentation to collect loading information during execution and then analyzing the data offline to identify failures or unsafe resolutions based on the search path and specifications. It implemented this approach on Windows and UNIX systems and found unsafe loadings were prevalent, especially on Windows.
Abstract: In this paper, we define and study about a new type of generalized closed set called, g∗s-closed set.Its relationship with already defined generalized closed sets are also studied
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
11.a genetic algorithm based elucidation for improving intrusion detection th...Alexander Decker
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions. The genetic algorithm evolves rules over generations to maximize fitness. Experiments show this approach can improve detection rates and reduce false alarms compared to existing intrusion detection systems.
1.[1 9]a genetic algorithm based elucidation for improving intrusion detectio...Alexander Decker
This document summarizes a research paper that proposes using a genetic algorithm to improve intrusion detection. The paper aims to reduce features from the KDD Cup 99 dataset and generate a rule set using genetic algorithms to detect intrusions with a condensed feature set. The genetic algorithm is used to evolve rules from the reduced training data, with a fitness function evaluating rule quality. Experiments and evaluations are conducted on the KDD Cup 99 dataset to test the proposed method.
Visualize network anomaly detection by using k means clustering algorithmIJCNCJournal
With the ever increasing amount of new attacks in today’s world the amount of data will keep increasing,
and because of the base-rate fallacy the amount of false alarms will also increase. Another problem with
detection of attacks is that they usually isn’t detected until after the attack has taken place, this makes
defending against attacks hard and can easily lead to disclosure of sensitive information.
In this paper we choose K-means algorithm with the Kdd Cup 1999 network data set to evaluate the
performance of an unsupervised learning method for anomaly detection. The results of the evaluation
showed that a high detection rate can be achieve while maintaining a low false alarm rate .This paper
presents the result of using k-means clustering by applying Cluster 3.0 tool and visualized this result by
using TreeView visualization tool .
Survey of network anomaly detection using markov chainijcseit
This document summarizes research on using Markov chain models for anomaly detection in network intrusion detection systems. It first provides background on intrusion detection and different approaches. It then reviews several related works that use techniques like k-means clustering, decision trees, genetic algorithms, and Markov chains. The paper proposes using a k-means algorithm combined with a Markov chain model to detect attacks. The Markov chain model analyzes system state transitions over time to probabilistically model normal behavior and detect anomalies. The existing system has low detection and prevention rates. Future work could explore using eigenvectors and thresholds to improve performance.
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
Intrusion detection with Parameterized Methods for Wireless Sensor Networksrahulmonikasharma
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
This document describes a proposed hybrid intrusion detection model that uses feature selection and machine learning algorithms with misuse detection. The model first selects important features from the NSL-KDD dataset and generates rules based on the behaviors of those features using J48 and CART algorithms. These rules are then used to build an intrusion detection framework that is tested on the NSL-KDD dataset, achieving an accuracy of 88.23%, outperforming other models that require prior learning of attacks. The proposed model works on the concept of misuse detection and can detect intrusions based on feature behaviors without any previous training.
This document summarizes research on intrusion detection systems using data mining techniques. It first describes the architecture of a data mining-based IDS, including sensors to collect data, detectors to evaluate the data using models, a data warehouse to store data and models, and a model generator to develop and distribute new models. It then discusses supervised and unsupervised learning approaches for intrusion detection. The document concludes by summarizing several papers on intrusion detection using techniques like neural networks, decision trees, clustering, and ensemble methods.
This document summarizes and compares different clustering algorithms that can be used for network anomaly detection. It proposes a method that first applies clustering algorithms like k-means, hierarchical, and expectation maximization clustering to partition network traffic data into clusters. It then applies the ID3 decision tree algorithm on each cluster to classify instances as normal or anomalous. The performance of this combined method is compared to using just the clustering or ID3 algorithms individually. Real network data sets are used to evaluate performance based on various metrics. The combined method is found to outperform the individual algorithms. The document also reviews several other related works applying clustering and decision trees for network anomaly detection and privacy-preserving data mining.
An effective approach for tackling network security
problems is Intrusion detection systems (IDS). These kind of
systems play a key role in network security as they can detect
different types of attacks in networks, including DoS, U2R Probe
and R2L. In addition, IDS are an increasingly key part of the
system’s defense. Various approaches to IDS are now being used,
but are unfortunately relatively ineffective. Data mining techniques
and artificial intelligence play an important role in security
services. We will present a comparative study of three wellknown
intelligent algorithms in this paper. These are Radial Basis
Functions (RBF), Multilayer Perceptrons (MLP) and Support
Vector Machine (SVM).This work’s main interest is to benchmark
the performance of these3 intelligent algorithms. This is done by
using a dataset of about 9,000 connections, randomly chosen from
KDD'99’s 10% dataset. In addition, we investigate these
algorithms’ performance in terms of their attack classification
accuracy. The Simulation results are also analyzed and the
discussion is then presented. It has been observed that SVM with a
linear kernel (Linear-SVM) gives a better performance than MLP
and RBF in terms of its detection accuracy and processing speed.
Contra * Continuous Functions in Topological SpacesIJMER
This document discusses contra α* continuous functions between topological spaces. It begins by introducing α*-open sets and various related concepts like α*-continuity. It then defines a function from one topological space to another to be contra α*-continuous if the preimage of every open set is α*-closed in the domain space. Some properties of contra α*-continuous functions are established, including that every contra-continuous function is contra α*-continuous. Examples are given to show the concepts are independent. The discussion considers the relationships between contra α*-continuity and other variations of contra-continuity.
Sender Authentication with Transmission Power Adjustment Method Using RSSI in...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
This document summarizes research on the surface properties of stainless steel specimens after undergoing plasma polishing in electrolyte. Plasma polishing is presented as an alternative to electrochemical polishing that uses less harsh chemicals. The study examined how surface roughness, gloss level, and thickness of material removed varied with treatment time for stainless steel specimens polished in a plasma electrolyte process. Results were also compared to specimens that underwent standard electrochemical polishing. Key findings included reductions in surface roughness and increases in gloss with longer treatment times for plasma polishing in electrolyte.
This document provides an overview of Turing machines and the Church-Turing thesis. It discusses how Turing machines were conceived of by Alan Turing as a hypothetical computing device and how they helped establish the limits of mechanical computation. It describes the key components of a Turing machine including the tape, head, state register, and finite table of instructions. It also discusses how Turing machines, lambda calculus, and recursive functions were shown to be equivalent, leading to the Church-Turing thesis which states that any function that can be calculated by an algorithm can be simulated on a Turing machine.
Optimal Converge cast Methods for Tree- Based WSNsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
This document discusses the effects of time offset (TO) and carrier frequency offset (CFO) on orthogonal frequency division multiplexing (OFDM) systems and proposes interference cancellation techniques. It introduces the OFDM system model and how CFO causes loss of orthogonality between subcarriers, resulting in inter-carrier interference (ICI) that degrades performance. The paper proposes an ICI reduction scheme using self-cancellation and evaluates its performance compared to standard OFDM. It also discusses using space-time block coding (STBC) with OFDM to improve performance by reducing bit error rate (BER) under different signal-to-noise ratios. Simulation results show STBC effectively mitigates the effects of inter-
This document summarizes an article from the International Journal of Modern Engineering Research about automatically detecting unsafe dynamic component loadings in networked systems. It describes how dynamic loading works and the security issues it can enable if components are loaded from unintended locations. The paper then presents a two-phase approach to detect these unsafe loadings using dynamic instrumentation to collect loading information during execution and then analyzing the data offline to identify failures or unsafe resolutions based on the search path and specifications. It implemented this approach on Windows and UNIX systems and found unsafe loadings were prevalent, especially on Windows.
Abstract: In this paper, we define and study about a new type of generalized closed set called, g∗s-closed set.Its relationship with already defined generalized closed sets are also studied
Acquisition of Long Pseudo Code in Dsss SignalIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
A Novel Method for Blocking Misbehaving Users over Anonymizing NetworksIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
Structural Behaviour of Fibrous Concrete Using Polypropylene FibresIJMER
The document summarizes an experimental investigation into the effects of adding polypropylene fibers in varying amounts (0.1-0.4%) along with 0.8% steel fibers to concrete. The main findings are:
1) Adding up to 0.2% polypropylene fibers resulted in a small increase in compressive strength of around 7.5%, but more than 0.2% caused a decrease.
2) Tensile strength measures (split tensile and flexural strength) increased significantly, by up to 47-50%, with an optimum of 0.3% polypropylene fibers.
3) Stress-strain testing showed fibers increased failure strains and the area under
This document describes a Trust-Aware Routing Framework (TARF) designed to secure multi-hop routing in wireless sensor networks against attacks that misdirect traffic by replaying routing information to spoof identities. TARF evaluates the trustworthiness of neighboring nodes based on their past performance in delivering packets to the base station. It identifies untrustworthy or compromised nodes and routes data along paths that avoid those nodes, improving throughput. TARF requires neither tight time synchronization nor location information. Evaluation shows it effectively counters attacks using replayed routing data and maintains performance under dynamic network conditions.
Thermal Expansivity Behavior and Determination of Density of Al 6061-Sic-Gr ...IJMER
Metal Matrix Composites (MMCs) covers a very wide range of materials to simple
reinforcements of castings with low cost refractory wool, to complex continuous fires lay
Nonlinear Transformation Based Detection And Directional Mean Filter to Remo...IJMER
In this paper, a novel two stage algorithm for the removal of random valued impulse noise
from the images is presented. In the first stage the noise pixels are detected by using an exponential
nonlinear function. The transformation of the pixels increases the gap between noisy and noise free
candidates which leads to an efficient detection. In the second stage, the directional differences between
the pixels in the four main directions are calculated. The mean values of the pixels which lie in the
direction of minimum difference are calculated and the noisy pixel values are replaced with the mean
value of the pixels lying in the direction of minimum difference. Experimental results show that proposed
method is superior to the conventional methods in peak signal to noise ratio.
