This document summarizes a research paper that proposes using principal component analysis (PCA) as a dimension reduction technique for intrusion detection systems (IDS). The paper applies PCA to reduce the number of features from 41 to either 6 or 10 features for the NSL-KDD dataset. One reduced feature set is used to develop a network IDS with high detection success and rate, while the other is used for a host IDS also with good detection success and very high detection rate. The paper outlines the process of applying PCA for IDS, including performing PCA on training data to identify principal components, then using those components to map new online data and detect intrusions based on deviation thresholds.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
Survey of network anomaly detection using markov chainijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Visualize network anomaly detection by using k means clustering algorithmIJCNCJournal
With the ever increasing amount of new attacks in today’s world the amount of data will keep increasing,
and because of the base-rate fallacy the amount of false alarms will also increase. Another problem with
detection of attacks is that they usually isn’t detected until after the attack has taken place, this makes
defending against attacks hard and can easily lead to disclosure of sensitive information.
In this paper we choose K-means algorithm with the Kdd Cup 1999 network data set to evaluate the
performance of an unsupervised learning method for anomaly detection. The results of the evaluation
showed that a high detection rate can be achieve while maintaining a low false alarm rate .This paper
presents the result of using k-means clustering by applying Cluster 3.0 tool and visualized this result by
using TreeView visualization tool .
Intrusion detection with Parameterized Methods for Wireless Sensor Networksrahulmonikasharma
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
Survey of network anomaly detection using markov chainijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
Visualize network anomaly detection by using k means clustering algorithmIJCNCJournal
With the ever increasing amount of new attacks in today’s world the amount of data will keep increasing,
and because of the base-rate fallacy the amount of false alarms will also increase. Another problem with
detection of attacks is that they usually isn’t detected until after the attack has taken place, this makes
defending against attacks hard and can easily lead to disclosure of sensitive information.
In this paper we choose K-means algorithm with the Kdd Cup 1999 network data set to evaluate the
performance of an unsupervised learning method for anomaly detection. The results of the evaluation
showed that a high detection rate can be achieve while maintaining a low false alarm rate .This paper
presents the result of using k-means clustering by applying Cluster 3.0 tool and visualized this result by
using TreeView visualization tool .
Intrusion detection with Parameterized Methods for Wireless Sensor Networksrahulmonikasharma
Current network intrusion detection systems lack adaptability to the frequently changing network environments. Furthermore, intrusion detection in the new distributed architectures is now a major requirement. In this paper, we propose two Adaboost based intrusion detection algorithms. In the first algorithm, a traditional online Adaboost process is used where decision stumps are used as weak classifiers. In the second algorithm, an improved online Adaboost process is proposed, and online Gaussian mixture models (GMMs) are used as weak classifiers. We further propose a distributed intrusion detection framework, in which a local parameterized detection model is constructed in each node using the online Adaboost algorithm. A global detection model is constructed in each node by combining the local parametric models using a small number of samples in the node. This combination is achieved using an algorithm based on particle swarm optimization (PSO) and support vector machines. The global model in each node is used to detect intrusions. Experimental results show that the improved online Adaboost process with GMMs obtains a higher detection rate and a lower false alarm rate than the traditional online Adaboost process that uses decision stumps. Both the algorithms outperform existing intrusion detection algorithms. It is also shown that our PSO, and SVM-based algorithm effectively combines the local detection models into the global model in each node; the global model in a node can handle the intrusion types that are found in other nodes, without sharing the samples of these intrusion types.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
A NOVEL INTRUSION DETECTION MODEL FOR MOBILE AD-HOC NETWORKS USING CP-KNNIJCNCJournal
Mobile ad-hoc network security problems are the subject of in depth analysis. A group of mobile nodes area unit connected to a set wired backbone. In MANET, the node themselves implement the network management in a very cooperative fashion. All the nodes area unit accountable to create a constellation that is dynamically, modification it and conjointly the absence of any clear network boundaries. We tend to project a completely unique intrusion detection model for mobile ad-hoc network victimization. CP-KNN (Conformal Prediction K-Nearest Neighbor) algorithmic rule is to classify the audit knowledge for anomaly detection. The non-conformity score worth is employed to cut back the classification period of time for multi level iteration. It is effectively notice anomalies with high true positive rate, low false positive rate and high confidence that the progressive of assorted anomaly detection ways. Additionally it is interfered
by “noisy” knowledge (unclean data), the projected technique is strong, effective and conjointly it retains
its smart detection performance and to avoid the abnormal activity.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
Abstract This piece of work researches the intrusion detection problem of the network sanctuary; the primary task is to classify network behavior as normal or abnormal while reducing misclassification. In this paper, two efficient data mining algorithms are combined together to detect the network intrusion. Combining SVM and Ant colony (CSVAC) used for well-organized data classification, this technique takes the advantage of both the algorithm while avoiding their weaknesses. This algorithm is implemented and evaluated using standard benchmark KDDCUP99 data set. Experimental results drastically well produce superior results than the other algorithm in terms of accuracy rate and run time efficiency, and this algorithm able to detect the new types of attacks Keywords: Intrusion Detection; Support Vector Machine; Ant colony; Combined Support vector with ant colony
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...IJCNCJournal
An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionIJNSA Journal
Based on the analysis and distribution of network attacks in KDDCup99 dataset and real time traffic, this paper proposes a design of multi stage filter which is an efficient and effective approach in dealing with various categories of attacks in networks. The first stage of the filter is designed using Enhanced Adaboost with Decision tree algorithm to detect the frequent attacks occurs in the network and the second stage of the filter is designed using enhanced Adaboost with Naïve Byes algorithm to detect the moderate attacks occurs in the network. The final stage of the filter is used to detect the infrequent
attack which is designed using the enhanced Adaboost algorithm with Naïve Bayes as a base learner. Performance of this design is tested with the KDDCup99 dataset and is shown to have high detection rate with low false alarm rates.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
Intrusion Detection System Using Self Organizing Map AlgorithmsEditor IJCATR
With the rapid expansion of computer usage and computer network the security of the computer system has became very
im
portant. Every day new kind of attacks are being faced by industries. Many methods have been proposed for the development of
intrusion detection system using artificial intelligence technique. In this paper we will have a look at an algorithm based o
n neur
al
networks that are suitable for Intrusion Detection Systems (IDS)
.
The name of this
algorithm is "Self Organizing Maps" (SOM).
So
far, many different methods have been used to build a detector that Wide variety of different ways in the covers. Among the
methods
used to detect attacks in intrusion detection is done, In this paper we investigate the
Self
-
Organizing
Map
method.
