Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Advertisements

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Intrusion Detection Systems and Practices

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 7: Expert Systems and Artificial Intelligence Decision Support.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Design of a Learning Classifier System for … … Distributed Max-Flow Algorithm Fault Detection.

seminar on Intrusion detection system

Chapter 5 Data mining : A Closer Look.

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Khaled Rasheed Computer Science Dept. University of Georgia

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Genetic Programming.

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

CHAPTER 12 ADVANCED INTELLIGENT SYSTEMS © 2005 Prentice Hall, Decision Support Systems and Intelligent Systems, 7th Edition, Turban, Aronson, and Liang.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Engineering Applications of Artificial Intelligence,

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Genetic Algorithm.

A Genetic Algorithms Approach to Feature Subset Selection Problem by Hasan Doğu TAŞKIRAN CS 550 – Machine Learning Workshop Department of Computer Engineering.

Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Ch. Eick: Evolutionary Machine Learning Classifier Systems n According to Goldberg [113], a classifier system is “a machine learning system that learns.

Slides are based on Negnevitsky, Pearson Education, Lecture 12 Hybrid intelligent systems: Evolutionary neural networks and fuzzy evolutionary systems.

CS 484 – Artificial Intelligence1 Announcements Lab 4 due today, November 8 Homework 8 due Tuesday, November 13 ½ to 1 page description of final project.

Distributed Systems: Concepts and Design Chapter 1 Pages

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Chapter 8 The k-Means Algorithm and Genetic Algorithm.

Operating system Security By Murtaza K. Madraswala.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED

Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, NAFIPS. 19th International.

Web Usage Mining for Semantic Web Personalization جینی شیره شعاعی زهرا.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

7.5 Intrusion Detection Systems Network Security / G.Steffen1.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

CISC Machine Learning for Solving Systems Problems Presented by: Suparna Manjunath Dept of Computer & Information Sciences University of Delaware.

Intrusion Detection System

CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors ： Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

 Negnevitsky, Pearson Education, Lecture 12 Hybrid intelligent systems: Evolutionary neural networks and fuzzy evolutionary systems n Introduction.

Some Great Open Source Intrusion Detection Systems (IDSs)

CYBERCRIME and Avoidance Techniques

NOVEL APPROACH FOR NETWORK INTRUSION DETECTION

Secure Software Confidentiality Integrity Data Security Authentication

Operating system Security

Datamining : Refers to extracting or mining knowledge from large amounts of data Applications : Market Analysis Fraud Detection Customer Retention Production.

An Enhanced Support Vector Machine Model for Intrusion Detection

A weight-incorporated similarity-based clustering ensemble method based on swarm intelligence Yue Ming NJIT#:

Presentation transcript:

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03

Problem Motivation Background My Approach EA Consideration Results Questions Outline

Problem of identifying unauthorized users Protect the system from being compromised System should provide Data confidentiality Data Integrity Data Availability 2 categories Anomaly Detection Looks for unusual events in data been monitored. Difficult to implement. Misuse Detection Data in network is compared with a database of known signatures. cannot prevent against unknown attacks Revenue loss in 2002 = $455,848,000 Intrusion Detection

Intrusion Detection… Available Approaches Data Mining Techniques Short Sequence of system calls My Approach Genetic algorithm to evolve a simple set of fuzzy rules that can solve some intrusion detection problems

Fuzzy logic Concept In my approach genetic algorithms can find good and simple fuzzy rules to characterize intrusions (abnormal) and normal behavior of network As difference between normal and abnormal activities are not distinct, but rather fuzzy, fuzzy logic is used. Fuzzy Sets Classic Sets In fuzzy set an object can partially be in a set In classic sets an object is entirely in a set or not The membership degree takes values between 0 and 1 The membership degree takes only 2 values 0 or 1 Membership function Fuzzy sets are characterized by a continuous membership function which maps an object to a membership degree taking values between 0 and 1 inclusive.

su-attempted: su command attempted num-root: attempted root access num-file-creations: file creation operations num-failed-login-in: failed login attempts src-bytes: no. of bytes from source to destination dst-bytes: no. of bytes from destination to source Duration: duration of the connection Fuzzy rules: If condition then consequent where ‘condition’ is a complex fuzzy expression ‘consequent’ is an atomic expression System Attributes

If the duration is high and src-bytes is high then port- scan is a ‘high’ If su-attempted is high and failed-login-attempts is high then R2L is ‘high’ If num-root is high and num-file-creation is high then R2L is ‘high’ If src-bytes is high and su-attempted is high and duration is high then port-scan is ‘high’ If num-root is medium and failed-login-attempts is medium then R2L is ‘medium’ If duration is low and src-bytes is low then port-scan is ‘low’ where high, low, medium are membership functions Using Fuzzy product inference engine the degree of confidence in a rule can be evaluated. Some Rules

Learning classifiers Systems (LCS) Classifier systems are intended as a framework that uses genetic algorithms to study learning in condition/action, rule based systems They consists of 2 parts Population of condition-action rules called classifiers Algorithm for utilizing, evaluating and improving the rules Classifier systems address 3 basic problems in machine learning Parallelism and Co-ordination Credit Assignment Rule discovery

The generic architecture of a LCS

Learning classifier system… The classifier system can be viewed as a message processing system acting on current list of messages More messages means more active rules Credit assignment is handled by setting up a market situation. Credit is accumulated by rule as a strength (a kind of capital) Rule discovery exploits the genetic algorithms ability to discover and recombine rules. Rule strength is treated as fitness by genetic algorithms.

Fuzzy Learning Classifier System (FLCS) The fuzzy classifier system is a crossover between a learning classifier system and fuzzy logic. A learning classifier system learn rules whose clauses are strings of bits. Each bit may represent a Boolean value for the corresponding variable. A genetic algorithm operates on these strings to evolve a best solution. In fuzzy classifier system the main idea is to consider the symbols in the rule clauses as labels associated to fuzzy sets. The rule activation module has to select one rule in LCS whereas in FLCS all the rules matching the degree greater than a given threshold are triggered and action is computed.

Evolving fuzzy classifier systems Use of Michigan Approach Used genetic algorithm to generate fuzzy classifiers for intrusion detection Fuzzyfication of input values into fuzzy messages Coding of fuzzy if-then rules and fuzzy matching Fuzzy matching and evaluation Credit Distribution Algorithm Bucket Brigade Algorithm with appropriate fuzzyfication. 00:1111, 01:101/001

sensitivity = TP/TP+FN, specificity = TN/TN+FP Fitness = a*sensitivity + b*specificity, a, b are assigned weights for each rule A pre specified number of fuzzy rules say N in current population is replaced by newly generated rules by genetic operations. Worst rules with smallest fitness are removed from current population and newly generated rules are added to generate N rules Crossover and Mutation are used to generate new rules Crowding is used to replace classifiers EA consideration

Questions??