Earthquake Resistant Design of Low-Rise Open Ground Storey Framed BuildingIJMER
This document discusses the earthquake resistant design of low-rise buildings with open ground stories (OGS). It aims to study the effect of infill wall stiffness and support conditions on the seismic behavior of OGS buildings. A 4-story reinforced concrete building located in seismic zone 5 of India is modeled with and without considering infill walls. Both linear and nonlinear analyses are performed. The results show that considering infill wall stiffness reduces seismic demands on ground story columns and beams compared to models without infills. A force amplification factor of 2.5 applied to the ground story in current standards is found to be too conservative for low-rise OGS buildings. Support conditions also influence the building response, with fixed supports resulting in greater period shifts
Fuzzy Rule Based Model for Optimal Reservoir ReleasesIJMER
The aim of this paper is to develop a Fuzzy Rule Based(FRB) model for obtaining the
optimal reservoir releases. The area considered for the study is ukai reservoir project. The data
considered are for the months of July, August, September and October for the years 2007 and 2011.
The inputs considered are inflow (MCM), Storage (MCM), Demand (MCM) and the Release (MCM) is
considered as output. Fuzzy logic, analysis is based on designing of if and then rules. Fuzzy logic
model can handle with various kinds of data regulations implication and defuzzification. The steps
involved in the development of the model include the construction of membership functions, creating
the Fuzzy rules, implication and deffuzification. The results obtained shows that the releases obtained
from the FRB model are satisfying the demand completely in all the four months, i.e. July, August,
September and October for the year 2007 and the same is observed for the year 2011. Also, a
significant amount of water is being saved, when the actual releases are compared with the releases
obtained from the FRB model.
Upgrading of Low Temperature Solar Heat with Cascade Vapor Compression and Ab...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
Fatigue Performance in Grinding and Turning: An OverviewIJMER
This paper analysis the influence of Abrasive Flow Machining (AFM), Turning and Grinding on
fatigue performance of Fe250. Surface condition has a strong effect on fatigue life, and that most surfaces
produced by conventional manufacturing operations such as machining and forging have poor fatigue
behavior than polished surfaces commonly used for laboratory specimens. It is found that the surfaces
produced with different machining process and having the same surface roughness having different fatigue
performances. High –cycle fatigue data was obtained for Fe 250 using three types of machining process
viz, AFM, Turning and Grinding .S-N curve is plotted for the samples obtained with all the three process. It
was found that the samples produced with AFM having the highest fatigue life.
The Method of Repeated Application of a Quadrature Formula of Trapezoids and ...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
Minimization of Shrinkage Porosity in A Sand Casting Process By Simulation I...IJMER
There is an increasing demand in manufacturing environment for the best quality of casting
products at the right time and quantity. In order to survive in the competitive market and to achieve
customer satisfaction trial-and-error method to produce defect free casting products from design to
manufacturing is too costly and not effective [1]. Modernization is the only key to improve casting quality
and productivity. This paper discusses the simulation process of casting solidification with the AutoCAST-X
software of a intricate shape small size casting of LM6 (Al alloy) metal. With the help of simulation study
hot spot in the casting has been identified. This has immensely helped in locating the optimum position and
size of the feeder required. This paper also shows the application of feeding aids as exothermic sleeve. The
simulation study has shown the improvement in feeding yield and quality of the casting.
Intrusion Detection System Using Machine Learning: An OverviewIRJET Journal
This document provides an overview of machine learning approaches for intrusion detection systems (IDS). It discusses how IDS use data mining techniques like classification, clustering, and association rule mining to detect network intrusions based on patterns in data. The document reviews several papers applying methods like ant colony optimization, support vector machines, genetic algorithms, and convolutional neural networks to classify network activities as normal or intrusive. It compares the strengths and limitations of different machine learning algorithms for IDS and identifies areas for potential improvement in future research.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
This document discusses using a random forest classifier with feature selection to improve intrusion detection. It begins with background on intrusion detection systems and challenges. It then proposes using genetic algorithms for feature selection to identify the most important features from a dataset. A random forest classifier is used for classification, which combines decision trees to improve accuracy. The methodology involves feature selection, classification with random forest, and detection. Feature weights are calculated and cross-validation is used to analyze detection rates for individual attacks. The goal is to improve accuracy, reduce training time, and better detect minority attacks through this approach.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
An intrusion detection system plays a major role in network security. We
propose a model “DB-OLS: An Approach for IDS” which is a Deviation Based-Outlier
approach for Intrusion detection using Self Organizing Maps. In this model “Self
Organizing Map” approach is to be used for behavior learning and “Outlier mining”
approach, for detecting an intruder by calculating deviation from known user profile.
This model aims to improve the capability of detecting intruders.
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
In today's interconnected world, one of pervasive issue is how to protect system from intrusion based security attacks. It is an important issue to detect the intrusion attacks for the security of network communication.Denial of Service (DoS) attacks is evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money.Significance of Intrusion detection system (IDS) in computer network security well proven. Intrusion Detection Systems (IDSs) have become an efficient defense tool against network attacks since they allow network administrator to detect policy violations. Mining approach can play very important role in developing intrusion detection system. Classification is identified as an important technique of data mining. This paper evaluates performance of well known classification algorithms for attack classification. The key ideas are to use data mining techniques efficiently for intrusion attack classification. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
This document describes a proposed approach for anomaly detection in intrusion detection systems using outlier detection. It begins with background on intrusion detection systems and issues with existing approaches. It then presents the proposed two-stage approach using outlier detection: 1) Training with large normal datasets in a distributed storage environment, and 2) Testing intrusion datasets to compute an error value compared to the trained model. If the error value exceeds a threshold, the test data is flagged as anomalous. Experimental results on network packet datasets demonstrate the approach can effectively identify anomalies.
This document summarizes various data mining techniques that have been used for intrusion detection systems. It first describes the architecture of a data mining-based IDS, including sensors to collect data, detectors to evaluate the data using detection models, a data warehouse for storage, and a model generator. It then discusses supervised and unsupervised learning approaches that have been applied, including neural networks, support vector machines, K-means clustering, and self-organizing maps. Finally, it reviews several related works applying these techniques and compares their results, finding that combinations of approaches can improve detection rates while reducing false alarms.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
This document proposes a new clustering approach for anomaly intrusion detection using a modified k-medoids clustering algorithm. The proposed algorithm aims to overcome the disadvantages of the traditional k-means algorithm such as dependence on initial centroids and cluster numbers. It applies k-medoids clustering with standardized data and removes empty clusters to eliminate degeneracy. An experiment on the KDD Cup 99 dataset shows the new algorithm achieves higher detection rates and accuracy compared to k-means, fuzzy c-means, and y-means algorithms, with a lower false alarm rate.
Minkowski Distance based Feature Selection Algorithm for Effective Intrusion ...IJMER
Intrusion Detection System (IDS) plays a major role in the provision of effective security to various types of networks. Moreover, Intrusion Detection System for networks need appropriate rule set for classifying network bench mark data into normal or attack patterns. Generally, each dataset is characterized by a large set of features. However, all these features will not be relevant or fully contribute in identifying an attack. Since different attacks need various subsets to provide better detection accuracy. In this paper an improved feature selection algorithm is proposed to identify the most appropriate subset of features for detecting a certain attacks. This proposed method is based on Minkowski distance feature ranking and an improved exhaustive search that selects a better combination of features. This system has been evaluated using the KDD CUP 1999 dataset and also with EMSVM [1] classifier. The experimental results show that the proposed system provides high classification accuracy and low false alarm rate when applied on the reduced feature subsets
A Study and Comparative analysis of Conditional Random Fields for Intrusion d...IJORCS
Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. Intrusion detection plays one of the key roles in computer security techniques and is one of the prime areas of research. Due to complex and dynamic nature of computer networks and hacking techniques, detecting malicious activities remains a challenging task for security experts, that is, currently available defense systems suffer from low detection capability and high number of false alarms. An intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper we study the Machine Learning and data mining techniques to solve Intrusion Detection problems within computer networks and compare the various approaches with conditional random fields and address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach.
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...ijceronline
This document proposes a new hybrid intrusion detection system based on data mining techniques to improve performance over traditional IDS. The system combines hierarchical clustering, C5.0 classification, and CHAID classification. First, hierarchical clustering is used to split network data into normal and anomalous clusters. Then C5.0 classification labels the clusters, and any misclassified data is classified again with CHAID classification. Experimental results on the KDD 99 dataset show the proposed system has higher accuracy and efficiency than existing IDS approaches.
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
The document discusses using machine learning algorithms like Random Forest and k-Nearest Neighbors for intrusion detection. It analyzes the KDD Cup 1999 intrusion detection dataset to classify network traffic as normal or different types of attacks. The proposed model uses Random Forest for feature selection and k-Nearest Neighbors for classification to more accurately detect known and unknown attacks. Experimental results show the combined approach achieves better detection rates than other algorithms alone, especially for novel attacks not in the training data. Further combining the algorithms into a two-stage model is suggested to improve performance.
An Intrusion Detection based on Data mining technique and its intended import...Editor IJMTER
Intrusion detection is a pivotal and essential requirement of today’s era. There are two
major side of Intrusion detection namely, Host based intrusion detection as well as network based
intrusion detection. In Host based intrusion detection system, it monitors the information arrive at the
particular machine or node. While in network based intrusion system, it monitor and analyze whole
traffic of network. Data mining introduce latest technology and methods to handle and categorize
types of attacks using different classification algorithm and matching the patterns of malicious
behavior. Due to the use of this data mining technology, developers extract and analyze the types of
attack in the network.
