Unimaginable Amounts Of Money Computer Science Essay

Published Date: 02 Nov 2017

ABSTRACT

Across the globe, unimaginable amounts of money are spent every year to set up security for network systems and protect them from intrusions. Disruption of the vital systems through intrusions poses a serious threat as it and disables many organizations and the internet services across the world. The great challenge before us is identifying these attacks on computer networks and finding solutions in the area of network security. This challenge can be successfully meet by using the intrusion detection systems (IDS). The successful implementation of this one main solution depends of the selection of the appropriate features of the connections to the network server to detect the intrusion activity. If the unnecessary features for building IDS are considered it results in bringing about computational issues and decrease the accuracy of detection.

The data mining techniques, machine learning techniques, and soft computing techniques used in the intrusion detection systems help in processing of large volumes of the data. The frameworks have been designed to detect and to classify the attacks in a simple and easy manner with appropriate features. The evaluation of intrusion detection frameworks has also been included.

This thesis proposes to classify the normal and abnormal behaviors making use of soft computing techniques in the chosen data set. Among the several soft computing paradigms, Rule-base classifier, Bayesian Network (BN), Hidden Markov Model(HMM) and Fuzzy Inference System(FIS) approaches have been investigated.

The first approach is IDS using Rule based classifier which is used to derive optimal rules from data. Pruning, optimizing rules, and class prediction for data records are the key features of this process.The main idea of this thesis is to build a classification model using Induction Decision Tree for normal records, and attacking records based on labelled training data, and using it to classify each new unseen record. Rule based Classification Model is also used to handle class distributions.

In the second approach, outlier detection is used for finding intruders using multi-stage framework. It is extremely difficult to find out outliers directly from high dimensional datasets. In this thesis entropy method has been used for reducing high dimensionality to lower dimensionality, where the processing time is saved without compromising the efficiency. Multi-stage framework utilizes compact data synopsis, to capture necessary data statistical information using z-score values for outlier detection.

The third approach is IDS using integrated Bayes Networks and Hidden Markov Model. The first level of the model is to build the Bayesian network using the chosen dataset. Once the network is built the conditional probability or joint probability for each node is determined. The Bayes network has been used as state transition diagram for HMM. The HMM parameters can be estimated using the Bayesian Network. Hidden Markov Model Methodology, with suitable parameter estimation and training, presents a powerful approach for creating Intrusion Detection System which can find whether the traffic is normal or has intrusions at runtime that might solve the major concern of the Computer Security.

The last approach is IDS using Fuzzy Inference System (FIS). A set of fuzzy classifiers are used to do an initial classification. FIS computes the membership function parameters, and then it is trained and tested in the classification mode, based on that the fuzzy rules are generated. The fuzzy inference system depends on the output of fuzzy classifier and decides finally whether the activity is normal or intrusive.

The experiments were conducted on KDDCUP’99 dataset and masquerade dataset. The masquerade dataset contains 50 users and each user has 15000 records. The first 5000 records have been used to train the model and the remaining 10000 records have been used for evaluation (testing) of the model. This model works for even high dimensional data streams with high performance detection rate and robust to noise. KDDCUP'99 dataset consists of approximately 4,900,000 single connection vectors each of which contains 41 features and is labeled as either normal or a specific attack. The simulated attacks are classified under four categories such as denial of service (DoS), User to Root (U2R), Remote to Local (R2L), and Probe. The data has been preprocessed before using it for training and testing of the IDS model. The IDS model has been trained and tested for normal and attack type connection records separately. The model can differentiate the intruders from normal users with low false positive rate and high true positive rate. The model works for even high dimensional data streams with high performance detection rate and robust to noise. The results evince that the performance of the model is of the highest order for classification of normal and intrusion attacks.

Summary and Conclusions

Currently many methods, techniques, and tools are available for network security Continuous research is being done to develop tools and methods for detecting and providing security as several vulnerabilities are being found by network attackers. The constant changing behavior of these attacks makes the handling of these attacks difficult. To handle these attacks they should be detected and a mechanism is to be built to avoid future attacks.

To find a solution to this problem four frameworks have been designed which are simple and easy for use in IDS. The methods are linearly scalable, robust and dynamic. All these methods are tested on standard datasets such as KDDCUP dataset and masquerade dataset which show good performance. In designing these frameworks the machine learning, data mining methods and soft computing techniques have been used. Currently machine learning techniques and soft computing techniques are most popular in handling complex real-time problems.

In the first framework for IDS, a new rule-based classification technique has been defined with extension of existing RIPPER algorithm. At the first level the model is trained and at the second level the model is evaluated and the results were found to be showing good performance. This model training and testing is done with KDDCUP’99 dataset.

In the second approach Multi-tiered framework for IDS has been designed with three tiers. In the first tier preprocessing of data is done. In the second tier, the separation of the objects into normal and attack type objects with z-score statistical measure is done. In the third stage of the model, the Bayesian Network classifier has been used for classifying the network objects into normal and attack types. Here both the classification and clustering techniques have been used to simplify the task of network classification. This model is scalable.

In the third approach the proposed Integrating Bayes Network and Hidden Markov Model which is a Hybrid Computational method has been used. To improve and develop an Integrated network, the Bayesian Network and HMM have been fused. This implies the challenge of selecting the optimal initial values for the HMM parameters. Bayesian net was used for building HMM model which gives more accurate results. HMM model usually performs in three steps, where as in this thesis two steps have been used to increase the Computational efficiency.

The last framework, Fuzzy inference is the process of expressing the representing from a given input to an output using fuzzy logic. It computes the membership function parameters that allow the related fuzzy inference system to path the given input/output data. Fuzzy Inference system can classify the alerts with high accuracy and reduce the number of false positive alerts significantly and also identifies the attack types of the alerts with more accuracy.