2004. 8. 24. Il-Ahn Cheong Linux Security Research Center Chonnam National University, Korea.

Slides:



Advertisements
Similar presentations
Applications of one-class classification
Advertisements

Pat Langley Computational Learning Laboratory Center for the Study of Language and Information Stanford University, Stanford, California
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Data Mining Lecture 9.
Learning in Neural and Belief Networks - Feed Forward Neural Network 2001 년 3 월 28 일 안순길.
DECISION TREES. Decision trees  One possible representation for hypotheses.
Paper By - Manish Mehta, Rakesh Agarwal and Jorma Rissanen
Huffman code and ID3 Prof. Sin-Min Lee Department of Computer Science.
Decision Tree Approach in Data Mining
Data Mining Classification: Basic Concepts, Decision Trees, and Model Evaluation Lecture Notes for Chapter 4 Part I Introduction to Data Mining by Tan,
© Tan,Steinbach, Kumar Introduction to Data Mining 4/18/ Other Classification Techniques 1.Nearest Neighbor Classifiers 2.Support Vector Machines.
Classification Techniques: Decision Tree Learning
Decision Tree under MapReduce Week 14 Part II. Decision Tree.
1. Abstract 2 Introduction Related Work Conclusion References.
Amir Hossein Momeni Azandaryani Course : IDS Advisor : Dr. Shajari 26 May 2008.
SAK 5609 DATA MINING Prof. Madya Dr. Md. Nasir bin Sulaiman
1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.
Decision Tree Algorithm
1 MACHINE LEARNING TECHNIQUES IN IMAGE PROCESSING By Kaan Tariman M.S. in Computer Science CSCI 8810 Course Project.
Introduction to WEKA Aaron 2/13/2009. Contents Introduction to weka Download and install weka Basic use of weka Weka API Survey.
Classification.
Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Introduction to Data Mining Engineering Group in ACL.
Introduction to Directed Data Mining: Decision Trees
Chapter 7 Decision Tree.
Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Engineering Applications of Artificial Intelligence,
DATA MINING : CLASSIFICATION. Classification : Definition  Classification is a supervised learning.  Uses training sets which has correct answers (class.
Comparing the Parallel Automatic Composition of Inductive Applications with Stacking Methods Hidenao Abe & Takahira Yamaguchi Shizuoka University, JAPAN.
Machine Learning in Intrusion Detection Systems (IDS)
Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.
Copyright R. Weber Machine Learning, Data Mining ISYS370 Dr. R. Weber.
Short Introduction to Machine Learning Instructor: Rada Mihalcea.
Data mining and machine learning A brief introduction.
Midterm Review Rao Vemuri 16 Oct Posing a Machine Learning Problem Experience Table – Each row is an instance – Each column is an attribute/feature.
Cost-Sensitive Bayesian Network algorithm Introduction: Machine learning algorithms are becoming an increasingly important area for research and application.
Automatically Identifying Localizable Queries Center for E-Business Technology Seoul National University Seoul, Korea Nam, Kwang-hyun Intelligent Database.
Reconstructing Gene Networks Presented by Andrew Darling Based on article  “Research Towards Reconstruction of Gene Networks from Expression Data by Supervised.
1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.
Machine Learning in Spoken Language Processing Lecture 21 Spoken Language Processing Prof. Andrew Rosenberg.
GA-Based Feature Selection and Parameter Optimization for Support Vector Machine Cheng-Lung Huang, Chieh-Jen Wang Expert Systems with Applications, Volume.
Data Mining: Classification & Predication Hosam Al-Samarraie, PhD. Centre for Instructional Technology & Multimedia Universiti Sains Malaysia.
Treatment Learning: Implementation and Application Ying Hu Electrical & Computer Engineering University of British Columbia.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Classification Techniques: Bayesian Classification
CS690L Data Mining: Classification
ID3 Algorithm Michael Crawford.
Boundary Detection in Tokenizing Network Application Payload for Anomaly Detection Rachna Vargiya and Philip Chan Department of Computer Sciences Florida.
DECISION TREE Ge Song. Introduction ■ Decision Tree: is a supervised learning algorithm used for classification or regression. ■ Decision Tree Graph:
An Introduction Student Name: Riaz Ahmad Program: MSIT( ) Subject: Data warehouse & Data Mining.
Classification using Decision Trees 1.Data Mining and Information 2.Data Mining and Machine Learning Techniques 3.Decision trees and C5 4.Applications.
Cheng-Lung Huang Mu-Chen Chen Chieh-Jen Wang
KAIST TS & IS Lab. CS710 Know your Neighbors: Web Spam Detection using the Web Topology SIGIR 2007, Carlos Castillo et al., Yahoo! 이 승 민.
Feature Selction for SVMs J. Weston et al., NIPS 2000 오장민 (2000/01/04) Second reference : Mark A. Holl, Correlation-based Feature Selection for Machine.
Data Mining By Farzana Forhad CS 157B. Agenda Decision Tree and ID3 Rough Set Theory Clustering.
Presentation prepared by Yehonatan Cohen and Danny Hendler Some of the slides based on the online book “Social media mining” Danny Hendler Advanced Topics.
Evaluation of Gender Classification Methods with Automatically Detected and Aligned Faces Speaker: Po-Kai Shen Advisor: Tsai-Rong Chang Date: 2010/6/14.
DECISION TREE INDUCTION CLASSIFICATION AND PREDICTION What is classification? what is prediction? Issues for classification and prediction. What is decision.
Learning to Detect and Classify Malicious Executables in the Wild by J
Source: Procedia Computer Science(2015)70:
An Enhanced Support Vector Machine Model for Intrusion Detection
Waikato Environment for Knowledge Analysis
Decision Tree Saed Sayad 9/21/2018.
Data Mining Classification: Alternative Techniques
A survey of network anomaly detection techniques
Prepared by: Mahmoud Rafeek Al-Farra
Discriminative Frequent Pattern Analysis for Effective Classification
Presentation transcript:

Il-Ahn Cheong Linux Security Research Center Chonnam National University, Korea

WISA 2004 LSRC, Chonnam National University 2/14 Contents Introduction Related Works Automatic Generation of Rules using TIA The Experiments Conclusions

WISA 2004 LSRC, Chonnam National University 3/14 I. Introduction Signature-based Network Intrusion Detection Require more time generating rules because of dependence on knowledge of experts Varies according to selection of network measures in the detection Our approaches Automatically generates the detection rules by using tree induction algorithms Improve the detection by automatic selection of network measures Our expectations Detection rules generated independent of knowledge of experts The performance of detection could be improved

WISA 2004 LSRC, Chonnam National University 4/14 II. Related Works The previous researches Florida Univ. LERAD (Learning Rules for Anomaly Detection) Generating conditional rules New Mexico Univ. SVM (Support Vector Machine) SVM based Ranking method Applied Research Lab. of Teas Univ. NEDAA (Exploitation Detection Analyst Assistant) Genetic algorithm & Decision Tree Problems Used limited measures (src/dst. IP/Port, Protocol, etc.) Not treats of the continuous measures

WISA 2004 LSRC, Chonnam National University 5/14 III. Automatic Generation of Rules (1/5) Tree Induction Algorithms A classification method using data mining The constructed trees provide a superior measure selection an easy explanation for constructed tree models The C4.5 algorithm Automatically generates trees by calculating the IG (Information Gain) according to the Entropy Reduction Could be classified in case of existing along with variables having continuous and discrete attributes

WISA 2004 LSRC, Chonnam National University 6/14 Automatic Generation of Rules (2/5) Automatic Generation Model of Rules

WISA 2004 LSRC, Chonnam National University 7/14 Automatic Generation of Rules (3/5) Modified C4.5 algorithm

WISA 2004 LSRC, Chonnam National University 8/14 Automatic Generation of Rules (4/5) Treatment of Continuous Distributions f(x) Continuous  Discrete

WISA 2004 LSRC, Chonnam National University 9/14 Automatic Generation of Rules (5/5) Change of Selection for Network Measures GRR (Good Rule Rate) To select measures having high priority Threshold value is 0.5 as binary (G | B) R G (Good Rule) affected positively generating of detection rules Reflected next learning R B (Bad Rule) affected negatively generating of detection rules Excluded next learning

WISA 2004 LSRC, Chonnam National University 10/14 IV. The Experiments (1/3) Experiment Dataset The 1999 DARPA IDS Evaluation dataset (DARPA99) 191,077 TCP sessions in Week 4 dataset After treats of continuous measures The detection rate increased 20% The false rate decreased 15%

WISA 2004 LSRC, Chonnam National University 11/14 The Experiments (2/3) The Result of GRR Calculation Network measure selected from Ostermann’s TCPtrace (80 measures) G(Good), B(Bad), I(Ignore), RST(Result;G|B|I), SLT(Select; O|X) Step#: The # of repeat experiment Threshold value = 0.5

WISA 2004 LSRC, Chonnam National University 12/14 The Experiments (3/3) The ROC Evaluation According to selection of priority measures Detection rate increased False rate decreased Step0 Step1 Step2 Step3 Step0 Step1 Step2 Step3

WISA 2004 LSRC, Chonnam National University 13/14 V. Conclusions Automatically generates detection rules using Tree Induction algorithm without support of experts Solve the problems according to measure selection continuous type converting into categorical type selection of priority measures by calculating GRR detection rate was increased and false rate was decreased

WISA 2004 LSRC, Chonnam National University 14/14 Q & A Contact Us Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.