In addition to this there are two major approach of intrusion detection. First, anomaly based approach,
in which attacks are found with high false alarm rate. However, in signature based approach, false
alarm rate is low with lack of processing of novel attacks. Most of the researchers do their research
based on signature intrusion with the purpose to increase detection rate. Major advantage of this
system, IDS does not require biased assessment and able to identify massive pattern of attacks.
Moreover, capacity to handle large connection records of network. In this paper we try to discover
the features of intrusion detection based on data mining technique.
Similar to Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of Network Intrusion Detection (20)
A Study on Translucent Concrete Product and Its Properties by Using Optical F...IJMER
- Translucent concrete is a concrete based material with light-transferring properties,
obtained due to embedded light optical elements like Optical fibers used in concrete. Light is conducted
through the concrete from one end to the other. This results into a certain light pattern on the other
surface, depending on the fiber structure. Optical fibers transmit light so effectively that there is
virtually no loss of light conducted through the fibers. This paper deals with the modeling of such
translucent or transparent concrete blocks and panel and their usage and also the advantages it brings
in the field. The main purpose is to use sunlight as a light source to reduce the power consumption of
illumination and to use the optical fiber to sense the stress of structures and also use this concrete as an
architectural purpose of the building
Developing Cost Effective Automation for Cotton Seed DelintingIJMER
A low cost automation system for removal of lint from cottonseed is to be designed and
developed. The setup consists of stainless steel drum with stirrer in which cottonseeds having lint is mixed
with concentrated sulphuric acid. So lint will get burn. This lint free cottonseed treated with lime water to
neutralize acidic nature. After water washing this cottonseeds are used for agriculter purpose
Study & Testing Of Bio-Composite Material Based On Munja FibreIJMER
The incorporation of natural fibres such as munja fiber composites has gained
increasing applications both in many areas of Engineering and Technology. The aim of this study is to
evaluate mechanical properties such as flexural and tensile properties of reinforced epoxy composites.
This is mainly due to their applicable benefits as they are light weight and offer low cost compared to
synthetic fibre composites. Munja fibres recently have been a substitute material in many weight-critical
applications in areas such as aerospace, automotive and other high demanding industrial sectors. In
this study, natural munja fibre composites and munja/fibreglass hybrid composites were fabricated by a
combination of hand lay-up and cold-press methods. A new variety in munja fibre is the present work
the main aim of the work is to extract the neat fibre and is characterized for its flexural characteristics.
The composites are fabricated by reinforcing untreated and treated fibre and are tested for their
mechanical, properties strictly as per ASTM procedures.
Hybrid Engine (Stirling Engine + IC Engine + Electric Motor)IJMER
Hybrid engine is a combination of Stirling engine, IC engine and Electric motor. All these 3 are
connected together to a single shaft. The power source of the Stirling engine will be a Solar Panel. The aim of
this is to run the automobile using a Hybrid engine
Fabrication & Characterization of Bio Composite Materials Based On Sunnhemp F...IJMER
This document summarizes research on the fabrication and characterization of bio-composite materials using sunnhemp fibre. The document discusses how sunnhemp fibre was used to reinforce an epoxy matrix through hand lay-up methods. Various mechanical properties of the bio-composites were tested, including tensile, flexural, and impact properties. The results of the mechanical tests on the bio-composite specimens are presented. Potential applications of the sunnhemp fibre bio-composites are also suggested, such as in fall ceilings, partitions, packaging, automotive interiors, and toys.
Geochemistry and Genesis of Kammatturu Iron Ores of Devagiri Formation, Sandu...IJMER
The Greenstone belts of Karnataka are enriched in BIFs in Dharwar craton, where Iron
formations are confined to the basin shelf, clearly separated from the deeper-water iron formation that
accumulated at the basin margin and flanking the marine basin. Geochemical data procured in terms of
major, trace and REE are plotted in various diagrams to interpret the genesis of BIFs. Al2O3, Fe2O3 (T),
TiO2, CaO, and SiO2 abundances and ratios show a wide variation. Ni, Co, Zr, Sc, V, Rb, Sr, U, Th,
ΣREE, La, Ce and Eu anomalies and their binary relationships indicate that wherever the terrigenous
component has increased, the concentration of elements of felsic such as Zr and Hf has gone up. Elevated
concentrations of Ni, Co and Sc are contributed by chlorite and other components characteristic of basic
volcanic debris. The data suggest that these formations were generated by chemical and clastic
sedimentary processes on a shallow shelf. During transgression, chemical precipitation took place at the
sediment-water interface, whereas at the time of regression. Iron ore formed with sedimentary structures
and textures in Kammatturu area, in a setting where the water column was oxygenated.
Experimental Investigation on Characteristic Study of the Carbon Steel C45 in...IJMER
In this paper, the mechanical characteristics of C45 medium carbon steel are investigated
under various working conditions. The main characteristic to be studied on this paper is impact toughness
of the material with different configurations and the experiment were carried out on charpy impact testing
equipment. This study reveals the ability of the material to absorb energy up to failure for various
specimen configurations under different heat treated conditions and the corresponding results were
compared with the analysis outcome
Non linear analysis of Robot Gun Support Structure using Equivalent Dynamic A...IJMER
Robot guns are being increasingly employed in automotive manufacturing to replace
risky jobs and also to increase productivity. Using a single robot for a single operation proves to be
expensive. Hence for cost optimization, multiple guns are mounted on a single robot and multiple
operations are performed. Robot Gun structure is an efficient way in which multiple welds can be done
simultaneously. However mounting several weld guns on a single structure induces a variety of
dynamic loads, especially during movement of the robot arm as it maneuvers to reach the weld
locations. The primary idea employed in this paper, is to model those dynamic loads as equivalent G
force loads in FEA. This approach will be on the conservative side, and will be saving time and
subsequently cost efficient. The approach of the paper is towards creating a standard operating
procedure when it comes to analysis of such structures, with emphasis on deploying various technical
aspects of FEA such as Non Linear Geometry, Multipoint Constraint Contact Algorithm, Multizone
meshing .
Static Analysis of Go-Kart Chassis by Analytical and Solid Works SimulationIJMER
This paper aims to do modelling, simulation and performing the static analysis of a go
kart chassis consisting of Circular beams. Modelling, simulations and analysis are performed using 3-D
modelling software i.e. Solid Works and ANSYS according to the rulebook provided by Indian Society of
New Era Engineers (ISNEE) for National Go Kart Championship (NGKC-14).The maximum deflection is
determined by performing static analysis. Computed results are then compared to analytical calculation,
where it is found that the location of maximum deflection agrees well with theoretical approximation but
varies on magnitude aspect.
In récent year various vehicle introduced in market but due to limitation in
carbon émission and BS Séries limitd speed availability vehicle in the market and causing of
environnent pollution over few year There is need to decrease dependancy on fuel vehicle.
bicycle is to be modified for optional in the future To implement new technique using change in
pedal assembly and variable speed gearbox such as planetary gear optimise speed of vehicle
with variable speed ratio.To increase the efficiency of bicycle for confortable drive and to
reduce torque appli éd on bicycle. we introduced epicyclic gear box in which transmission done
throgh Chain Drive (i.e. Sprocket )to rear wheel with help of Epicyclical gear Box to give
number of différent Speed during driving.To reduce torque requirent in the cycle with change in
the pedal mechanism
Integration of Struts & Spring & Hibernate for Enterprise ApplicationsIJMER
This document discusses integrating the Spring, Struts, and Hibernate frameworks to develop enterprise applications. It provides an overview of each framework and their features. The Spring Framework is a lightweight, modular framework that allows for inversion of control and aspect-oriented programming. It can be used to develop any or all tiers of an application. The document proposes an architecture for an e-commerce website that integrates these three frameworks, with Spring handling the business layer, Struts the presentation layer, and Hibernate the data access layer. This modular approach allows for clear separation of concerns and reduces complexity in application development.
Microcontroller Based Automatic Sprinkler Irrigation SystemIJMER
Microcontroller based Automatic Sprinkler System is a new concept of using
intelligence power of embedded technology in the sprinkler irrigation work. Designed system replaces
the conventional manual work involved in sprinkler irrigation to automatic process. Using this system a
farmer is protected against adverse inhuman weather conditions, tedious work of changing over of
sprinkler water pipe lines & risk of accident due to high pressure in the water pipe line. Overall
sprinkler irrigation work is transformed in to a comfortableautomatic work. This system provides
flexibility & accuracy in respect of time set for the operation of a sprinkler water pipe lines. In present
work the author has designed and developed an automatic sprinkler irrigation system which is
controlled and monitored by a microcontroller interfaced with solenoid valves.
On some locally closed sets and spaces in Ideal Topological SpacesIJMER
This document introduces and studies the concept of δˆ s-locally closed sets in ideal topological spaces. Some key points:
- A subset A is δˆ s-locally closed if A can be written as the intersection of a δˆ s-open set and a δˆ s-closed set.
- Various properties of δˆ s-locally closed sets are introduced and characterized, including relationships to other concepts like generalized locally closed sets.
- It is shown that a subset A is δˆ s-locally closed if and only if A can be written as the intersection of a δˆ s-open set and the δˆ s-closure of A.
- Theore
Intrusion Detection and Forensics based on decision tree and Association rule...IJMER
This paper present an approach based on the combination of, two techniques using
decision tree and Association rule mining for Probe attack detection. This approach proves to be
better than the traditional approach of generating rules for fuzzy expert system by clustering methods.
