1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Huge Raw Data Cleaning Data Condensation Dimensionality Reduction Data Wrapping/ Description Machine Learning Classification Clustering Rule Generation.

Anomaly Detection using GAs M. Umer Khan 22-Nov-2005.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Fuzzy Logic Based on a system of non-digital (continuous & fuzzy without crisp boundaries) set theory and rules. Developed by Lotfi Zadeh in 1965 Its advantage.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Data classification based on tolerant rough set reporter: yanan yean.

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

University of Minnesota

Fuzzy Medical Image Segmentation

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

NIDS Using Genetic Algorithms Umer Khan Weekly Progress Review 6-Sept-2005.

seminar on Intrusion detection system

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Department Of Computer Engineering

Data Mining By Andrie Suherman. Agenda Introduction Major Elements Steps/ Processes Tools used for data mining Advantages and Disadvantages.

By : Anas Assiri.  Introduction  fraud detection  Immune system  Artificial immune system (AIS)  AISFD  Clonal selection.

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik D’haeseleer Dept. of Computer Science University.

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

Water Contamination Detection – Methodology and Empirical Results IPN-ISRAEL WATER WEEK (I 2 W 2 ) Eyal Brill Holon institute of Technology, Faculty of.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.

CS490D: Introduction to Data Mining Prof. Chris Clifton April 14, 2004 Fraud and Misuse Detection.

Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.

Intrusion Detection Adam Ashenfelter Nicholas J. Tyrrell.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

IIT Indore © Neminah Hubballi

Intrusion Detection Techniques for Mobile Wireless Networks Zhang, Lee, Yi-An Huang Presented by: Alex Singh and Nabil Taha.

Chapter 13 Genetic Algorithms. 2 Data Mining Techniques So Far… Chapter 5 – Statistics Chapter 6 – Decision Trees Chapter 7 – Neural Networks Chapter.

Data Mining Approaches for Intrusion Detection Wenke Lee and Salvatore J. Stolfo Computer Science Department Columbia University.

23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED

Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, NAFIPS. 19th International.

Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.

1 Topics about Data Warehouses What is a data warehouse? How does a data warehouse differ from a transaction processing database? What are the characteristics.

Copyright © 2012, SAS Institute Inc. All rights reserved. ANALYTICS IN BIG DATA ERA ANALYTICS TECHNOLOGY AND ARCHITECTURE TO MANAGE VELOCITY AND VARIETY,

Data Mining In contrast to the traditional (reactive) DSS tools, the data mining premise is proactive. Data mining tools automatically search the data.

7.5 Intrusion Detection Systems Network Security / G.Steffen1.

Fall  Types of Uncertainty 1. Randomness : Probability Knowledge about the relative frequency of each event in some domain Lack of knowledge which.

ReSeTrus Development of a digital library technology based on redundancy elimination and semantic elevation, with special emphasis on trust management.

Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.

DATA MINING WITH CLUSTERING AND CLASSIFICATION Spring 2007, SJSU Benjamin Lam.

Artificial Intelligence Center,

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Data Mining – Introduction (contd…) Compiled By: Umair Yaqub Lecturer Govt. Murray College Sialkot.

Data Mining is the process of analyzing data and summarizing it into useful information Data Mining is usually used for extremely large sets of data It.

Some Great Open Source Intrusion Detection Systems (IDSs)

Introduction to Machine Learning, its potential usage in network area,

An Enhanced Support Vector Machine Model for Intrusion Detection

Authors Bo Sun, Fei Yu, Kui Wu, Yang Xiao, and Victor C. M. Leung.

Fuzzy Clustering.

An Improved Neural Network Algorithm for Classifying the Transmission Line Faults Slavko Vasilic Dr Mladen Kezunovic Texas A&M University.

Intrusion Detection with Neural Networks my awesome graphic ↑

Department of Electrical Engineering

Fuzzy Logic Bai Xiao.

Modeling IDS using hybrid intelligent systems

Fuzzy Logic Based on a system of non-digital (continuous & fuzzy without crisp boundaries) set theory and rules. Developed by Lotfi Zadeh in 1965 Its advantage.

When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.

Presentation transcript:

1 Anomaly Detection Using GAs Umer Khan 28-sept-2005

2 Limitations GAs provide Optimization rather than Classification Tends to be rule based Usually applied to Misuse Detection rather than Anomaly detection Learns according to a scenario i.e. specific to scenario But, Integration with Fuzzy Logic integrated with Data Mining may work well.

3 Fuzzy Logic Appropriate for intrusion detection for two reasons. Quantitative features (Fuzzy Variables) are involved intrusion detection. Measurements of CPU usage time, connection detection, number of different TCP/UDP connections initiated by same source host.

4 Fuzzy Logic 2 nd motivation, “Security includes fuzziness” Helps to smooth abrupt separation of normality and abnormality. Allows representation of overlapping categories. Standard set theory VS Fuzzy set theory

5 Anomaly Detection via Fuzzy Data Mining Data mining, is used to automatically learn patterns from large quantities of data. If the number different destination addresses during the last 2 seconds was high Then an unusual situation exists. What number falls in the set High? The degree of membership in the fuzzy set high determines whether or not the rule is activated.

6 Typical Way

7 Fuzzy Logic

8 Data Mining 2 methods: “Association Rules and Frequency Episodes”. Mine audit data to find normal patterns for anomaly intrusion detection.

9 Association Rules if a customer who buys a soft drink (A) usually also buys potato chips (B), then potato chips are associated with soft drinks using the rule A  B. A Fuzzy Association rule can be like: { SN=LOW, FN=LOW } → { RN=LOW } We mine a set rules from dataset with no intrusions and designate it as normal behavior.

10 Association Rules Considering new set of audit data, a new set of set of association rules is mined and its similarity with reference set is analyzed. If the similarity is low, then the new data will cause an alarm.

11

12 Future Task Analyzing the working of “Frequency Episode” method of data mining. Use of Genetic Algorithms in tuning Fuzzy Membership Functions.