An Empirical Comparison and Feature Reduction Performance Analysis of Intrusi...ijctcm
This paper reports on the empirical evaluation of five machine learning algorithm such as J48, BayesNet, OneR, NB and ZeroR using ten performance criteria: accuracy, precision, recall, F-Measure, incorrectly classified instances, kappa statistic, mean absolute error, root mean squared error, relative absolute error, root relative squared error. The aim of this paper is to find out which classifier is better in its performance for intrusion detection system. Machine Learning is one of the methods used in the intrusion detection system (IDS).Based on this study, it can be concluded that J48 decision tree is the most suitable associated algorithm than the other four algorithms. In this paper we compared the performance of Intrusion Detection System (IDS) Classifiers using seven feature reduction techniques.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
A distributed ip based telecommunication system using sipIJCNCJournal
Voice over Internet Protocol (VoIP) technologies are integral to modern telecommunications because of
their advanced features, flexibility, and economic benefits. Internet Service Providers initially promoted
these technologies by providing low cost local and international calling. At present, there is also a great
deal of interest in using IP-based technologies to replace traditional small and large office telephone
systems that use traditional PBX’s (Private Branch eXchange). Unfortunately, the large majority of the
emerging VoIP based office telephone systems have followed the centralized design of traditional public
and private telephone systems in which all the intelligence in the system is at the core, with quite expensive
hardware and software components and appropriate redundancy for adequate levels of reliability. In this
paper, it is argued that a centralized model for an IP-based telecommunications system fails to exploit the
full capabilities of Internet-inspired communications and that, very simple, inexpensive, elegant and
flexible solutions are possible by deliberately avoiding the centralized approach. This paper describes the
design, philosophy and implementation of a prototype for a fully distributed IP-based Telecommunication
System (IPTS) that provides the essential feature set for office and home telecommunications, including IPbased
long-distance and local calling, and with the support for video as well as data and text. The
prototype system was implemented with an Internet-inspired distributed design using open source software,
with appropriate customizations and configurations.
In this paper, three novel designs of broadband patch antenna are proposed. The first design propose
broadband slotted equilateral triangular patch antenna (ETPA) operating on frequency around 1800 MHz.
The second design propose broadband slotted right angle isosceles triangular patch antenna RAITPA operating on frequency around 2400 MHz. The third design proposes wideband V-Slotted and shorted edge ETPA antenna operating on frequency around 2400 MHz. The two powerful software HFSS and IE3D are used to simulate the proposed designs. Very good agreement between HFSS and IE3D software is obtained. The designs were chosen to fit modern wireless communication applications operate at Industrial Scientific Medical (ISM) bands such as Wireless local area networks (WLAN). Moreover, mounting the patch on thick substrate with loaded slot technique and loading the patch with a notch technique were used to enhance the bandwidth of those designs. Hence, large fractional bandwidth is obtained.
EFFECT OF OPERATING WAVELENGTHS AND DIFFERENT WEATHER CONDITIONS ON PERFORMAN...IJCNCJournal
Free Space Optical (FSO) communication is a very recent and emerging technology to establish broadband
wireless data transmission system using modulated optical beams. The adoption of FSO system is mainly
needed when any physical connection between the transmitter and receiver is practically impossible and
where high bandwidth data transmission is expected. The performance of FSO communication technology
is highly dependent on atmospheric attenuation which is related to the visibility of the different weather
conditions as well as operating wavelengths. This paper presents our study about the effect of visibility as
well as operating wavelengths on atmospheric attenuation in different weather conditions for point-to-point
free space optical link. Moreover, it also discusses the methodology to find out the optimum link distance
for point-to-point FSO link which will be operated in different weather conditions. It is found that,
atmospheric attenuation is changed with the change in weather condition as well as operating wavelengths.
Minimizing mobiles communication time using modified binary exponential backo...IJCNCJournal
The domain of wireless Local Area Networks (WLANs) is growing speedily as a consequence of
developments in digital communications technology. The early adopters of this technology have mainly
been vertical application that places a premium on the mobility offered by such systems. Examples of these
types of applications consist of stocking control in depot environments, point of sale terminals, and rental
car check-in. Furthermore to the mobility that becomes possible with wireless LANs; these systems have
also been used in environments where cable installation is expensive or impractical. Such environments
include manufacturing floors, trading floors on stock exchanges, conventions and trade shows, and historic
buildings. With the increasing propagation of wireless LANs comes the need for standardization so as to
allow interoperability for an increasingly mobile workforce. Despite all the advantages and facilities that
Wi-FI offers, there is still the delay problem that is due to many reasons that are introduced in details in
our case study which also presents the solutions and simulation that can reduce this delay for better
performance of the wireless networks
A NOVEL INTRUSION DETECTION MODEL FOR MOBILE AD-HOC NETWORKS USING CP-KNNIJCNCJournal
Mobile ad-hoc network security problems are the subject of in depth analysis. A group of mobile nodes area unit connected to a set wired backbone. In MANET, the node themselves implement the network management in a very cooperative fashion. All the nodes area unit accountable to create a constellation that is dynamically, modification it and conjointly the absence of any clear network boundaries. We tend to project a completely unique intrusion detection model for mobile ad-hoc network victimization. CP-KNN (Conformal Prediction K-Nearest Neighbor) algorithmic rule is to classify the audit knowledge for anomaly detection. The non-conformity score worth is employed to cut back the classification period of time for multi level iteration. It is effectively notice anomalies with high true positive rate, low false positive rate and high confidence that the progressive of assorted anomaly detection ways. Additionally it is interfered
by “noisy” knowledge (unclean data), the projected technique is strong, effective and conjointly it retains
its smart detection performance and to avoid the abnormal activity.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An approach for ids by combining svm and ant colony algorithmeSAT Journals
Abstract This piece of work researches the intrusion detection problem of the network sanctuary; the primary task is to classify network behavior as normal or abnormal while reducing misclassification. In this paper, two efficient data mining algorithms are combined together to detect the network intrusion. Combining SVM and Ant colony (CSVAC) used for well-organized data classification, this technique takes the advantage of both the algorithm while avoiding their weaknesses. This algorithm is implemented and evaluated using standard benchmark KDDCUP99 data set. Experimental results drastically well produce superior results than the other algorithm in terms of accuracy rate and run time efficiency, and this algorithm able to detect the new types of attacks Keywords: Intrusion Detection; Support Vector Machine; Ant colony; Combined Support vector with ant colony
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...IJCNCJournal
An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionIJNSA Journal
Based on the analysis and distribution of network attacks in KDDCup99 dataset and real time traffic, this paper proposes a design of multi stage filter which is an efficient and effective approach in dealing with various categories of attacks in networks. The first stage of the filter is designed using Enhanced Adaboost with Decision tree algorithm to detect the frequent attacks occurs in the network and the second stage of the filter is designed using enhanced Adaboost with Naïve Byes algorithm to detect the moderate attacks occurs in the network. The final stage of the filter is used to detect the infrequent
attack which is designed using the enhanced Adaboost algorithm with Naïve Bayes as a base learner. Performance of this design is tested with the KDDCup99 dataset and is shown to have high detection rate with low false alarm rates.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
A Novel Classification via Clustering Method for Anomaly Based Network Intrus...IDES Editor
Intrusion detection in the internet is an active
area of research. Intruders can be classified into two
types, namely; external intruders who are unauthorized
users of the computers they attack, and internal
intruders, who have permission to access the system but
with some restrictions. The aim of this paper is to present
a methodology to recognize attacks during the normal
activities in a system. A novel classification via sequential
information bottleneck (sIB) clustering algorithm has
been proposed to build an efficient anomaly based
network intrusion detection model. We have compared
our proposed method with other clustering algorithms
like X-Means, Farthest First, Filtered clusters, DBSCAN,
K-Means, and EM (Expectation-Maximization)
clustering in order to find the suitability of our proposed
algorithm. A subset of KDDCup 1999 intrusion detection
benchmark dataset has been used for the experiment.