Association rule mining for selecting the best attributes together and decision tree for identifying the
best parameters together to create the rules for fuzzy expert system. After that rules for fuzzy expert
system are generated using association rule mining and decision trees. Decision trees is generated for
dataset and to find the basic parameters for creating the membership functions of fuzzy inference
system. Membership functions are generated for the probe attack. Based on these rules we have
created the fuzzy inference system that is used as an input to neuro-fuzzy system. Fuzzy inference
system is loaded to neuro-fuzzy toolbox as an input and the final ANFIS structure is generated for
outcome of neuro-fuzzy approach. The experiments and evaluations of the proposed method were
done with NSL-KDD intrusion detection dataset. As the experimental results, the proposed approach
based on the combination of, two techniques using decision tree and Association rule mining
efficiently detected probe attacks. Experimental results shows better results for detecting intrusions as
compared to others existing methods
Natural Language Ambiguity and its Effect on Machine LearningIJMER
This document discusses natural language ambiguity and its effect on machine learning. It begins by introducing different types of ambiguity that exist in natural languages, including lexical, syntactic, semantic, discourse, and pragmatic ambiguities. It then examines how these ambiguities present challenges for computational linguistics and machine translation systems. Specifically, it notes that ambiguity is a major problem for computers in processing human language as they lack the world knowledge and context that humans use to resolve ambiguities. The document concludes by outlining the typical process of machine translation and how ambiguities can interfere with tasks like analysis, transfer, and generation of text in the target language.
Today in era of software industry there is no perfect software framework available for
analysis and software development. Currently there are enormous number of software development
process exists which can be implemented to stabilize the process of developing a software system. But no
perfect system is recognized till yet which can help software developers for opting of best software
development process. This paper present the framework of skillful system combined with Likert scale. With
the help of Likert scale we define a rule based model and delegate some mass score to every process and
develop one tool name as MuxSet which will help the software developers to select an appropriate
development process that may enhance the probability of system success.
Material Parameter and Effect of Thermal Load on Functionally Graded CylindersIJMER
The present study investigates the creep in a thick-walled composite cylinders made
up of aluminum/aluminum alloy matrix and reinforced with silicon carbide particles. The distribution
of SiCp is assumed to be either uniform or decreasing linearly from the inner to the outer radius of
the cylinder. The creep behavior of the cylinder has been described by threshold stress based creep
law with a stress exponent of 5. The composite cylinders are subjected to internal pressure which is
applied gradually and steady state condition of stress is assumed. The creep parameters required to
be used in creep law, are extracted by conducting regression analysis on the available experimental
results. The mathematical models have been developed to describe steady state creep in the composite
cylinder by using von-Mises criterion. Regression analysis is used to obtain the creep parameters
required in the study. The basic equilibrium equation of the cylinder and other constitutive equations
have been solved to obtain creep stresses in the cylinder. The effect of varying particle size, particle
content and temperature on the stresses in the composite cylinder has been analyzed. The study
revealed that the stress distributions in the cylinder do not vary significantly for various combinations
of particle size, particle content and operating temperature except for slight variation observed for
varying particle content. Functionally Graded Materials (FGMs) emerged and led to the development
of superior heat resistant materials.
Energy Audit is the systematic process for finding out the energy conservation
opportunities in industrial processes. The project carried out studies on various energy conservation
measures application in areas like lighting, motors, compressors, transformer, ventilation system etc.
In this investigation, studied the technical aspects of the various measures along with its cost benefit
analysis.
Investigation found that major areas of energy conservation are-
1. Energy efficient lighting schemes.
2. Use of electronic ballast instead of copper ballast.
3. Use of wind ventilators for ventilation.
4. Use of VFD for compressor.
5. Transparent roofing sheets to reduce energy consumption.
So Energy Audit is the only perfect & analyzed way of meeting the Industrial Energy Conservation.
An Implementation of I2C Slave Interface using Verilog HDLIJMER
This document describes the implementation of an I2C slave interface using Verilog HDL. It introduces the I2C protocol which uses only two bidirectional lines (SDA and SCL) for communication. The document discusses the I2C protocol specifications including start/stop conditions, addressing, read/write operations, and acknowledgements. It then provides details on designing an I2C slave module in Verilog that responds to commands from an I2C master and allows synchronization through clock stretching. The module is simulated in ModelSim and synthesized in Xilinx. Simulation waveforms demonstrate successful read and write operations to the slave device.
Discrete Model of Two Predators competing for One PreyIJMER
This paper investigates the dynamical behavior of a discrete model of one prey two
predator systems. The equilibrium points and their stability are analyzed. Time series plots are obtained
for different sets of parameter values. Also bifurcation diagrams are plotted to show dynamical behavior
of the system in selected range of growth parameter
Mechatronics is a multidisciplinary field that refers to the skill sets needed in the contemporary, advanced automated manufacturing industry. At the intersection of mechanics, electronics, and computing, mechatronics specialists create simpler, smarter systems. Mechatronics is an essential foundation for the expected growth in automation and manufacturing.
Mechatronics deals with robotics, control systems, and electro-mechanical systems.
Accident detection system project report.pdfKamal Acharya
The Rapid growth of technology and infrastructure has made our lives easier. The
advent of technology has also increased the traffic hazards and the road accidents take place
frequently which causes huge loss of life and property because of the poor emergency facilities.
Many lives could have been saved if emergency service could get accident information and
reach in time. Our project will provide an optimum solution to this draw back. A piezo electric
sensor can be used as a crash or rollover detector of the vehicle during and after a crash. With
signals from a piezo electric sensor, a severe accident can be recognized. According to this
project when a vehicle meets with an accident immediately piezo electric sensor will detect the
signal or if a car rolls over. Then with the help of GSM module and GPS module, the location
will be sent to the emergency contact. Then after conforming the location necessary action will
be taken. If the person meets with a small accident or if there is no serious threat to anyone’s
life, then the alert message can be terminated by the driver by a switch provided in order to
avoid wasting the valuable time of the medical rescue team.
Open Channel Flow: fluid flow with a free surfaceIndrajeet sahu
Open Channel Flow: This topic focuses on fluid flow with a free surface, such as in rivers, canals, and drainage ditches. Key concepts include the classification of flow types (steady vs. unsteady, uniform vs. non-uniform), hydraulic radius, flow resistance, Manning's equation, critical flow conditions, and energy and momentum principles. It also covers flow measurement techniques, gradually varied flow analysis, and the design of open channels. Understanding these principles is vital for effective water resource management and engineering applications.
Software Engineering and Project Management - Software Testing + Agile Method...Prakhyath Rai
Software Testing: A Strategic Approach to Software Testing, Strategic Issues, Test Strategies for Conventional Software, Test Strategies for Object -Oriented Software, Validation Testing, System Testing, The Art of Debugging.
Agile Methodology: Before Agile – Waterfall, Agile Development.
Digital Twins Computer Networking Paper Presentation.pptxaryanpankaj78
A Digital Twin in computer networking is a virtual representation of a physical network, used to simulate, analyze, and optimize network performance and reliability. It leverages real-time data to enhance network management, predict issues, and improve decision-making processes.
Blood finder application project report (1).pdfKamal Acharya
Blood Finder is an emergency time app where a user can search for the blood banks as
well as the registered blood donors around Mumbai. This application also provide an
opportunity for the user of this application to become a registered donor for this user have
to enroll for the donor request from the application itself. If the admin wish to make user
a registered donor, with some of the formalities with the organization it can be done.
Specialization of this application is that the user will not have to register on sign-in for
searching the blood banks and blood donors it can be just done by installing the
application to the mobile.
The purpose of making this application is to save the user’s time for searching blood of
needed blood group during the time of the emergency.
This is an android application developed in Java and XML with the connectivity of
SQLite database. This application will provide most of basic functionality required for an
emergency time application. All the details of Blood banks and Blood donors are stored
in the database i.e. SQLite.
This application allowed the user to get all the information regarding blood banks and
blood donors such as Name, Number, Address, Blood Group, rather than searching it on
the different websites and wasting the precious time. This application is effective and
user friendly.
Generative AI Use cases applications solutions and implementation.pdfmahaffeycheryld
Generative AI solutions encompass a range of capabilities from content creation to complex problem-solving across industries. Implementing generative AI involves identifying specific business needs, developing tailored AI models using techniques like GANs and VAEs, and integrating these models into existing workflows. Data quality and continuous model refinement are crucial for effective implementation. Businesses must also consider ethical implications and ensure transparency in AI decision-making. Generative AI's implementation aims to enhance efficiency, creativity, and innovation by leveraging autonomous generation and sophisticated learning algorithms to meet diverse business challenges.
https://www.leewayhertz.com/generative-ai-use-cases-and-applications/
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of Network Intrusion Detection
1. International
OPEN ACCESS Journal
Of Modern Engineering Research (IJMER)
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 70|
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of Network Intrusion Detection J. Uthayakumar1, D. Nivetha2, D.Vinotha3, M.Vasanthi4 1Apollo Computer Education, Puducherry, India 2,3,4 Department of CSE, Sri Manakula Vinayagar Engineering College, Puducherry, India
I. INTRODUCTION
In today‟s information system management, large-scale data clustering and classification have become increasingly important and challenging area. As a particular application area, Intrusion Detection Systems (IDSs) are designed to defend computer system from various cyber attacks and computer viruses. There are two primary assumptions in the research of intrusion detection: (1) user and program activities are observable by computer systems and (2) normal and intrusion activities must have distinct behaviors.
1.1 Data-mining based approaches for IDSs
Researchers have proposed an implemented various models that different measures of system behavior. As it is an energy and time consuming job for security experts to update current IDSs frequently by manual encoding, using data mining approaches to network intrusion detection provides an opportunity for IDSs to learn the behaviors of networks automatically by analyzing the data trials of their activities. Two key advantages of using a data mining approach to IDSs (1) It can be used to automatically generate the detection models for IDSs, so that new attacks can be detected automatically as well. (2) It is general, so it can be used to build IDSs for a wide variety of computing environments. The central theme of data mining approaches is to take a data-centric point of view and consider intrusion detection as a analysis process. This includes four essential steps.
(1) Capturing packets transferred on the network.
(2) Extracting an extensive set of features that can describes network connection or a host session.
(3) Learning a model that can accurately describe the behavior of abnormal and normal activities by applying data mining activities.
(4) Detecting the intrusions by using the learnt models.
