23-02-2012, 08:58 PM
applications where layered approach using conditional random fields for intrusion detection system used in real world
23-02-2012, 08:58 PM
applications where layered approach using conditional random fields for intrusion detection system used in real world
24-02-2012, 12:01 PM
to get information about the topic layered approach using conditional random fields for intrusion detection full report ppt and related topic refer the link bellow
https://seminarproject.net/Thread-layere...-detection https://seminarproject.net/Thread-layere...ion--22131
18-09-2012, 03:59 PM
Layered Approach Using Conditional Random Fields for Intrusion Detection
1Layered Approach.pdf (Size: 3.77 MB / Downloads: 41) Abstract Intrusion detection faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach. Experimental results on the benchmark KDD ’99 intrusion data set show that our proposed system based on Layered Conditional Random Fields outperforms other well-known methods such as the decision trees and the naive Bayes. The improvement in attack detection accuracy is very high, particularly, for the U2R attacks (34.8 percent improvement) and the R2L attacks (34.5 percent improvement). Statistical Tests also demonstrate higher confidence in detection accuracy for our method. Finally, we show that our system is robust and is able to handle noisy data without compromising performance. INTRODUCTION INTRUSION detection as defined by the SysAdmin, Audit, Networking, and Security (SANS) Institute is the art of detecting inappropriate, inaccurate, or anomalous activity [6]. Today, intrusion detection is one of the high priority and challenging tasks for network administrators and security professionals.More sophisticated security toolsmeanthat the attackers come up with newer and more advanced penetration methods to defeat the installed security systems [4] and [24]. Thus, there is a need to safeguard the networks from known vulnerabilities and at the same time take steps to detect new and unseen, but possible, system abuses by developing more reliable and efficient intrusion detection systems. Any intrusion detection system has some inherent requirements. Its prime purpose is to detect as many attacks as possible with minimum number of false alarms, i.e., the system must be accurate in detecting attacks. However, an accurate system that cannot handle large amount of network traffic and is slow in decision making will not fulfill the purpose of an intrusion detection system. We desire a system that detects most of the attacks, gives very few false alarms, copes with large amount of data, and is fast enough to make real-time decisions RELATED WORK The field of intrusion detection and network security has been around since late 1980s. Since then, a number of methods and frameworks have been proposed and many systems have been built to detect intrusions. Various techniques such as association rules, clustering, naive Bayes classifier, support vector machines, genetic algorithms, artificial neural networks, and others have been applied to detect intrusions. In this section, we briefly discuss these techniques and frameworks. Lee et al. introduced data mining approaches for detecting intrusions in [30], [31], and [32]. Data mining approaches for intrusion detection include association rules and frequent episodes, which are based on building classifiers by discovering relevant patterns of program and user behavior. Association rules [8] and frequent episodes are used to learn the record patterns that describe user behavior. These methods can deal with symbolic data, and the features can be defined in the form of packet and connection details. However, mining of features is limited to entry level of the packet and requires the number of records to be large and sparsely populated; otherwise, they tend to produce a large number of rules that increase the complexity of the system [7]. CONDITIONAL RANDOM FIELDS FOR INTRUSION DETECTION Conditional models are probabilistic systems that are used to model the conditional distribution over a set of random variables. Such models have been extensively used in the natural language processing tasks. Conditional models offer a better framework as they do not make any unwarranted assumptions on the observations and can be used to model rich overlapping features among the visible observations. Maxent classifiers [37], maximum entropy Markov models [34], and CRFs [29] are such conditional models. The advantage of CRFs is that they are undirected and are, thus, free from the Label Bias and the Observation Bias [27]. The simplest conditional classifier is the Maxent classifier based upon maximum entropy classification, which estimates the conditional distribution of every class given the observations [37]. The training data is used to constrain this conditional distribution while ensuring maximum entropy and hence maximum uniformity. We now give a brief description of the CRFs, which is motivated from the work in [29]. LAYERED APPROACH FOR INTRUSION DETECTION We now describe the Layer-based Intrusion Detection System (LIDS) in detail. The LIDS draws its motivation from what we call as the Airport Security model, where a number of security checks are performed one after the other in a sequence. Similar to this model, the LIDS represents a sequential Layered Approach and is based on ensuring availability, confidentiality, and integrity of data and (or) services over a network. Fig. 2 gives a generic representation of the framework. The goal of using a layered model is to reduce computation and the overall time required to detect anomalous events. The time required to detect an intrusive event is significant and can be reduced by eliminating the communication overhead among different layers. This can be achieved by making the layers autonomous and self-sufficient to block an attack without the need of a central decision-maker. Every layer in the LIDS framework is trained separately and then deployed sequentially. We define four layers that correspond to the four attack groups mentioned in the data set. They are Probe layer, DoS layer, R2L layer, and U2R layer. Each layer is then separately trained with a small set of relevant features. Feature selection is significant for Layered Approach and discussed in the next section. Building Individual Layers of the System We perform two sets of experiments. From the first experiment, we wish to examine the accuracy of CRFs for intrusion detection. The objective is to see how CRFs compare with other techniques, which are known to perform well. We do not consider feature selection, and the systems are trained using all the 41 features. From this experiment, we observe that CRFs perform much better for U2R attacks while the decision trees achieve higher attack detection for Probes and R2L. The difference in attack detection accuracy for DoS is not significant. We note that the reason for better performance of decision trees is that they perform feature selection. This motivates us to perform our second experiment where we perform feature selection by selecting a small set of features for every attack group instead of using all the 41 features. We perform the same experiment with decision trees and naive Bayes and compare the results. We call the integrated models as Layered CRFs, layered decision trees, and layered naive Bayes, respectively. For better comparison and readability, we give the results for both the experiments together. |
|
Possibly Related Threads… | |||||
Thread | Author | Replies | Views | Last Post | |
lending tree project source code using java | Guest | 6 | 5,817 |
23-02-2019, 12:31 PM Last Post: Revajonfed |
|
polytronics seminar | Guest | 4 | 19,120 |
28-09-2018, 07:46 PM Last Post: [email protected] |
|
pvc coating seminar report | Guest | 1 | 4,058 |
22-09-2017, 11:00 AM Last Post: jaseela123 |
|
li fi seminar | Guest | 1 | 1,294 |
21-09-2017, 03:16 PM Last Post: jaseela123 |
|
google wave protocol seminar report | Guest | 1 | 8,173 |
21-09-2017, 12:39 PM Last Post: jaseela123 |
|
seminar artificial leaf | Guest | 1 | 2,343 |
19-09-2017, 04:09 PM Last Post: jaseela123 |
|
ieee seminar topics for information technology | Guest | 1 | 7,262 |
18-09-2017, 04:17 PM Last Post: jaseela123 |
|
student database management system in c using file handling | Guest | 1 | 2,268 |
18-09-2017, 04:02 PM Last Post: jaseela123 |
|
seminar report on hydrogen super highway | bishwas | 1 | 2,844 |
15-09-2017, 03:15 PM Last Post: jaseela123 |
|
door detection example opencv | Guest | 1 | 2,066 |
14-09-2017, 12:12 PM Last Post: jaseela123 |