Results show that the proposed method is efficient in
terms of detection accuracy, low false positive rate in
comparison to the other existing methods.
Intrusion Detection System Using Self Organizing Map AlgorithmsEditor IJCATR
With the rapid expansion of computer usage and computer network the security of the computer system has became very
im
portant. Every day new kind of attacks are being faced by industries. Many methods have been proposed for the development of
intrusion detection system using artificial intelligence technique. In this paper we will have a look at an algorithm based o
n neur
al
networks that are suitable for Intrusion Detection Systems (IDS)
.
The name of this
algorithm is "Self Organizing Maps" (SOM).
So
far, many different methods have been used to build a detector that Wide variety of different ways in the covers. Among the
methods
used to detect attacks in intrusion detection is done, In this paper we investigate the
Self
-
Organizing
Map
method.
An Empirical Comparison and Feature Reduction Performance Analysis of Intrusi...ijctcm
This paper reports on the empirical evaluation of five machine learning algorithm such as J48, BayesNet, OneR, NB and ZeroR using ten performance criteria: accuracy, precision, recall, F-Measure, incorrectly classified instances, kappa statistic, mean absolute error, root mean squared error, relative absolute error, root relative squared error. The aim of this paper is to find out which classifier is better in its performance for intrusion detection system. Machine Learning is one of the methods used in the intrusion detection system (IDS).Based on this study, it can be concluded that J48 decision tree is the most suitable associated algorithm than the other four algorithms. In this paper we compared the performance of Intrusion Detection System (IDS) Classifiers using seven feature reduction techniques.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
A distributed ip based telecommunication system using sipIJCNCJournal
Voice over Internet Protocol (VoIP) technologies are integral to modern telecommunications because of
their advanced features, flexibility, and economic benefits. Internet Service Providers initially promoted
these technologies by providing low cost local and international calling. At present, there is also a great
deal of interest in using IP-based technologies to replace traditional small and large office telephone
systems that use traditional PBX’s (Private Branch eXchange). Unfortunately, the large majority of the
emerging VoIP based office telephone systems have followed the centralized design of traditional public
and private telephone systems in which all the intelligence in the system is at the core, with quite expensive
hardware and software components and appropriate redundancy for adequate levels of reliability. In this
paper, it is argued that a centralized model for an IP-based telecommunications system fails to exploit the
full capabilities of Internet-inspired communications and that, very simple, inexpensive, elegant and
flexible solutions are possible by deliberately avoiding the centralized approach. This paper describes the
design, philosophy and implementation of a prototype for a fully distributed IP-based Telecommunication
System (IPTS) that provides the essential feature set for office and home telecommunications, including IPbased
long-distance and local calling, and with the support for video as well as data and text. The
prototype system was implemented with an Internet-inspired distributed design using open source software,
with appropriate customizations and configurations.
In this paper, three novel designs of broadband patch antenna are proposed. The first design propose
broadband slotted equilateral triangular patch antenna (ETPA) operating on frequency around 1800 MHz.
The second design propose broadband slotted right angle isosceles triangular patch antenna RAITPA operating on frequency around 2400 MHz. The third design proposes wideband V-Slotted and shorted edge ETPA antenna operating on frequency around 2400 MHz. The two powerful software HFSS and IE3D are used to simulate the proposed designs. Very good agreement between HFSS and IE3D software is obtained. The designs were chosen to fit modern wireless communication applications operate at Industrial Scientific Medical (ISM) bands such as Wireless local area networks (WLAN). Moreover, mounting the patch on thick substrate with loaded slot technique and loading the patch with a notch technique were used to enhance the bandwidth of those designs. Hence, large fractional bandwidth is obtained.
EFFECT OF OPERATING WAVELENGTHS AND DIFFERENT WEATHER CONDITIONS ON PERFORMAN...IJCNCJournal
Free Space Optical (FSO) communication is a very recent and emerging technology to establish broadband
wireless data transmission system using modulated optical beams. The adoption of FSO system is mainly
needed when any physical connection between the transmitter and receiver is practically impossible and
where high bandwidth data transmission is expected. The performance of FSO communication technology
is highly dependent on atmospheric attenuation which is related to the visibility of the different weather
conditions as well as operating wavelengths. This paper presents our study about the effect of visibility as
well as operating wavelengths on atmospheric attenuation in different weather conditions for point-to-point
free space optical link. Moreover, it also discusses the methodology to find out the optimum link distance
for point-to-point FSO link which will be operated in different weather conditions. It is found that,
atmospheric attenuation is changed with the change in weather condition as well as operating wavelengths.
Minimizing mobiles communication time using modified binary exponential backo...IJCNCJournal
The domain of wireless Local Area Networks (WLANs) is growing speedily as a consequence of
developments in digital communications technology. The early adopters of this technology have mainly
been vertical application that places a premium on the mobility offered by such systems. Examples of these
types of applications consist of stocking control in depot environments, point of sale terminals, and rental
car check-in. Furthermore to the mobility that becomes possible with wireless LANs; these systems have
also been used in environments where cable installation is expensive or impractical. Such environments
include manufacturing floors, trading floors on stock exchanges, conventions and trade shows, and historic
buildings. With the increasing propagation of wireless LANs comes the need for standardization so as to
allow interoperability for an increasingly mobile workforce. Despite all the advantages and facilities that
Wi-FI offers, there is still the delay problem that is due to many reasons that are introduced in details in
our case study which also presents the solutions and simulation that can reduce this delay for better
performance of the wireless networks
An Optimal Software Framework for Parallel Computation of CRCIJCNCJournal
CRC is a common error detection method used in different areas such as information storage and data
communication. CRC depends on modulo-2 division by a predetermined divisor called the generator. In
this method, the transmitter divides the message by the generator and concatenates the calculated residue
to the message. CRC is not able to detect every kind of errors. The properties of the generator determine
the range of errors which are detectable in the receiver side. The division operation is currently performed
sequentially, so developing methods for parallel computation of the residue makes CRC suitable for
network protocols and software applications. This paper presents a novel software framework for parallel
computation of CRC using ODP polynomials.