We assume that Step (1) and (2) have been developed and are already available for the further training and testing phases. Step (3) in data mining, in general, is by classification, link analysis, and sequence analysis. In the rest of the paper, we will use SVM to denote either the concept or the algorithm when there is no confusion.
Abstract: Enormous studies on intrusion detection have widely applied data mining techniques to finding out the useful knowledge automatically from large amount of databases, while few studies have proposed classification data mining approaches. In an actual risk assessment process, the discovery of intrusion detection prediction knowledge from experts is still regarded as an important task because experts’ predictions depend on their subjectivity. Traditional statistical techniques and artificial intelligence techniques are commonly used to solve this classification decision making. This paper proposes an ant-miner based data mining method for discovering network intrusion detection rules from large dataset. The obtained result of this experiment shows that clearly the ant-miner is superior than ID3, J48, ADtree, BFtree, Simple cart. Although different classification models have been developed for network intrusion detection, each of them has its strength and weakness, including the most commonly applied Support Vector Machine(SVM)method and the clustering based on Self Organized Ant Colony Network (CSOACN).Our algorithm is implemented and evaluated using a standard bench mark KDD99 dataset. Experiments show that ant-miner algorithm out performs than other methods in terms of both classification rate and accuracy. Keywords: Intrusion Detection, Ant-miner, Artificial Intelligence, Cross validation
2. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 71|
1.2 Motivation and Contribution:
Support Vector Machine (SVMs) have been widely accept as a powerful data classification method. On the other hand, the Self –Organized Ant Colony Network (CSOACN) has been shown to be efficient in data clustering (Section 5). Our work aims to be developed an algorithm that combines the logic of both methods to produce a high-performance IDS.One challenge of developing IDSs is to realize real-time detection in high-speed networks. The machine-learning-based SVM is a good choice for learning with a little volume of data. Clustering in intrusion detection is used to resolve the multiple classification problems. The main contribution of this paper includes the following.
(1) Modifications to the supervised learning SVM and the unsupervised learning CSOACN so they can be used interactively and efficiently.
(2) A new algorithm, CSVAC, that combines the modified SVM and CSOACN to minimize the training dataset while allowing new data points to be added to the training set dynamically. The idea of combining supervised learning and unsupervised learning was applied previously.
1.3 Related work Issues related to intrusion detection can be categorized into two broad cases(1) network security and intrusion detection models and (2) intrusion detection methods and algorithms based on artificial intelligence(mostly machine learning) techniques. In this section we shall briefly review some related works in the second area, and leave area (1) to the next section, when we discuss the background of IDSs .Intrusion detection has been studied for decades using machine learning techniques, including traditional classification methods such as K-Nearest Neighbor (K-NN), Support Vector Machine (SVMs), Decision Trees (DTs).Bayesian, Self –Organized Maps (SOMs), Artificial Neural Networks (ANNs), Generic Algorithm (GAs). A review of using these approaches, was given, which also included in statistics of the use of techniques reported in 55 research articles during the period 2000-2007. Another more recent review provided thorough survey of intrusion detection using computational intelligence. Most recently, an IDSs was introduced by integrating On Line Analytical Processing (OLAP) tools and data mining techniques. It is shown that the association of the two fields produces a good solution to deal with defects of IDSs such as low detection accuracy and high falls alarm rate. As one of the swarm intelligence approaches, Ant Colony Optimization (ACO, has been applied in many fields to solve optimization problems, but its application to the intrusion detection domain is limited. The basic ingredient of their ACO algorithm was a heuristic for probabilistically constructing solutions. Hybrid intrusion detection approaches involving SVM have been studied in the past , that uses Dynamically Growing Self-Organizing Tree (DGSOT) algorithm for clustering to help in finding the most qualified points to train the SVM classifier. Another hybrid intrusion detection approach was recently detected that combines the hierarchical clustering and SVM .The purpose of using the hierarchical clustering algorithm is to provide the SVM classifier with fewer but higher quality training data that may reduce the training time and improve the performance of the classifier .WE use ACO to achieve the goal that is capable of updating the models without a retraining process ,as explained in the previous section about motivations. 1.4 Background In this section, we present some background knowledge about IDSs. We begin with the introduction of basic concepts and technologies of network security. 1.4.1 Network security There are three basic security concerns that are important to information on a network.
Confidentiality: Loss of confidentiality results when information is read are copied by unauthorized users.
Integrity: Loss by integrity results when information is modified in unexpected ways.
Availability: Loss of availability results when information can be erased or become inaccessible by authorized users. On the other hand, there are three security concepts that are related to the people who use the information.
Authentication: Proving whether a user is who he/she claims to be .
Authorization: Determining whether a particular user has the privilege to perform a certain action.
Non-repudiation: Providing protection against an individual falsely denying having performed a particular action.
3. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 72|
1.4.2 Network intrusion detection: Intrusion detection is the detection of actions that attempt to compromise the integrity, confidentiality, or availability of a resource. It attempts to detect attacks by examining various data records observed through processes on the same network. Data records are split into two categories host -based data which is audit data that record all system calls in chronologically sorted order; and network- based data, which is the network traffic data. As one of the promising network security technologies, Intrusion Detection Systems (IDSs) detect a possible intrusion as soon as possible and take appropriate actions .An IDSs is a reactive rather than pro-active agent. This paper adapts an advanced AI technique, ACO based ant-miner algorithm into network intrusion detection problem.
II. ANT-MINER ALGORITHM FOR CLASSIFICATION RULE DISCOVERY (CRD)
2.1 Rule structure
In order to apply the ant-miner algorithm to the problem of classification learning, the classification rule structure can be expressed in the form of IF-THEN as follows: IF <Predecessor > THEN < Successor > The predecessor part of the rule consists of several conditions, usually connected by a logical conjunction operator AND. The successor part of the rule shows the classification conclusion. For example, to express a intrusion detection class, a corresponding rule can be expressed as below: Rule 1: IF dst_host_str_diff_host_rate<=0.035 AND hot<=25.0 AND count<=29.5 THEN Class normal These kinds of rules are based on practical problem-solving knowledge which provides necessary and sufficient conditions for achieving certain goals.
2.2 Data structure of rule discovery
The inspiring source of the data structure for discovering rules comes from the foraging path of real ant colonies. In Fig. 1 there is a path taken by an ant which is represented with nodes connected by blue lines: Start->Val1,2->Val2,1->Val3,3-> C3->End. It forms an IF-THEN rules give below. The attributes and selected attribute values forms the predecessor part, and the Class and the Class value forms the successor part. This rule can be expressed as: IF Attribute1 = Val1,2 AND Attribute2 = Val2,1 AND Attribute3 = Val3,3THEN Class = C3. To generate a discovered rule, it should be ensured that enough ants take the same path. The method to obtain a discovered rule will be proposed in Section C. Fig. 1 Data structure for classification rule discovery The major differences between data structure for discovering classification rules and the foraging paths of real ant colonies can be summarized as below:
4. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 73|
(1) Real ants go to a food source from their nest and back to the nest later. But artificial ants in our data structure do not return. The movements of artificial ants are transitions from discrete states to discrete states. Unlike real ants, the artificial ants are „„jumping‟‟ from one node to another. Thus, current study only copes with categorical attributes. (2) For real ants, pheromone updating and path going happen simultaneously. But our artificial ants update pheromone trails only after a rule is generated. (3) Real ants may travel in group. But in our artificial world, a single ant explores a given data structure. Only after an ant reaches the end node and generates a rule, another ant can start walking. (4) Pheromone is the only factor to affect the movements of real ants, or else they will move on the ground randomly. To improve the algorithm efficiency, a „„looking-ahead‟‟ characteristic has been added to the artificial ants, which will be introduced in detail below.
2.3 Description and workflow of ant-miner algorithm
The ant-miner algorithm has similar basic principle with the shortest path discovery of real ants. The design of the algorithm involves a probability function which describes the possibility of ants path choosing. The function is based on: (1) the amount of pheromone in the trail; and (2) a problem dependent heuristic function .After several ants exploring, more and more ants will take a specific path because the positive feedback mechanism, that is, the path with a larger amount of pheromone and heuristic value have a greater probability of being chosen by an ant. If a path is chosen by the ant, the pheromone on it will increase.Once enough ants take this path, it will be chosen as a candidate rule. If its quality is good enough, it will definitely become a discovered rule. The feedback mechanism is the major characteristic of ant-miner algorithms. It can be considered as the major difference between ant-miner and other CRD methods. The flowchart of the ant-miner algorithm for rule discovery is given in Fig. 2. The algorithm starts with obtaining a training set which consists of training cases. After that, the main loop will be executed to discover one rule per iteration: (1) It begins with initializing the index of ant (t), the index of converge, ConvergeIndex (j) which is used to test convergence of ants paths and pheromone on all trails. Convergence of path is an important indicator to check if a steady path chosen by ant colony has formed. It tests if ants take the same path one after another and record how many ants take this path. (2) A sub-loop is executed to discover classification rules by a number of artificial ants (No_of_ants) who explore paths in turn. And the discovery process consists of three main steps: rule generation, rule pruning and pheromone updating. The sub-loop will terminate under the condition that all ants have taken their exploration (t≥No_of_ants), or the convergence state has been reached (j≥No_rule_converge). No_rule_converge is the threshold of ConvergIndex (j). It means if there are No_rule_converge ants take the same path one after another, the path is qualified for a discovered rule candidate. If the current ant has constructed a rule that is exactly the same as the rule constructed by previous ants, then it is said the ants have converged to a single rule (path) and the value of ConvergeIndex (j) will increase by 1. (3) The main loop selects the best rule from the discovered rules according to their qualities. (4) The training cases which are covered by the best rule need to be removed from the training set. In other words, the number of training cases in the training set is gradually decreased with continuous matching with the best rules. The loop will end when the number of training cases is greater than the user-specified threshold that is the Max_uncovered_cases (Max_uc).Ant-miner algorithm can meet the requirements of exclusiveness and completeness: (1) It will not happen that multiple rules apply to a case. The rules apply to cases one by one in the same order with that they are discovered. The former discovered rule is used earlier. All the cases which are covered by it will be applied and these cases will not be considered when the later rules are used. This means that only the first rule which can cover the case will apply to it. Therefore, it does not have the situation that multiple rules apply to a case. (2) There will always be one rule matching the conditions of a given case. Ant-miner algorithm discovers rules according to the training cases. If a rule is discovered, all the training cases covered by this rule will be removed from the training set. After that, the algorithm will discover another rule based on the rest cases. This is a circulation process, until the number of uncovered cases is less than the parameter „„Max_uncovered_cases (Max_uc)‟‟.The default rule has the majority class value in the set of uncovered training cases (Parpinelli et al., 2002a, 2002b).
5. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 74|
Fig. 2 Work flow of Ant-Miner Algorithm for classification rule discovery (Jia Yu et al., (2011)
Yes
No
Yes
Yes
Obtain Training Set (TS)
Initialize DiscoveredRuleList
j = 1
Initialize all traits with the same amount of pheromones
START
TS > Max_uc?
t = 1
t ≥ No_of_ants AND j ≥ No_rule_converge ule)?
Prune rule
Update pheromone for trails
Generate rule by ant
rule (t) = rule (t-1) ?
j = 1
j = j +1
t = t +1
Select the best rule among all generated rules
Add the best rule to DiscoveredRuleList
Delete cases which have been covered by the best rule from Training Set
END
No
No
6. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 75|
2.3.1 Rule generation
The ants start from the artificial nest and choose a value for each attribute for rule generation. This process is carried out by the probability function (Eq. (1)). It gives the probability (Pij) that Vij is selected as the value of Attributei (Attributei = Vij), where Attributei is the ith attribute and Vij is the jth value of Attributei (adapted from Parpinelli et al. (2002a)). where, ƞij is the value of a problem-dependent heuristic function for termij. The higher the value of the more relevant for classification the termij is, and so the higher its probability of being chosen. The function that defines the problem-dependent heuristic value is based on information theory.τij (t) is the amount of pheromone associated with termij at iteration t, corresponding to the amount of pheromone currently available in the position i, j of the path being followed by the current ant. The better the quality of the rule constructed by an ant, the higher the amount of pheromone added to the trail segments visited by the ant. Therefore, as time goes by, the best trail segments to be followed – that is, the best terms (attribute-value pairs) to be added to a rule – will have greater and greater amounts of pheromone, increasing their probability of being chosen. a is the total number of attributes. xi is set to 1 if the attribute ai was not yet used by the current ant, or to 0 otherwise. bi is the number of values in the domain of the i-th attribute. A termij is chosen to be added to the current partial rule with probability proportional to the value of Equation (1), subject to two restrictions, namely:(1)The attribute Ai cannot be already contained in the current partial rule. In order to satisfy this restriction the ants must “remember” which terms (attribute-value pairs) are contained in the current partial rule.(2)A termij cannot be added to the current partial rule if this makes it cover less than a predefined minimum number of cases, called the Min_cases_per_rule threshold. Once the rule antecedent is completed, the system chooses the rule consequent (i.e., the predicted class) that maximizes the quality of the rule. This is done by assigning to the rule consequent the majority class among the cases covered by the rule. where Tij is the partition containing the cases where Attributei = Vij; |Tij| is the number of cases in Tij; freqTk ij is the number of cases in Tij where Class = Ck. The higher the value of ƞij, the higher the possibility of Vij to be selected as a new node into the rule. Compared with the heuristic function which was originally proposed by Parpinelli et al. (2002a), this function has lower complexity. Vij is selected to be added to a rule depending on the probability from Eq. (1). But there is an exception that Vij cannot be added to the current partial rule when the rule covers less than a specified minimum number of cases, called the Min_cases_per_rule (minimum number of cases covered per rule). After the ant has explored all attributes (in other words, the predecessor of the rule has been generated), it will choose Ci, which is the ith value of the Class (the successor of the rule). The ant selects the Ci which accumulates mostly in the training cases covered by the predecessor of the rule. The whole rule is not generated until the ant has selected the successor.
2.3.2 Rule pruning
Rule pruning is a common place technique in data mining. Once a rule is created, the rule pruning operation is invoked. Rule pruning will increase the quality of a rule. It makes the rule simpler and easier to be understood. The rule pruning process tries to remove each node of the rule predecessor in turn, and then computes the quality of the rule. It picks the node whose removal most significantly improves the quality of the rule, and actually removes it from the rule after each node in the rule has been tried. Once a node is removed, the rule has been shortened.
2.3.3 Pheromone Updating
Pheromone updating of the ant-miner algorithm is designed to simulate the pheromone ants left that evaporated in the real world. Pheromones on nodes guide artificial ants to find the right „„paths‟‟ (rules). Pheromone updating improves the classification accuracy of ant-miner in this study. It is because that the positive feedback effect of the pheromone updating helps to correct some mistakes made by the short- sightedness of the heuristic measure. Pheromone updating copes better with attribute interactions than entropy measure, because it is based on the performance of a rule as a whole (Parpinelli et al., 2002b). Therefore,
7. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 76|
pheromone updating helps getting better classification rules. Eq. (3) (Parpinelli et al., 2002a) introduces the definition of rule quality. Where,
TP (true positives) is the number of cases covered by the rule that have the class predicted by the rule.
FP (false positives) is the number of cases covered by the rule that have a class different from the class predicted by the rule.
FN (false negatives) is the number of cases that are not covered by the rule but that have the class predicted by the rule
TN (true negatives) is the number of cases that are not covered by the rule and that do not have the class predicted by the rule.
where Q is the quality of a rule, 0 ≤ Q ≤ 1; TruePos (true positive) is the number of training cases in the training set whose antecedent part and consequent part are covered by the rule; FalsePos (false positive) is the number of cases whose antecedent part is covered by the rule and the consequent is not covered; FalseNeg (false negative) is the number of cases whose antecedent part is not covered by the rule but the consequent part covered; TrueNeg (true negative) is the number of cases whose antecedent part and consequent part are not covered by the rule. Q in Eq. (3) decides how much pheromone will be added to the path which has been taken by the ant. The better the quality of a rule (a path taken by ants), the more pheromone will be exposed to the path so as to attract more ants to take this path. Several equations below define how to update pheromone. (1) Pheromone initialisation The operation is to „„Initialize all trails with the same amount of pheromone‟‟. It is defined as Eq. (4) (Parpinelli et al., 2002b), where a is the number of attributes; bi is the number of values of Attributei; t is the sequence number of iteration. (2) Pheromone updating for explored nodes The amount of pheromone on the nodes which have been used by the current rule will be updated because the artificial ant deposits pheromone during path exploration. Meanwhile, the pheromone evaporation also needs to be simulated. Therefore, the integrative operation is performed according to Eq. (5) (Liu et al., 2004). τ ij ( t ) = (1- ρ) τ ij (t-1)+(1-1/1+Q) τ ij (t-1) (5) where ρ is the pheromone evaporation rate which controls how fast the pheromone evaporates from the trails; Q is the quality of the rule which is calculated from Eq. (3); t is the sequence number of iteration. This equation adopted from the pheromone updating function of Ant-Miner (Parpinelli et al., 2002) has higher classification accuracy because Ant-Miner‟s function does not consider pheromone evaporation for explored nodes. (3) Pheromone updating for unexplored nodes The nodes which have not been used by the current rule will only have pheromone evaporation. The evaporation is performed according to Eq. (6): where a is the number of attributes; bi is the number of values of Attributei; t is the sequence number of iteration. The equation means that the amount of pheromone of unexplored nodes will be decreased as time goes by.
8. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 77|
III. IMPLEMENTATION OF CLASSIFICATION RULE DISCOVERY FOR NETWORK INTRUSION DETECTION
There are mainly three reasons for us to use ant-miner algorithm for bankruptcy prediction purpose. (1)The ant-miner algorithm can achieve CRD problems with good performances. (2) Bankruptcy prediction is a classification based problem, ant-miner algorithm yields better results compare to other algorithm. (3) CRD can help discovering knowledge of bankruptcy prediction classification in large amount of data. ACO, a sub- field of swarm intelligence (Blum & Dorigo, 2004; Dorigo, Di Caro, & Gambardella, 1999). It is one of the most advanced techniques for approximate optimization (Blum, 2005). In this paper, we proposed the solution for network intrusion detection using ant-miner algorithm. The results of the experiment show that the ant- miner method has significantly better performance than other classifiers in terms of rules generation and predictive accuracy.
3.1 Data and experiment design
In order to make a reliable comparison we used three benchmark datasets including network intrusion detection dataset. In this research, Network Intrusion Detection dataset is collected by our self from the experts and we donated this to UCI repository. Table 1 shows the variable name, instances. TABLE 1 Description of datasets
Dataset
Feature
Instances
Normal/Anomaly
Network Intrusion Detection
41
783
408/375
Fig. 3 Framework of Bankruptcy Prediction System
3.2 Results
The ant- miner finally extracts 43 rules, 22 of which are anomaly and the others are normal. The simple cart finally extracts 3 rules out of which 2 are anomaly and others are normal. The rules and the corresponding descriptions are illustrated in table 1and 2 for ant- miner and AD tree. The AD tree extracts 10 rules out of which 3 are anomaly and others are normal. J48 finally extracts 4 rules out of which 3 are normal and other is anomaly. BF tree finally extracts 4 rules out of which 2 normal and others are anomaly. The rules and descriptions of BF tree are illustrated in table 5. Overall classification means the accuracy level when the rules are applied to the cases according to the application steps generated from 5 data mining techniques. The results show that the rules of the ant-miner methods are significantly better than those of other data mining techniques. While the rules generated from the AD tree, BF tree, J48. The below results shows that the ant- miner is best than the other data sets.
