bayesian classifiers and software sensors for intrusion detection systems l.
Download
Skip this Video
Download Presentation
Bayesian Classifiers and Software Sensors for Intrusion Detection Systems.

Loading in 2 Seconds...

play fullscreen
1 / 16

Bayesian Classifiers and Software Sensors for Intrusion Detection Systems. - PowerPoint PPT Presentation


  • 124 Views
  • Uploaded on

Bayesian Classifiers and Software Sensors for Intrusion Detection Systems. By: Kaushal Mittal Guide: Prof. Sunita Sarawagi. Bayesian Classifiers. Classification Supervised learning Classes known Number of classes known Statistical classifiers Based on bayes theorem

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Bayesian Classifiers and Software Sensors for Intrusion Detection Systems.' - yvonne


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
bayesian classifiers and software sensors for intrusion detection systems

Bayesian Classifiers and Software Sensors for Intrusion Detection Systems.

By: Kaushal Mittal

Guide: Prof. Sunita Sarawagi

bayesian classifiers
Bayesian Classifiers
  • Classification
    • Supervised learning
    • Classes known
    • Number of classes known
  • Statistical classifiers
  • Based on bayes theorem
  • Calculates probability of a sample belonging to a class.
naive bayesian classifier
Naive Bayesian classifier
  • Assumes attributes values to be conditionally independent given the target class.
  • Each training sample X is a vector of n attributes {an}.
  • Set of classes C { cm }.
  • Every new sample S is labeled to class with maximum posterior probability.
application
Application
  • Text Classification.
    • All words as attributes.
    • Assume attributes to be independent.
    • Use Naive bayes classifier.
  • M. Shavlik and J. Shavlik have used naive bayesian classifiers for intrusion detection system.
  • Low detection rate of 59.2%.
  • Proposed a Winnow based Algorithm.
intrusion detection system
Intrusion Detection System
  • Intrusion detection system
    • Anomaly detection
    • Misuse detection
  • Goals
    • High detection rates
    • Low false negative alarms
    • Low false positive alarms
    • Less CPU cycles
    • Quick detection rates
ids cont
IDS Cont.
  • Problem
    • Detect intrusion quickly with low false alarm rate and high intrusion detection rate.
  • Approaches
    • Naive Bayes Classifiers
    • Winnow based Algorithm
  • Alternative approaches
    • Density based Local Outlier approach
    • Elman Network
ids phases
IDS - Phases

Data Collection

Discretization

Training

Tuning

Operational

data collection
Data Collection
  • The training data
    • system properties like CPU, memory, network connections, number of threads.
  • Use of Perfmon on windows, strace on linux.
  • Features Like
    • Actual value measured.
    • Average of Last 10 values
    • Average of last 100 values
    • Difference between current and previous values
    • Difference between current and average of last 10
    • Difference between current and average of last 100
    • Difference between average of previous 10 and previous 100
ids phases9
IDS - Phases

Data Collection

Discretization

Training

Tuning

Operational

discretization
Discretization
  • Data is continuous
  • Discretized into 10 bins
  • Divide the samples into 10 bins
  • Selects the best distribution function
    • Uniform
    • Guassian
    • Exponential
    • Erlang
ids phases11
IDS - Phases

Data Collection

Discretization

Training

Tuning

Operational

training
Training
  • Initialize weights for each feature
  • For each training sample
  • Calculate votes for each feature
    • Relative probability for value of feature
  • Adjust weights
  • In Naive bayes approach
    • Use exact probability of feature.
ids phases13
IDS - Phases

Data Collection

Discretization

Training

Tuning

Operational

tuning
Tuning
  • Goal To calculate W, threshmini , threshfull
  • W – window to avoid overlapping.
  • Threshmin – threshold for mini alarm
  • Threshfull – threshold for intrusion detection.
  • Test set used.
analysis
Analysis
  • False negative alarms
  • System learning intruder’s behaviour.
  • False Positive alarms
  • Comparison to Naïve bayes classifier approach.
alternatives
Alternatives
  • All suffer from false learning and false alarms.
  • Another approach can be
    • Elman networks.
    • Density based