One of the important steps in routing is to find a feasible path based on the state information. In order to support real-time multimedia applications, the feasible path that satisfies one or more constraints has to be computed within a very short time. Therefore, the paper presents a genetic algorithm to solve the paths tree problem subject to cost constraints. The objective of the algorithm is to find the set of edges connecting all nodes such that the sum of the edge costs from the source (root) to each node is minimized. I.e. the path from the root to each node must be a minimum cost path connecting them. The algorithm has been applied on two sample networks, the first network with eight nodes, and the last one with eleven nodes to illustrate its efficiency.
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion. Our observations confirm the conjecture
that both the feature selection and stochastic based genetic operators improves the accuracy and the
effectiveness. The training time is shown to be reduced tremendously by 98.59% and accuracy improved to
98.75%.
Attack Detection Availing Feature Discretion using Random Forest ClassifierCSEIJJournal
The widespread use of the Internet has an adverse effect of being vulnerable to cyber attacks. Defensive
mechanisms like firewalls and IDSs have evolved with a lot of research contributions happening in these
areas. Machine learning techniques have been successfully used in these defense mechanisms especially
IDSs. Although they are effective to some extent in identifying new patterns and variants of existing
malicious patterns, many attacks are still left as undetected. The objective is to develop an algorithm for
detecting malicious domains based on passive traffic measurements. In this paper, an anomaly-based
intrusion detection system based on an ensemble based machine learning classifier called Random Forest
with gradient boosting is deployed. NSL-KDD cup dataset is used for analysis and out of 41 features, 32
features were identified as significant using feature discretion.
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
Wmn06MODERNIZED INTRUSION DETECTION USING ENHANCED APRIORI ALGORITHM ijwmn
Communication networks are essential and it will create many crucial issues today. Nowadays, we
consider that the firewalls are the first line of defense but that policies cannot meet the particular
requirements of needed process to achieve security. Most of the research has been done in this area but
we are lagging to achieve security needs. Already many models such as ADAM, DHP, LERAD and
ENTROPHY are proposed to resolve security problems but we need an efficient model to detect new types
of various intrusions within the entire network. In this paper, we proposed to design a modernized
intrusion detection system which consist of two methods such as anomaly and misuse detection. Both are
integrated and also used to detect novel attacks. Our system proposed to discover temporal pattern of
attacker behaviors, which is profiled using an algorithm EAA (Enhanced Apriori Algorithm). This is
experimented with a simple interface to display the behaviors of attacks effectively
Intrusion detection system for imbalance ratio class using weighted XGBoost c...TELKOMNIKA JOURNAL
The rapid development of the internet of things (IoT) has taken an important role in daily activities. As it develops, IoT is very vulnerable to attacks and creates IoT for users. Intrusion detection system (IDS) can work efficiently and look for activity in the network. Many data sets have already been collected, however, when dealing with problems involving big data and hight data imbalances. This article proposes, using the dataset used by BotIoT to evaluate the system framework to be created, the XGBoost model to improve the detection performance of all types of attacks, to control unbalanced data using the imbalance ratio of each class weight (CW). The experimental results show that the proposed approach greatly increases the detection rate for infrequent disturbances.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Outstanding to the promotion of the Internet and local networks, interruption occasions to computer
systems are emerging. Intrusion detection systems are becoming progressively vital in retaining
appropriate network safety. IDS is a software or hardware device that deals with attacks by gathering
information from a numerous system and network sources, then evaluating signs of security complexities.
Enterprise networked systems are unsurprisingly unprotected to the growing threats posed by hackers as
well as malicious users inside to a network. IDS technology is one of the significant tools used now-a-days,
to counter such threat. In this research we have proposed framework by using advance feature selection
and dimensionality reduction technique we can reduce IDS data then applying Fuzzy ARTMAP classifier
we can find intrusions so that we get accurate results within less time. Feature selection, as an active
research area in decreasing dimensionality, eliminating unrelated data, developing learning correctness,
and improving result unambiguousness.
SURVEY OF NETWORK ANOMALY DETECTION USING MARKOV CHAINijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Recently an internet threat has been increased. Our motive is detect the intrusion in the network in concise.
The real time issue such as DoS attack in banking, companies, industries and organization have been
increased significantly IDS has been used in both server and host side. The major challenge is to effectively
predict the periods of threats and protect the server from the unauthorized user. In this study, a novel
probabilistic approach is proposed effectively to detect the network intrusions. It uses a Markov chain for
probabilistic modelling of abnormal events in network systems. The degree of abnormality of the incoming
data is performed on the basis of the network states.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Similar to IDS IN TELECOMMUNICATION NETWORK USING PCA (20)
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
May_2024 Top 10 Read Articles in Computer Networks & Communications.pdfIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
April 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF Based Intrusion Detection System for Big Data IOT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF based Intrusion Detection System for Big Data IoT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...IJCNCJournal
Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.
Enhancing Traffic Routing Inside a Network through IoT Technology & Network C...IJCNCJournal
IoT networking uses real items as stationary or mobile nodes. Mobile nodes complicate networking. Internet of Things (IoT) networks have a lot of control overhead messages because devices are mobile. These signals are generated by the constant flow of control data as such device identity, geographical positioning, node mobility, device configuration, and others. Network clustering is a popular overhead communication management method. Many cluster-based routing methods have been developed to address system restrictions. Node clustering based on the Internet of Things (IoT) protocol, may be used to cluster all network nodes according to predefined criteria. Each cluster will have a Smart Designated Node. SDN cluster management is efficient. Many intelligent nodes remain in the network. The network design spreads these signals. This paper presents an intelligent and responsive routing approach for clustered nodes in IoT networks. An existing method builds a new sub-area clustered topology. The Nodes Clustering Based on the Internet of Things (NCIoT) method improves message transmission between any two nodes. This will facilitate the secure and reliable interchange of healthcare data between professionals and patients. NCIoT is a system that organizes nodes in the Internet of Things (IoT) by grouping them together based on their proximity. It also picks SDN routes for these nodes. This approach involves selecting one option from a range of choices and preparing for likely outcomes problem addressing limitations on activities is a primary focus during the review process. Predictive inquiry employs the process of analyzing data to forecast and anticipate future events. This document provides an explanation of compact units. The Predictive Inquiry Small Packets (PISP) improved its backup system and partnered with SDN to establish a routing information table for each intelligent node, resulting in higher routing performance. Both principal and secondary roads are available for use. The simulation findings indicate that NCIoT algorithms outperform CBR protocols. Enhancements lead to a substantial 78% boost in network performance. In addition, the end-to-end latency dropped by 12.5%. The PISP methodology produces 5.9% more inquiry packets compared to alternative approaches. The algorithms are constructed and evaluated against academic ones.
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...IJCNCJournal
Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.
