Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.

Publish Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Anomaly Detection Using GAs Umer Khan 28-sept-2005."— Presentation transcript:

1 1 Anomaly Detection Using GAs Umer Khan 28-sept-2005

2 2 Limitations GAs provide Optimization rather than Classification Tends to be rule based Usually applied to Misuse Detection rather than Anomaly detection Learns according to a scenario i.e. specific to scenario But, Integration with Fuzzy Logic integrated with Data Mining may work well.

3 3 Fuzzy Logic Appropriate for intrusion detection for two reasons. Quantitative features (Fuzzy Variables) are involved intrusion detection. Measurements of CPU usage time, connection detection, number of different TCP/UDP connections initiated by same source host.

4 4 Fuzzy Logic 2 nd motivation, “Security includes fuzziness” Helps to smooth abrupt separation of normality and abnormality. Allows representation of overlapping categories. Standard set theory VS Fuzzy set theory

5 5 Anomaly Detection via Fuzzy Data Mining Data mining, is used to automatically learn patterns from large quantities of data. If the number different destination addresses during the last 2 seconds was high Then an unusual situation exists. What number falls in the set High? The degree of membership in the fuzzy set high determines whether or not the rule is activated.

6 6 Typical Way

7 7 Fuzzy Logic

8 8 Data Mining 2 methods: “Association Rules and Frequency Episodes”. Mine audit data to find normal patterns for anomaly intrusion detection.

9 9 Association Rules if a customer who buys a soft drink (A) usually also buys potato chips (B), then potato chips are associated with soft drinks using the rule A  B. A Fuzzy Association rule can be like: { SN=LOW, FN=LOW } → { RN=LOW } We mine a set rules from dataset with no intrusions and designate it as normal behavior.

10 10 Association Rules Considering new set of audit data, a new set of set of association rules is mined and its similarity with reference set is analyzed. If the similarity is low, then the new data will cause an alarm.

11 11

12 12 Future Task Analyzing the working of “Frequency Episode” method of data mining. Use of Genetic Algorithms in tuning Fuzzy Membership Functions.

Download ppt "1 Anomaly Detection Using GAs Umer Khan 28-sept-2005."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Huge Raw Data Cleaning Data Condensation Dimensionality Reduction Data Wrapping/ Description Machine Learning Classification Clustering Rule Generation.

Huge Raw Data Cleaning Data Condensation Dimensionality Reduction Data Wrapping/ Description Machine Learning Classification Clustering Rule Generation.
Anomaly Detection using GAs M. Umer Khan 22-Nov-2005.

Anomaly Detection using GAs M. Umer Khan 22-Nov-2005.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Fuzzy Logic Based on a system of non-digital (continuous & fuzzy without crisp boundaries) set theory and rules. Developed by Lotfi Zadeh in 1965 Its advantage.

Fuzzy Logic Based on a system of non-digital (continuous & fuzzy without crisp boundaries) set theory and rules. Developed by Lotfi Zadeh in 1965 Its advantage.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Data classification based on tolerant rough set reporter: yanan yean.

Data classification based on tolerant rough set reporter: yanan yean.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
University of Minnesota

University of Minnesota
Fuzzy Medical Image Segmentation

Fuzzy Medical Image Segmentation
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
NIDS Using Genetic Algorithms Umer Khan Weekly Progress Review 6-Sept-2005.

NIDS Using Genetic Algorithms Umer Khan Weekly Progress Review 6-Sept-2005.
seminar on Intrusion detection system

seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Department Of Computer Engineering

Department Of Computer Engineering
Data Mining By Andrie Suherman. Agenda Introduction Major Elements Steps/ Processes Tools used for data mining Advantages and Disadvantages.

Data Mining By Andrie Suherman. Agenda Introduction Major Elements Steps/ Processes Tools used for data mining Advantages and Disadvantages.
By : Anas Assiri.  Introduction  fraud detection  Immune system  Artificial immune system (AIS)  AISFD  Clonal selection.

By : Anas Assiri.  Introduction  fraud detection  Immune system  Artificial immune system (AIS)  AISFD  Clonal selection.

Similar presentations

Ads by Google