Attribute Layer
Preprocessing Layer
Classified Training Set Layer
Performance Analysis Layer
Experimental Layer
9. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 78|
TABLE 1 The descriptions of the rules generated from Ant-miner
Rule
Description
Rule 1
IF logged_in=0 AND src_bytes<=28.5 THEN anomaly
Rule 2
IF dst_host_same_src_port_rate<=0.995 AND src_bytes<=1009.0 THEN normal
Rule 3
IF dst_bytes>0.5 AND hot<=1.5 THEN normal
Rule 4
IF dst_host_same_srv_rate>0.395 AND src_bytes>290.0 THEN anomaly
Rule 5
IF dst_host_srv_diff_host_rate<=0.035AND hot<=25.0 AND count<=29.5THENnormal
Rule 6
IF src_bytes>28.5 AND dst_host_same_src_port_rate<=0.995 THEN normal
Rule 7
IF dst_host_srv_count<=84.0 AND count>1.5 THEN anomaly
Rule 8
IFdst_host_same_src_port_rate>0.635ANDdst_host_rerror_rate<=0.845AND dst_host_srv_diff_host_rate>0.095THEN anomaly
Rule 9
IF count<=4.5 AND dst_host_srv_count>2.0 THEN normal
Rule 10
IF dst_host_count>23.0 AND dst_bytes<=2.0 THEN anomaly
Rule 11
IF dst_host_srv_count<=82.5 AND count>1.5 THEN anomaly
Rule 12
IF protocol_type=tcp AND dst_host_diff_srv_rate<=0.125 AND src_bytes <=285.5 THEN Normal
Rule 13
IF dst_host_srv_diff_host_rate>0.09 THEN Anomaly
Rule14
IF dst_host_count>251.0 AND dst_bytes<=2 THEN anomaly
Rule 15
IF flag=SF THEN normal
Rule 16
IF src_bytes> 28.5 AND flag = SF AND hot<= 1.5 THEN normal
Rule 17
IF dst_bytes<= 2.0 AND dst_host_count > 223.5 THEN anomaly
Rule 18
IF srv_count > 2.5 THEN anomaly
Rule 19
IF dst_host_same_srv_rate > 0.025 AND src_byte<= 17.5 AND dst_host_diff_srv_rate <= 0.6899 THEN normal
Rule 20
IF dst_host_same_src_port_rate> 0.03 THEN anomaly
Rule 21
IF count <= 1.5 AND flag = SF THEN normal
Rule 22
IF src_bytes > 28.5 AND hot <= 0.5 THEN normal
Rule 23
IF srv_count > 3.5 THEN anomaly
Rule 24
IF dst_bytes <= 1044.0 AND protocol_ type = tcp AND dst_host_srv_count > 4.5 THEN normal
Rule 25
IF dst_host_rerror_rate > 0.005 THEN anomaly
Rule 26
IF dst_host_same_src_port_rate <= 0.995 AND src_bytes <= 1009.0 AND is_guest_login = 0 THEN normal
Rule 27
IF count <= 1.5 AND dst_host_rerror_rate <= 0.005 AND dst_host_srv_diff_host_rate <= 0.095 THEN Normal
Rule 28
IF duration <= 2.5 AND dst_host_diff_srv_rate < 0. 025 AND dst_host_rerror_rate <= 0.375 THEN anomaly
Rule 29
IF land = 0 THEN normal
Rule 30
IF src_bytes > 28.5 AND hot <= 1.5 THEN normal
Rule 31
IF dst_bytes <= 2.0 AND dst_host_count > 223.5 THEN Anomaly
Rule 32
IF srv_count > 3.5 THEN anomaly
Rule 33
IF src_bytes <= 17.5 AND dst_host_diff_srv_rate <= 0.06 THEN normal
Rule 34
IFdst_host_rerror_rate>0.005AND dst_host_same_src_port_rate <= 0.3 THEN anomaly
Rule 35
IF protocol _type = tcp AND flag = SF THEN normal
Rule 36
IF dst_host_same_src_port_rate > 0.5649 AND dst_host_rerror_rate <= 0.845 AND dst_
10. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 79|
bytes <= 0.5THEN anomaly
Rule 37
IF dst_bytes <= 0.5 THEN anomaly
Rule 38
IF src_bytes <= 24.0 AND dst_host_same_srv_rate <= 0.34 THEN anomaly
Rule 39
IF src_bytes <= 399.0 AND dst_host_srv_serror_rate <= 0.135 THEN normal
Rule 40
IF flag = SF AND dst_host_same_src_port_rate <= 0.995 THEN normal
Rule 41
IF dst_host_srv_count <= 82.5 AND src_bytes <= 13.0 AND dst_host_diff_srv_rate > 0.025 THEN anomaly
Rule 42
IF src_bytes > 4.0 AND dst_bytes <= 0.5 THEN anomaly
Rule 43
IF dst_host_srv_serror_rate<=0.035 THEN normal
TABLE 2 The descriptions of the rules generated from ADTree
Rule
Description
Rule 1
IF dst_bytes<0.5:0.938 AND dst_bytes>=0.5:-1.688
Rule 2
IF count>20.5:-0.771 AND count>=20.5:2.391
Rule 3
IF hot>0.5:-2.06 AND hot>0.5:1.663
Rule 4
IF src_bytes<28.5:0.511 AND src_bytes>=28.5:-0.744
Rule 5
IFdst_host_same_src_port_rate<0.985:-0.629AND dst_host_same_src_port_rate>=0.985:0.866
Rule 6
IF service=http:-1.185 AND service!=http:0.83
Rule 7 IF dst_host_srv_count<42.5:0.371 AND dst_host_srv_count>=42.5:-0.889
Rule 8
IF service=ftp_data:-1.006 AND service!=ftp_data: 0.987
Rule 9
IF dst_host_serror_rate<0.02:-0.949 AND dst_host_serror_rate>=0.02:0.851
Rule 10
IF dst_host_rerror_rate<0.005:-0.745 AND dst_host_rerror_rate<=0.005:0.958
TABLE 3 The descriptions of the rules generated from Simple cart
Rule
Description Description
Rule 1
IF service=(ecr_i)|(ftp)|(ftp_data) AND service!=(ecr_i)|(ftp)|(ftp_data)
Rule 2
IFdst_host_serror_rate<0.045:THEN normalAND dst_host_serror_rate>=0.045:THEN anomalySrc_bytes>=28.5ANDdst_host_same_srv_rate<0.455ANDdst_host_same_srv_rate >=0.45:THENanomalyANDsrc_byte<<34167.0:THENnormalANDsrc_bytes>=34167.0: THEN anomaly
Rule 3
IF protocol_type=(icmp) THEN anomaly AND if protocol_type=(icmp) THEN normal
TABLE 4 The descriptions of the rules generated from J48
Rule
Description
Rule 1
IFdst_host_count<=235ANDdst_host_count>235ANDdst_host_same_src_port_rate<=0.99AND dst_host_same_src_port_rate > 0.99
Rule 2
IF srv_count <= 3 AND srv_count >3: THEN anomaly AND dst_host_same_srv_rate <=0.2: THEN anomaly AND dst_host_same_srv_rate > 0.2 AND dst_host_rerror_rate<= 0 AND dst_host_rerror_rate > 0 AND src_bytes <= 241: THEN normal AND src_bytes > 241
Rule 3
IF protocol_ type = tcp AND protocol_type = udp : THEN normal AND protocol_ type = icmp : THEN anomaly AND dst_bytes <= 4 :THEN anomaly AND dst_bytes > 4 : THEN normal AND protocol_type = tcp : THEN normal AND protocol_type = udp : THEN normal AND protocol_type =icmp AND hot <= 0 : THEN normal AND hot >0 : THEN anomaly AND dst_bytes <= 1 : THEN anomaly AND dst_bytes >1 : THEN normal
Rule 4
IF dst_host_srv_count <= 2 : THEN anomaly AND dst_host_srv_count >2 : THEN normal AND src_bytes <= 570 THEN normal AND src_bytes > 570 : THEN anomaly
11. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 80|
TABLE 5 The descriptions of the rules generated from BFTree
Rule
Description
Rule 1
IF service = ( ecr_i)|(ftp)|(ftp_data) AND service != (ecr_i)|(ftp)|(ftp_data)
Rule 2
IFdst_host_serror_rate<0.045:THENnormalANDdst_host_serror_rate>=0.045:THENanomaly src_bytes >= 28.5 AND dst_host_same_srv_rate < 0.455ANDdst_host_same_srv_rate >= 0.455 : THEN anomaly AND src_bytes < 34167.0 : THEN normal AND src_bytes >= 34167.0 : THEN anomaly
Rule 3
IF protocol_type = (icmp): THEN anomaly AND protocol_type!=(icmp)
Rule4
IF hot < 26.0 : THEN normal AND hot >=26.0 THEN normal
TABLE 6 Comparison of Ant-miner with ID3, Genetic algorithm, neural networks, and Inductive learning methods DATA-MINING CLASSIFICATION ALGORITHM CONFUSION MATRIX NUMBER OF RULES ACCURACY ANT- MINER 410 1 43 99.61 2 370 ADTREE 394 14 10 97.19 8 367 SIMPLE CART 396 12 3 97.57 7 368 J48 398 10 4 97.06 13 362 BFTREE 396 12 4 97.31 9 366
Fig. 4 Rules Generated by Classifiers
12. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 81|
Fig. 5 Accuracy by Classifiers This paper demonstrated the ant-miner based data mining approach to discover decision rules from experts‟ decision process. This study is the first work on ant-miner for the purpose of discovering experts‟ qualitative knowledge on bankruptcy. Four data mining techniques ID3, GA, Neural networks, Inductive learning methods are applied to compare their performance with ant-miner method.