** Connect, Collaborate, And Innovate: IJCNC - Where Networking Futures Take ...IJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Enhancing Traffic Routing Inside a Network through IoT Technology & Network C...IJCNCJournal
IoT networking uses real items as stationary or mobile nodes. Mobile nodes complicate networking. Internet of Things (IoT) networks have a lot of control overhead messages because devices are mobile. These signals are generated by the constant flow of control data as such device identity, geographical positioning, node mobility, device configuration, and others. Network clustering is a popular overhead communication management method. Many cluster-based routing methods have been developed to address system restrictions. Node clustering based on the Internet of Things (IoT) protocol, may be used to cluster all network nodes according to predefined criteria. Each cluster will have a Smart Designated Node. SDN cluster management is efficient. Many intelligent nodes remain in the network. The network design spreads these signals. This paper presents an intelligent and responsive routing approach for clustered nodes in IoT networks. An existing method builds a new sub-area clustered topology. The Nodes Clustering Based on the Internet of Things (NCIoT) method improves message transmission between any two nodes. This will facilitate the secure and reliable interchange of healthcare data between professionals and patients. NCIoT is a system that organizes nodes in the Internet of Things (IoT) by grouping them together based on their proximity. It also picks SDN routes for these nodes. This approach involves selecting one option from a range of choices and preparing for likely outcomes problem addressing limitations on activities is a primary focus during the review process. Predictive inquiry employs the process of analyzing data to forecast and anticipate future events. This document provides an explanation of compact units. The Predictive Inquiry Small Packets (PISP) improved its backup system and partnered with SDN to establish a routing information table for each intelligent node, resulting in higher routing performance. Both principal and secondary roads are available for use. The simulation findings indicate that NCIoT algorithms outperform CBR protocols. Enhancements lead to a substantial 78% boost in network performance. In addition, the end-to-end latency dropped by 12.5%. The PISP methodology produces 5.9% more inquiry packets compared to alternative approaches. The algorithms are constructed and evaluated against academic ones.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
1. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
DOI : 10.5121/ijcnc.2013.5412 147
IDS IN TELECOMMUNICATION NETWORK USING
PCA
Mohamed Faisal Elrawy1
, T. K. Abdelhamid2
and A. M. Mohamed3
1
Faculty of engineering, MUST University, 6th Of October, Egypt
eng_faisal1989@yahoo.com
2,3
Faculty of engineering, Assuit University, Assuit, Egypt
2
tarik_k@aun.edu.eg, 3
afm@aun.edu.eg
ABSTRACT
Data Security has become a very serious part of any organizational information system. Internet threats
have become more intelligent so it can deceive the basic security solutions such as firewalls and antivirus
scanners. To enhance the overall security of the network an additional security layer such as intrusion
detection system (IDS) has to be added. The anomaly detection IDS is a type of IDS that can differentiate
between normal and abnormal in the data monitored. This paper proposes two types of IDS, one of them
can be used as a network intrusion detection system (NIDS) with overall success (0.9161) and high
detection rate (0.9288) and the other type can also be used as a host intrusion detection system (HIDS) with
overall success (0.8493) and very high detection rate (0.9628) using NSL-KDD data set.
KEY WORDS
IDS, NIDS, HIDS, data mining, anomaly detection.
1.INTRODUCTION
In the age of information technology revolution the telecommunications networks have been
developed from circuit switched network to packet switched network, after that it has Mutations
enormous towards all-IP based networks. These developments make the communication of
applications and services such as data and voice are being transferred on top of the IP-protocol
[1].
The development of data transmission speeds in both uplink and downlink has increased
considerably from the second generation (2G) of radio access networks to the third generation
(3G) of radio access networks and the development of devices that subscribers of
telecommunications networks make the boundary between computers and mobile phones has
become unspecified.
With the smart phones, the subscriber can do almost everything and can dispense on the basic
personal computers. This means that the full data on the Internet is now in the hands of each
smart phone owners. Technologies in communications networks have become more progress and
it has raised new unwanted possibilities. Risks and threats that were applicable only in the fixed
networks are now feasible in the radio access networks. The security systems have to become
more intelligent because of threats are becoming more advanced.
The basic security measurements such as firewalls and antivirus scanners cannot keep pace with
the overgrowing number of intelligent attacks from the Internet. A solution to enhance the overall
security of the networks is to add an additional security layer to increase the security layers by
2. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
148
using intrusion detection systems (IDS). Intrusion Detection System (IDS) designed to
complement other security measures based on attack prevention [2]. Amparo Alonso-Betanzos et
al. [3] say ‘The aim of the IDS is to inform the system administrator of any suspicious activities
and to recommend specific actions to prevent or stop the intrusion’.
There are two types of intrusion detection, one of them is signature- based and the other is
anomaly-based intrusion detection. The signature-based or misuse detection method use patterns
of well-known attacks to identify intrusions [4].
The anomaly-based intrusion detection uses network traffic which has been monitored and
compared versus any deviation from the established normal usage patterns to determine whether
the current state of the network is anomalous. An anomalous traffic can considered as intrusion
attempt.
Misuse detection uses well-defined patterns known as signatures of the attacks. Anomaly-based
detection builds a normal profile and anomalous traffic detected when the deviation from the
normal model reaches a preset threshold level [5].
The anomaly-based intrusion detection depends on features selection. Well selection of features
will maintain accuracy of the detection while speeding up its calculations. Therefore, any
reduction in the number of features used for the detection will improve the overall performance of
the IDS. If there are no useless features, focus on the most important ones expected to improve
the execution speed of IDS.
This increase in the detection speed will not affect accuracy of the detection in a significant way.
Incorrect selection of the features may reduce the speed of the operation and reduce detection
accuracy [6].
This aim of this paper is to improve the intrusion detection system by using Principal Component
Analysis as a dimension reduction technique. The Paper Compares between two different features
selections, i.e.6 features and 10 features. One of this features selections can be used in Network
Intrusion Detection System (NIDS) and the other can be used in Host Intrusion Detection System
(HIDS).
2.RELATIVE WORK
Chakraborty [7] has reported that the existence of irrelevant and redundant features generally
affects the performance of machine learning part of the work. Chakraborty proved that good
selection of the feature set results in better classification performance.
A. H. Sung et al. [8] have demonstrated that the elimination of these unimportant and irrelevant
features did not reduce the performance of the IDS.
Chebrolu et al. [9] reported that an important advantage of combining redundant and
complementary classifiers is to increase accuracy and better overall generalization. Chebrolu et al.
[9] have also identified important input features in building IDS that are computationally efficient
and effective. This work shows the performance of three feature selection algorithms: (1)
Bayesian networks, (2) Classification and Regression Trees and (3) an ensemble of Bayesian
networks and Classification and Regression Trees.
3. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
149
Sung and Mukkamala [8], have explored SVM and Neural Networks that can categorize features
with respect to their importance. Use SVM and Neural Networks to detect specific kinds of
attacks such as probing, DoS, Remote to Local, and User to Root. Prove that the elimination of
less importance and irrelevant features has no effect on reducing the performance of the IDS.
