Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.

Slides:

Advertisements

Similar presentations

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Advertisements

Formal Methods for Intrusion Detection Presented by Brian Kellogg CSE 914: Formal Methods for Software Development Michigan State University December 11.

Application of Bayesian Network in Computer Networks Raza H. Abedi.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

1 MD5 Cracking One way hash. Used in online passwords and file verification.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

Network Intrusion Detection Systems Presented by Keith Elliott.

CSA 223 network and web security Chapter one

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Security Awareness: Applying Practical Security in Your World

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

Department Of Computer Engineering

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data Authors: Eleazar Eskin, Andrew Arnold, Michael Prerau,

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

Masquerade Detection Mark Stamp 1Masquerade Detection.

Intrusion Detection Using Neural Networks and Support Vector Machine

ECE 578: COMPUTER NETWORK AND SECURITY

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Selecting the Best Set of Features for Efficient Intrusion Detection in Networks Mouhcine Guennoun Aboubakr Lbekkouri Khalil El-Khatib.

WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.

1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Intrusion Detection Using Hybrid Neural Networks Vishal Sevani ( )

MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.

Presented by: Dr. Munam Ali Shah

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.

Scenario: Internet Attack Eunice Huang. What is DDoS? A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to.

ICNSC 2007Slide 1 A Novel Soft Computing Model Using Adaptive Neuro-Fuzzy Inference System for Intrusion Detection Authors: A. Nadjaran Toosi;

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Artificial Intelligence Center,

Dependability in Wireless Networks By Mohammed Al-Ghamdi.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

1 Effectiveness of Physical and Virtual Carrier Sensing in IEEE Wireless Ad Hoc Networks Fu-Yi Hung and Ivan Marsic WCNC 2007.

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

Wired Equivalent Privacy. INTRODUCTION Wired Equivalent Privacy (WEP) is a security algorithm for IEEE wireless networks. Introduced as part of.

NOVEL APPROACH FOR NETWORK INTRUSION DETECTION

Wireless Network Security

An Enhanced Support Vector Machine Model for Intrusion Detection

Schizophrenia Classification Using

A survey of network anomaly detection techniques

WLAN Security Antti Miettinen.

Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.

Modeling IDS using hybrid intelligent systems

Presentation transcript:

Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento Ailton Akira Shinoda Bharat Bhargava

Presentation Introduction Motivation Goals Methodology Fuzzy ARTMAP Neural Networks Investigating the Performance of the Fuzzy ARTMAP in detecting intrusions Conclusions and outlook

Introduction The problem of intrusion detection ▫Intrusion => someone who is trying to sneak into or misuse the system. ▫How to provide this protection? Intrusion Detection Systems (IDS)

Motivation How to have a good intrusion detection without an excessive computational cost and maintaining good levels of detection and false alarm rates?

Goals Investigate the performance of Fuzzy ARTMAP classifier in intrusion detection Study the ability of the MAC frame to represent the intrusive behavior into WLAN supporting WEP e WPA encryption

Methodology To do a survey about Adaptative Ressonance Teory (ART) based Neural Networks To analyze the ability of intrusion detection of Fuzzy ARTMAP classifier on two databases: ▫ KDD99 – a fictitious military environment based on wired network ▫A real wireless network supporting WEP and WPA encryption

Fuzzy ARTMAP Neural Networks Fast training Supervised learning Stability / plasticity - ability to maintain the previously acquired knowledge (stability) and to adapt to new classification standards (plasticity)

Investigating the Performance of the Fuzzy ARTMAP in detecting intrusions Applying Fuzzy ARTMAP Classifier on KDD99 Dataset ▫KDD99 is a data set constructed for a international competition on data mining at MIT.

Applying Fuzzy ARTMAP Classifier on KDD99 Dataset Types of attacks represented by base KDD99 ▫Denial of Service (DoS) – connections trying to prevent legitimate users from accessing the service in the target-machine. ▫Scanning (Probe) – connections scanning a target machine for information about potential vulnerabilities. ▫Remote to Local (R2L) – connections in which the attacker attempts to obtain non-authorized access into a machine or network. ▫User to Root (U2R) –connection in which a target machine is already invaded, but the attacker attempts to gain access with superuser privilegies. DatasetDoSProbeu2rr2lNormal Training Test

Applying Fuzzy ARTMAP Classifier on KDD99 Dataset Configuration of the simulated scenarios Configuration parameters for the Fuzzy ARTMAP classifier Scenario Total registers of the KDD99 training dataset in each phase TrainingTest 133%67% 250% 366%34% ParameterValue Choice Parameter (α)0,001 Training rate (β)1 Network vigilance Parameter ARTa(ρ a ) 0,99 Network vigilance Parameter ART b (ρ b ) 0,9 Vigilance Parameter of the inter- ART(ρ ab ) 0,99

Applying Fuzzy ARTMAP Classifier on KDD99 Dataset Results of the Simulated Scenarios Scenario Performance IDS training duration (seg) Global detection rate (%) 1122,9772, ,8187, ,5488,91

Applying Fuzzy ARTMAP Classifier on KDD99 Dataset Results of the accuracy rate for the simulated scenarios

Applying Fuzzy ARTMAP Classifier on KDD99 Dataset Results of the false positive rate for the simulated scenarios

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption Topology of the WLAN used for generating data

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption Types of denial of service attacks used in the experiments ▫Chopchop – attacker intercept a cryptography frame and uses the base station to guess the clear text of the frame by brute force that is repeated until all intercepted frames are deciphered. ▫Deauthentication - attacker transmits to the client stations a false deauthentication frame to render the network unavailable. ▫Duration - attacker sends a frame with the high value of NAV (Network Allocation Vector) field to prevent any client station from using the shared medium to transmit. ▫Fragmentation - attacker uses a fragmentation/assembly technique running in the base station to discover a flow key used to encrypt frames in a WLAN.

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption Distribution of the samples collected from the WLAN into datasets Datasets TrainingValidationTest Intrusion Categories of Normal Intrusion ChopChop Deauthentication Duration Fragmentation Total Number of Samples

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption Configuration parameters for the Fuzzy ARTMAP classifier ParameterValue Choice Parameter (α)0,01 Training rate (β)1 Network vigilance Parameter ARTa(ρ a ) 0,7 Network vigilance Parameter ART b (ρ b ) 1 Vigilance Parameter of the inter- ART(ρ ab ) 0,99

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption Training Time of classifiers we compared our results with the ones of other three classifiers: Suport Vector Machine (SVM), Multilayer Perceptron with Backpropagation (MPBP) and Radial Basis Function (RBF) establishes a methodology for evaluating performance based on three metrics: detection rate, false alarm rate and learning time of the classifier

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption Detection rate for the classifiers

Applying Fuzzy ARTMAP Classifier on a WLAN supporting WEP e WPA encryption False Alarm Rate for classifiers

Conclusions A strong point of Fuzzy ARTMAP classifier is the metric of training time. Fields of MAC frame are insufficient to generate reliable signatures to identify class of tested attacks. The absence of a computational optimization technique for the generation of the configuration parameters of the fuzzy ARTMAP network may have contributed to a more limited performance of classifier.

Outlooks Check the performance of Fuzzy ARTMAP classifier on a WLAN supporting IEEE i and IEEE w security amendments. Applying Particle Swarm Optimization metaheuristic in learning mechanism of neural network. Search the most representative features in management/control/data frame that describe on signatures of tested attacks.