1 / 17

An Overview of Intrusion Detection Using Soft Computing

An Overview of Intrusion Detection Using Soft Computing. Archana Sapkota Palden Lama. Introduction. Intrusion Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Intrusion Detection:

clark
Download Presentation

An Overview of Intrusion Detection Using Soft Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009

  2. Introduction Intrusion • Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Intrusion Detection: • Additional line of defense. First line of defense being authentication, data encryption, avoiding programming errors and firewalls • Classified into two types: • 1. Misuse Intrusion Detection • 2. Anomaly Intrusion Detection CS591 Fall 2009

  3. Introduction Misuse intrusion detection : • Uses well-defined patterns of the attack that exploit weaknesses in system and application software to identify the intrusions. • These patterns are encoded in advance and used to match against the user behavior to detect intrusion. Anomaly intrusion detection: • Uses the normal usage behavior patterns to identify the intrusion. The normal usage patterns are constructed from the statistical measures of the system features. • The behavior of the user is observed and any deviation from the constructed normal behavior is detected as intrusion CS591 Fall 2009

  4. Soft Computing • The essence of soft computing is that, unlike the traditional, hard computing it is aimed at an accommodation with the pervasive imprecision of the real world. Thus, the guiding principle of soft computing is: • '...exploit the tolerance for imprecision, uncertainty and partial truth to achieve tractability, robustness, low solution cost and better rapport with reality'. • The role model for soft computing is the human mind. CS591 Fall 2009

  5. Soft Computing Techniques used for IDS • K – Nearest Neighbor • Artificial Neural Networks • Support Vector Machines • Self Organizing Map • Decision Tree • Bayes’ Networks • Genetic Algorithms • Fuzzy Logic CS591 Fall 2009

  6. Classifier Design • Single Classifiers • Ensemble Classifiers • Hybrid Classifiers CS591 Fall 2009

  7. Hybrid Classifier CS591 Fall 2009

  8. Ensemble Classifier CS591 Fall 2009

  9. Experimental Data (KDD) • Prepared by the 1998 DARPA Intrusion Detection Evaluation program by MIT Lincoln Labs (MIT Lincoln Laboratory) • Nine weeks of raw TCP dump data. The raw data was processed into connection records, which consist of about 5 million connection records. • The data set has 41 attributes for each connection record plus one class label • Consist of 4 types of attack: 1. Denial of Service(DDoS) 2. Remote to User (R2L) 3. User to Root(U2R) 4. Probing http://kdd.ics.uci.edu/databases/kddcup99/ CS591 Fall 2009

  10. Sample Experimental Data(KDD) Positive Training Examples: 0,tcp,http,SF,181,5450,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,8,0.00,0.00,0.00,0.00,1.00,0.00,0.00,9,9,1.00,0.00,0.11,0.00,0.00,0.00,0.00,0.00,normal. 0,tcp,http,SF,239,486,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,8,0.00,0.00,0.00,0.00,1.00,0.00,0.00,19,19,1.00,0.00,0.05,0.00,0.00,0.00,0.00,0.00,normal. 0,tcp,http,SF,235,1337,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,8,0.00,0.00,0.00,0.00,1.00,0.00,0.00,29,29,1.00,0.00,0.03,0.00,0.00,0.00,0.00,0.00,normal. Negative Training Examples: 0,icmp,ecr_i,SF,1032,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,511,511,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,1.00,0.00,0.00,0.00,0.00,0.00,smurf 0,icmp,ecr_i,SF,1032,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,511,511,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,1.00,0.00,0.00,0.00,0.00,0.00,smurf. 0,icmp,ecr_i,SF,1032,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,511,511,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,1.00,0.00,0.00,0.00,0.00,0.00,smurf. CS591 Fall 2009

  11. Case Study: Performance comparison • Fuzzy Rule Based Technique • Rule Generation Based on the Histogram of Attribute Values(FR1) • Rule Generation Based on Partition of Overlapping Areas (FR2) • Neural learning of Fuzzy Rules (Neuro-Fuzzy Inference system – FR3) • Linear Genetic Programming (LGP) • Decision Trees (DT) • Support Vector Machines (SVM) CS591 Fall 2009

  12. Evaluation Strategy Attribute Reduction/Feature Selection Training Testing CS591 Fall 2009

  13. Data Attributes used for Intrusion Detection CS591 Fall 2009

  14. Results : Single Classifiers CS591 Fall 2009

  15. IDS with ensemble of intelligent paradigms CS591 Fall 2009

  16. Results : Ensemble Classifier CS591 Fall 2009

  17. Thank you!! CS591 Fall 2009

More Related