Chebrolu et al. [9] suggested CART-BN approach, where CART has a better performance for
Normal, Probe and U2R and the ensemble approach worked has a better performance for R2L and
DoS. Meanwhile, A. Abraham et al. [10] proved that ensemble of Decision Tree was suitable for
Normal, LGP for Probe, DoS and R2L and Fuzzy classifier was good for R2L attacks.
A. Abraham et al. [11] prove the ability of their suggested on Ensemble structure in modelling
lightweight distributed IDS.
Manasi Gyanchandani et al. [12] improved the performance of C4.5 classifier over NSL-KDD
dataset using different classifier combinations techniques such as bagging, boosting and stacking.
Gholam Reza Zargar et al. [2] show that dimension reduction and identification of effective
network features for category-based selection can reduce the processing time in an intrusion
detection system while maintaining the detection accuracy within an acceptable range.
3. MULTIVARIATE STATISTICAL ANALYSIS
3.1 Distance
Many multivariate techniques applied to the anomaly detection problem are based upon the
concept of distances. The most familiar distance metric is the Euclidean or straight-line distance.
In most cases, it is used as a measure of similarity in the nearest neighbour method. Let x = (x1,
x2, x3, …, xp) ´ and y = (y1, y2, y3, …, yp) ´ be two p-dimensional observations, the Euclidean
distance between x and y is
d2
(x, y) = (x − y)′ (x − y) (1)
Since each feature contributes equally to the calculation of the Euclidean distance, this distance is
undesirable when different features measured on different scales or the features have very
different variability. The effect of the features that have high variability or large scales of
measurement would control others that have less variability or smaller scales. As an alternative, a
measure of variability can be incorporated into the distance metric directly. One of these metrics
is the well-known Mahalanobis distance
d 2
(x, y) = (x − y)′ S−1
(x − y) (2)
Where S is the sample covariance matrix.
3.2 Principal Component Analysis (PCA)
Naturally in intrusion detection problems Data found in high dimensions. To easily explore the
data and further analysis, the dimensionality of the data must be reduced. The PCA is often used
for this purpose. PCA is a predominant linear dimensionality reduction technique, and it has been
widely applied to datasets in many different scientific domains [13].
PCA is concerned with explaining the variance covariance structure of a set of variables through a
few new variables, which are linear combinations of the original variables. Principal components
4. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
150
are particular linear combinations of the p random variables {x1, x2, x3, …, xp} with three
important properties. The first one is the principal components are uncorrelated. The second one
is the first principal component has the highest variance and the second principal component has
the second highest variance and so on. The third one is the total variation in all the principal
components combined equal to the total variation in the original variables {X1, X2, X3, …, Xp }.
The new variables with such properties are easily obtained from eigenanalysis of the covariance
matrix or the correlation matrix of {X1, X2, X3, …, Xp } [14]. Let the original data X be a n x p
data matrix of n observations on each of p variables (X1, X2, …, Xp) and let R be a p x p sample
correlation matrix of X1, X2 , …, Xp. If (λ1, e1), (λ2, e2), (λ3, e3), … (λp, ep) are the p eigenvalue
and eigenvector Pairs of the matrix R, λ ≥ λ ≥λ ≥ … ≥ λ ≥ 0, then ith sample principal
component of an observation vector x= (x1, x2, x3, …, xp) ʹ is
yi = e′i z
yi = ei1z1 + ei2 z2 + ei3z3 +...+ eip zp , i =1,2,3,.., p (3)
Where
e = (e , e , e ,..., e )′ is the ith eigenvector.
And
Z = (z , z2, z3, …, zp ) is the vector of standardized observations defined as
z = x − x , k=1, 2, 3, ..., p (4)
Where x is the sample mean of the variable x . The ith principal component has sample variance
λ and the sample covariance or correlation of any pair of principal components is equal to zero.
The PCA produces a set of independent variables so the total variance of a sample is the sum of
all the variances accounted for by the principal components. The correlation between any two
variables is
ρ , =
( , )
(5)
Where σ is the standard deviation of x which is a sample of data. The principal components of
the sample correlation matrix have the same properties as principal components from a sample
covariance matrix. As all principal components are uncorrelated, the total variance in all of the
principal components is
λ + λ + ⋯ + λ = p (6)
The principal components produced by the covariance matrix are different from the principal
components produced by the correlation matrix. Eigenvalues have larger weights because of some
values are much larger than others. Since The NSL-KDD data set has many items with varying
scales and ranges so the correlation matrix will use.
3.3 Applying PCA to Outlier Detection
PCA applied as an outlier detection method. In applying PCA, there are two main issues, (1) how
to interpret the set of principal components and (2) how to calculate the notion of distance. First,
each eigenvalue of a principal component corresponds to the relative amount of variation it
encompasses. The larger the eigenvalue is the more significant its corresponding projected
eigenvector should be. Therefore, the most significant principal components sorted before the
least significant principal components. If a new data item projected along the upper set of the
significant principal components, it is likely that the data item can be classified without projecting
5. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
151
along all of the principal components. Second, the data sample can represent by the axes of
eigenvectors of the principal components. Those axes considering a normal when the data sample
is the training set of normal network connections. If any points lie outside these axes by far
distance then the data connection would exhibit abnormal data connection.
Outliers measured using the Mahalanobis distance are presumably network connections that are
anomalous, any network connection with a distance greater than the threshold value (t) is
considered an outlier. In this work, any outlier represents an attack. Consider the sample principal
components of an y , y , … , y observation x where
yi = e′i z , i =1,2,... , p
z = x − x , k=1, 2, 3, ..., p
The sum of scores that are squares of the partial principal component is equal to the principal
component score
∑ = + + ⋯ + (7)
Equating to the Mahanobolis distance of the observation X from the mean of the normal sample
data set [15].
Anomaly detections Needs an offline training or learning phase whether those methods are outlier
detection, statistical models, or association rule mining. PCA has two clearly separate phases (the
offline and online detection phases). These two separate phases are an advantage for hardware
implementation. Another advantage of PCA is reduction of features. As we will show in our
experiment, PCA effectively reduces the number of processed features from 41 to 10 or 6
features.
The outline steps involved in PCA are shown in (figure 1). Training data take as input and a mean
vector of each sample calculate in the offline phase. Ideally, these data sets are a snapshot of
activity connections in a real network environment. In addition, these data sets should contain
only normal connections. Second, correlation matrixes calculate from the training data.
A correlation matrix normalizes all of the data by calculating the standard deviation. Next,
eigenanalysis performed on the correlation matrix to create independent orthonormal eigenvalue
and eigenvector pairs. The set of principal components can use in online analysis because of these
pairs. Finally, the sets of principal components sort by eigenvalue in descending order. The
eigenvalue is a relative measure of the variance of its corresponding eigenvectors.