IV. CONCLUSIONS
Data mining has been widely applied to discovering Network Intrusion Detection databases. However, few studies have reported the potential of data mining that can investigate the Network Intrusion Detection from experts‟ decisions. This work proposes a new method of classification rule discovery for Network Intrusion Detection by using ant-miner algorithm. This paper demonstrates ant-miner based data mining approach to discover decision rules from experts‟ decision process in networking way to predict Intrusion Detection. In performance terms, ant-miner provides more rules but give better predictive accuracy when compare to other techniques. This study has conducted a case study using the dataset Network Intrusion Detection dataset is retrieved from UCI repository in July 2014. Finally this paper suggests that Ant-miner could be a more suitable method than the other classifiers like J48, Simple Cart, ADTree, and BFTree. In future research, additional artificial techniques could also be applied. And certainly researchers could expand the system with more dataset. REFERENCES [1] Han, J., & Kamber, M. Data mining: Concepts and techniques. San Francisco, CA, USA: Morgan Kaufmann. (2001). [2] Brachman, R. J., Khabaza, T., Kloesgen, W., Piatesky-Shpiro, G., & Simoudis, E. Mining business databases. Communication of the ACM, 39(11) (1996) 42-48. [3] Hayes-Roth, F. Rule-based systems. Communications of the ACM, 28 (1985) 921-932. [4] Alupoaei, S., & Katkoori, S. Ant colony system application to marcocell overlap removal. IEEE Transactions Very Large Scale Integration (VLSI) Systems, 12(10) (2004) 1118-1122. [5] Bianchi, L., Gambardella, L.M., & Dorigo, M. An ant colony optimization approach to the probabilistic travelling salesman problem. In J. J. Merelo, P. Adamidis, H. G.Beyer, J. L. Fernandez-Villacanas, and H. P. Schwefel (Eds.), Proceedings of PPSN-VII, seventh international conference on parallel problem solving from nature. Lecture Notes in Comput Science (2002) 883-892. Berlin: Springer. [6] Demirel, N. C., & Toksari, M. D. Optimization of the quadratic assignment problem using an ant colony algorithm. Applied Mathematics and Computation, 183(1), (2006) 427-435. [7] Lina, B. M. T. Lub, C. Y., Shyuc, S. J., & Tsaic, C. Y. Development of new features of ant colony optimization for flowshop scheduling. International Journal of Productions Economics, 112(2),(2008)742-755. [8] Ramos, G. N., Hatakeyama, Y., Dong, F., & Hirota, K. Hyperbox clustering with ant colony optimization (HACO) method and its application to medical risk profile recognition. Appied Soft Computing, 9(2), (2009) 632-640.
13. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 82|
[9] Parpinelli, R. S., Lopes, H. S., & Freitas , A. A. An ant colony algorithm for classification rule discovery. In H. A. Abbass, R. A. Sarker, & C. S. Newton (Eds.), Data mining: A heuristic approach (2002a) 191-208. London: Idea Group Publishing. [10] Parpinelli, R. S., Lopes,H.S.,&Freitas,A.A.An ant colony algorithm for classification rule discovery.In H.A.Abbass,R.A.Sarker,&C.S.Newton(Eds.),Data mining:A heuristic approach (2002a) 191-208.London Idea Group Publishing. [11] Parpinelli, R.S., Lopes, H.S.,& Freitas, A.A. Data mining with an ant mining optimization Algorithm IEEE Transaction on Evolutionary Computation,6(4),(2002b) 321-332. [12] Jiang, W., Xu, Y., & Xu, Y. A novel data method based on ant colony algorithm. Lecture Notes in Computer Science, (2005) 3584, 284-291. [13] Jin, P., Zhu, Y., Hu, K., & Li, S. classification rule mining based on ant colony optimization algorithm. In D. S. Huang, K. Li, & G. W. Irwin (Eds.), Intelligent control and automation, lecture notes in control and information and sciences (2006) 654-663. Berlin: Springer. [14] Liu, B., Abbass, H, & Mckay, B. Classification rule discovery with ant colony optimization. IEEE Computational Intelligence Bulletin, 3(1),(2004) 31-35. [15] Roozmand, O., & Zamanifar, K. Parallel ant miner 2. In L. Rutkowski et al.(Eds.), Artifical Intelligence and soft computing – ICAISC (2008) 681-692 Berlin: springer. [16] Liu, B., Abbass, H.A., & Mckay, B. Density-based heuristic for rule discovery for Ant-Miner .In: The 6th Australia- Japan joint workshop on intelligent and evolutionary system (2002) 180-184 Canberra, Australia. [17] Wang, Z. & Feng, B. Classification rule mining with an improved ant colony algorithm. In G. I. Webb & X. Yu (Eds.), AI 2004: Advances in artificial intelligence, lecture notes in computer science (2005) 357-367 Berlin: Springer. [18] Blum, C., & Dorigo, M. Deception in ant colony optimization. In M. Dorigo, M. Birattari, C. Blum, L. M. Gambardella, F. Mondada, & T. Stutzle (Eds.), Proc. ANTS 2004, Fourth Internet Workshop on Ant Colony Optimization and Swarm Inteligence, Lecture Notes in Computer Science (2004). Berlin:Springer. [19] Nejad, N. Z., Bakhtiary, A. H., & Analoui, M. Classification using unstructured rules and ant colony optimization. In: Proceedings of the International multi conference of engineers and computer scientists Vol. I, (2008) 506-510. Hong Kong. [20] Dorigo, M., Di Caro, G., & Gambardella, L. M. Ant algorithms for discrete optimization. Artificial Life, 5(2), (1999) 137-172. [21] Blum,C.Ant colony optimization: introductionnand recent trends.Physics of Life Reviews,2(2005)353-373. [22] Merkle, D. Middebdorf, M., & Schmerck, H. Ant colony optimization for resource-constrained project scheduling ,IEEE Transcations on Evolutionary Computation, 6(4) (2002) 333-346. [23] Fuellerer, G., Doerner, K. F., Hartl, R. F., & Iori, M .Ant Colony Optimization for two-dimensional loading vehicle routing problem. Computers and Operations Research, 36(3), (2009) 655-673. [24] Reimann, M., Doerner, K., & Hartl, R.F. D-ants: Savings based ants divide and conquer the vehicle routing problems. Computers & Operations Research, 31(4), (2004) 563-591. [25] Colorni, A., Dorigo, M., Maniezzo, V., & Trubian, M. An system for job-shop scheduling. Belgian Journal of Operations Research. Statistics and Computer Science (JORBEL), 34, (1994). 39-52. [26] Stutzle, T. MAX-MIN Ant system for the quadratic assignment problem. Technical report AIDA-97-4, FG Intellektik, FB Innformatik, TU Darmstadt, Germany (1997b). [27] Leguizamo n, g., & Michalewicz, Z., A new version of Ant System for subset problems. In P. J. Angeline, Z. Michalewicz, M. Schoenauer, X. Yao, & A. Zalzala (Eds,), Proceedings of the 1999 Congresson Evolutionary Computation (CEC‟99) (pp. 1459-1464). Piscataway, NJ, IEEE Press. [28] De Campos, L. M., Ga‟mez, J. A., & Puerta, J. M. Learning Bayesian networks by ant colony optimization: Searching in the space of orderings. Mathware and Soft computing, 9(2-3) (2002b).251-268. [29] Corry, P., & Kozan, E.. Ant Colony Optimization for machine layout problems. Computational Optimization and Applications,28(3),(2004) 287-310. [30] Jia Yu, Yun Chen, Jianping Wu, Modeling and implementations of classification rule discovery by ant colony optimization for spatial land-use suitability assessment, Computers, Environment and Urban Systems 35 (2011) 308-319. [31] W. Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models, in: Proceedings of IEEE Symposium on Security and Privacy, 1999, pp, 120-132. [32] W.Lee, S.J Stolfo, K. W. Mok, Mining audit data to build intrusion detection models, in: Proceedings of the 4th International conference on Knowledge Discovery and Data Mining, AAAI Press, 1998,pp, 66-72. [33] L. Khan, M. Awad, B. Thuraisingham, A new intrusion detection systems using support vector machines and hierarchial clustering. The VLDB Journal 16(2007) 507-521. [34] X. Xu, Adaptive intrusion detection based on machine learning: feature extraction, classifier construction and sequential pattern prediction, Information Assurance and Security 4(2006) 237-246. [35] Y. Feng, J. Zhong, C. Ye, Z. Xiong, Z. Wu Intrusion detection classifier base on self-organizing ant colony networks clustering, Information Assurance Security 4(2006) 247-256. [36] C.-F. Tsai, Y. F. Hsu, C.-Y. Lin, W.-Y. Lin, Intrusion detection by machine learning: a review, Expert Systems with Applications 36(2009) 11994-12000.
14. Classification rule discovery using ant-miner algorithm: An application of network …
| IJMER | ISSN: 2249–6645 | www.ijmer.com | Vol. 4 | Iss.8| Aug. 2014 | 83|
[37] S. Kumar, Classification and detection of computer intrusions. Ph.D. Thesis, Purdue University, August 1995. [38] B. Mukherjee, L. T. Heberlein, K. N. Levitt, Network intrusion detection, IEEE, Network (1994) 26-41. [39] E. H. Spafford D. Zamboni, Intrusion detection using autonomous agents, Computer Networks 34(4) (2000) 547- 570. [40] F. Klawonn, F. Hoppner What is fuzzy about fuzzy clustering? Understanding and improving the concept of the fuzzifier, in: Cryptographic Hardware Embedded Systems. Vol. 2779, Springer, 2003, pp.254-264. [41] J. Han, M. Kamber, J. Pei, Data Mining Concepts Models Methods and Algorithms John Wiley, 2003. [42] UCI KDD Archive, KDD Cup 1999 data, 1999.http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.