Using dimensionality-reducing method such as PCA to extract the most significant principal
components, so only a subset of the most important principal components needs to classify any
new data. In addition to using the most significant principal components (q) to find intrusions, we
have found that it is helpful to look for intrusions along a number of least-significant components
(r) as well.
The major principal component score calculated by the most significant principal components and
the minor principal component score calculated by the less significant principal components.
Major principal component score (MajC) is used to detect severe deviations with large values of
the original features. These observations follow the correlation structure of the sample data.
Minor principal component score (MinC) is used to detect attacks may not follow the same
correlation model. In this work, two thresholds needed to detect attacks. If the principal
6. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
152
components sorted in descending order, then (q) is a subset of the highest values and is a subset of
the smallest components. The MajC threshold is referred (t ) while the MinC threshold is
referred to (t ). An observation (x) is an attack if
∑ > t Or ∑ > t (8)
The online portion takes major principal components and minor principal components and maps
online data into the eigenspace of those principal components
Figure (1) PCA For Network Intrusion Detection
4. EXPERIMENT
4.1 Data Set Description
Mostly all the experiments on intrusion detection are done on KDDCUP ’99 dataset, which is a
subset of the 1998 DARPA Intrusion Detection Evaluation data set and is processed extracting
41 features from the raw data of DARPA 98 data set. Defined higher level features that help in
differentiating between “good” normal connections from “bad” attacks connections [16].
KDDCUP 99 data set can be used in host-based systems, network-based systems, signature
systems and anomaly detection systems.
A connection is a sequence of Transmission Control Protocol (TCP) packets starting and ending
with the time between which data come from a source IP address to a target IP address under
some protocol. Each connection described as a normal or as an attack with defined the attack
type. Each connection record consists of about 100 bytes [17].
KDD train and test set contains a huge number of records and huge number of redundant
records. Almost about 78% and 75% of the records duplicated in the train and test set
respectively. The classification will be wrong because of these redundant records and thus these
records prevent classifying the other records that is not redundant. To solve this problem, a new
7. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
153
dataset was developed NSL-KDD [18]. One copy of each repeated record was not removed in
the KDD train and test set.
4.2 Performance Measures
Metrics, which are mainly used to evaluate the performance of classifiers are presented in [19],
[20] and are given here for ready reference.
• The true positives (TP) are correct classifications and true negatives (TN) are correct
classifications. True positive is the probability that there is an alert, when there is an intrusion.
• A false negative (FN) occurs when the outcome is incorrectly predicted as negative when it is
actually positive.
• The true positive rate (TPR) is computed as
TPR = (9)
• A false positive (FP) occurs when the outcome is incorrectly predicted positive when it is
actually negative. The false positive rate computes as
FPR = (10)
• Recall: The percentage of the total relevant documents in a database retrieved by your search
computes as
recall = (11)
• Precision: The percentage of relevant documents in relation to the number of documents
retrieved is calculated as
precision = (12)
• The overall success rate is the number of correct classifications divided by the total number of
classifications is calculated as
success rate = (13)
error rate = 1 − success rate (14)
4.3 Experiment steps and results
In our experiments we use KDDTrain_20Percent [21] in both the training and testing stages.
The KDDTrain_20Percent contain 25192 connections records. The training data sets contain
records of network connections labelled either as normal or as an attack. Each connection record
made up of 41 different features related to the connection.
The 41 features are divided into three categories: basic features of TCP connections (1) ,
content features of the connection (2) , and traffic features (3) which are derived using a 2-s
time window to monitor the relationships between connections. The same service and the same
host information are included in The traffic-level features such as the number of connections in
the past 2 s that have the same destination host as the current connection.
First, we select 6 features from the basic features of TCP connections which used with NIDS
because these features do not need any host logs. Second, we add 4 features from traffic
features, which based on time window and this collection (10 features), used in HIDS is shown
in (Table 1).
8. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
154
Table 1 Feature Used in Our Experiment
Feature name Description Type
Duration Number of seconds of the connection Continuous (1)
Protocol Type Type of the protocol, e.g. tcp, udp, icmp . Discrete (1)
Service
Network service on the destination, e.g., http,
telnet, https, etc
Discrete (1)
Src-bytes Number of data bytes from source to destination Continuous (1)
Dst-bytes Number of data bytes from destination to source Continuous (1)
Flag Normal or error status of the connection Discrete (1)
Count
Number of connections from the same source as
the current connection in the past two seconds
Continuous (3)
Sev-count
Number of connections to the same service as the
current connection in the past two seconds from
the same source
Continuous (3)
Dst-host-count
Number of connections to the same host as the
current connection in the past two seconds
Continuous (3)
Dst-host-srv-count
Number of connections to the same service as the
current connection in the past two seconds to the
same host
Continuous (3)
We used a Matlab program to design our IDS. Based on [22], we suggest using (q) major
components that can explain about 50 - 70 percents of the total variation in the standardized
features. When the original features are uncorrelated, each principal component from the
correlation matrix has an eigenvalue equal to 1. So the minor components are those components
whose variances or eigenvalues are less than 0.20, which would indicate some relationships
among the features (r).
First step we selected 6 features and suggested using q = 3, r =0. Second step we added 4 features
and suggested using q= 3, r =2. In a multiclass prediction, the result on a test set is often
displayed as a two dimensional confusion matrix with a row and a column for each class.
Each matrix element shows the number of test examples for which the actual class is the row and
the predicted class is the column. Good results correspond to large numbers down the main
diagonal and small, ideally zero, off-diagonal elements. The confusion Matrix is showed on the
(Table 2). The Performance Measures are shown in (Table 3) and (Table 4).
Table 2 Confusion Matrix
Predicted Class
Actual
Class
Attack Normal
Attack TP FN
Normal FP TN
9. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
155
Table.3 Detection Attacks In All Steps
Attacks DOS PROBE R2l U2r
Exist 9234 2289 209 11
Detection from
step (1)
8666 2212 28 1
Detection from
step (2)
9028 2244 32 2
Table 4 metrics for all steps
Step (1) Step (2)
Metrics
Normal
class
Anomaly
class
Normal
class
Anomaly
class
Recall and
TPR
0.9050 0.9288 0.7503 0.9628
FPR 0.0712 0.0949 0.0372 0.2496
Precision 0.9357 0.8952 0.9584 0.7719
Overall
success
0.9161 0.8493
Error 0.0839 0.1507
Both recall and precision have good value in these two steps but one of steps can be used as NIDS
another can be used as HIDS which has a better detection rate.
5. CONCLUSION AND FUTURE WORK
Future network intrusion detection system generation will most likely employ both signature
detection and anomaly detection modules. Anomaly detection methods process a large amount of
data in order to recognize anomalous behaviour or new attacks.
This paper used PCA as an effective way of outlier analysis. PCA is particularly useful because of
its ability to reduce data dimensionality into a smaller set of independent variables from which
new data can be classified.
This paper has two steps in its experiment. The first step takes six features from the basic features
of TCP connections that can used in NIDS and this step has an overall success rate (0.9161) with
high detection rate (0.9288). The second step takes ten features {six features from the basic
features of TCP connections plus four features from traffic features} which can be used in HIDS
and this step has an overall success rate (0.8493) with very high detection rate for Anomaly class
(0.9628).
Plan for the future work is to use these two steps to make an integrated intrusion detection system
by using relationship between these two steps.
10. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
156
ACKNOWLEDGEMENTS
Thanks to everyone who helped me in carrying out this work to the fullest
REFERENCES
[1] Kumar, A., Maurya, H. C., Misra, R. (April 2013). A Research Paper on Hybrid Intrusion
Detection System. International Journal of Engineering and Advanced Technology (IJEAT),
volume-2, Issue-4, ISSN: 2249-895
[2] Zargar, G. R. (October 2012). Category Based Intrusion Detection Using PCA. International
Journal of Information Security, 3, 259-271.
[3] Amparo, A. B., Noelia, S. M., Félix, M. C., Juan, A. S. and Beatriz, P. S. (25-27 April 2007).
Classification of Computer Intrusions Using Functional Networks—a Comparative Study.
Proceedings of European Symposium on Artificial Neural Networks (ESANN), Bruges. pp 579-
584.
[4] Ilgun, K., Kemmerer, R. A. and Porras, P. A. (1995). State Transition Analysis: A Rule-Based
Intrusion Detection Approach. IEEE Transaction on Software Engineering, Vol. 21, No. 3, pp.
181-199.
[5] Guyon, I. and Elisseff, A. (2003). An Introduction to Variable and Feature Selection. Journal of
Machine Learning Research, Vol. 3, pp. 1157-1182.
[6] Chou, T. S. Yen, K. K. and Luo, J. (2008). Network Intrusion Detection Design Using Feature
Selection of Soft Computing Paradigms. International Journal of Computational Intelligence, Vol.
4, No. 3, pp. 196-208.
[7] Chakraborty, B. (2005). Feature Subset Selection by Neuro-Rough Hybridization. Lecture Notes
in Computer Science (LNCS), Springer, Heidelberg.
[8] Sung, A. H. and Mukkamala, S. (2003). Identifying Important Features for Intrusion Detection
Using Support Vector Machines and Neural Networks. Proceedings of International Symposium
on Applications and the Internet (SAINT) pp. 209-216.
[9] Chebrolu, S. Abraham, A. and Thomas, J. (2005). Feature Deduction and Ensemble Design of
Intrusion Detection Systems. Computers and Security, Elsevier Science, Vol. 24, No. 4, pp. 295-
307.
[10] Abraham, A. and Jain, R. (2004). Soft Computing Models for Network Intrusion Detection
systems, Springer, Heidelberg.
[11] Abraham, A. Grosan, C. and Vide, C. M. (2007) “Evolutionary Design of Intrusion Detection
Programs,” International Journal of Network Security, Vol. 4, No.3, pp. 328-339.
[12] Gyanchandani, M. Yadav, R. N. Rana, J. L. (December 2010). Intrusion Detection using C4.5:
Performance Enhancement by Classifier Combination. International Journal on Signal and Image
Processing, Vol. 1, No. 03
[13] Boutsidis, C. Mahoney, M. W. and Drineas, P. (2008). Unsupervised Feature Selection for
Principal Components Analysis. Proceedings of the 14th ACM Sigkdd International Conference
on Knowledge Discovery and Data Mining, Las Vegas, pp. 61-69
[14] Jolliffe, I. T. (2002). Principal component analysis. 2 Ed. Springer, Verlag, NY.
[15] Jobson, J. D. (1992). Applied Multivariate Data Analysis, Volume II: Categorical and
Multivariate Methods. New York: Springer Verlag.
[16] Stolfo, J. Fan, W. Lee, W. Prodromidis, A. and Chan, P.K. (2000). Cost-based modeling and
evaluation for data mining with application to fraud and intrusion detection. DARPA Information
Survivability Conference.
[17] The KDD Archive. KDD99 cup dataset, 1999:
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[18] Tavallaee, M. Bagheri, E. Lu, W. and Ghorbani, A. (2009). A Detailed Analysis of the KDD CUP
99 Data Set. Proceedings of the Second IEEE Symposium on Computational Intelligence for
Security and Defense Applications (CISDA).
[19] Srinivasulu, P. Nagaraju, D. Ramesh Kumar, P. and Nagerwara Rao, K. (June 2009). Classifying
the Network Intrusion Attacks using Data Mining Classification Methods and their Performance
Comparison. International Journal of Computer Science and Network Security, Vol.9 No.6, pp 11-
18.
[20] Shyu, M. Chen, S. Sarinnapakorn, K. and Chang, L. (2003). A novel anomaly detection scheme
based on principal component classifier. Proceedings of the IEEE foundation and New Directions
11. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.4, July 2013
157
of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data
Mining (ICDM03), pp. 172-179
[21] The NSL-KDD Data set: http://nsl.cs.unb.ca/NSL-KDD/
[22] Shyu, M. Chen, S. Sarinnapakorn, K. Chang, L. (2003). A Novel Anomaly Detection Scheme
Based on Principal Component Classifier. IEEE Foundations and New Directions of Data Mining
Workshop, in conjunction with ICDM'03, pp. 171-179.
AUTHORS
Mohamed Faisal received the B.sc degree from Assiut University (in 2010). After
working as a Network security engineer (from 2011) in information network at Sohag
University and Research Assistant in the Department of Electrical Engineering, at
Sohag University (from 2011), He has been a demonstrator in MUST University
(since2012). He finished his Preliminary Master in June 2012 in the Department of
Electrical Engineering, at Assuit University.
Tarik Kamal received the B.sc. and M.sc. degrees, from Assuit University in 1975
and 1980, respectively. He received the Dr. Eng. degree from France in 1986. After
working as a demonstrator (from1975) and as an assistant lecturer (from 1981), He has
been a lecturer in the Department of Electrical Engineering at Assuit University since
1987. His research interest includes signal processing, image processing and
communication network. He is a supervisor of Information network at Assiut University.
Abdel-Fattah Mahmoud received the B.sc. and M.sc. degrees, from Assuit University
in 1976 and 1981, respectively. He received the Dr. Eng. degree from Maryland
University in 1990. After working as demonstrator (from1978), Assistant Lecturer (from
1981) in Assuit University, Visitor Professor of Department of Mechanical Engineering,
University of Texas, United States of America (from September 1991 to August 1993),
associate professor (from 1995) in Assuit University, Visitor Professor of the Department
of Electrical Engineering, Kanazawa University, Japan, (from April 1996 to April 1997) and Visitor
Professor of the University Technology in Malaysia (from February 2006 - March 2006), he has been a
professor in the Department of Electrical Engineering, Assuit University since 2000. He has been a dean of
Engineering College, Assuit University since 2011.