SCOPUS 2005-2009

Permanent URI for this collection

https://repository.dusit.ac.th//handle/123456789/4432

Browse

Browsing SCOPUS 2005-2009 by Subject "Anomaly detection"

Now showing 1 - 8 of 8
  • Default Image
    Item
    A novel method for unsupervised anomaly detection using unlabelled data
    (2008) Abdul Samad Bin Haji Ismail; Abdul Hanan Abdullah; Kamalrulnizam Bin Abu Bak; Md Asri Bin Ngadi; Dahliyusmanto Dahlan; Witcha Chimphlee; A. S. B. H. Ismail; Faculty of Science and Information Systems, Universiti Teknologi Malaysia, 81310 Skudai, Johor, Malaysia; email: abdsamad@utm.my
    Most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, anomaly network intrusion detection method based on Principal Component Analysis (PCA) for data reduction and Fuzzy Adaptive Resonance Theory (Fuzzy ART) for classifier is presented. Moreover, PCA is applied to reduce the high dimensional data vectors and distance between a vector and its projection onto the subspace reduced is used for anomaly detection. Using a set of benchmark data from KDD (Knowledge Discovery and Data Mining) Competition designed by DARPA for demonstrate to detection intrusions. Experimental results show the proposed model can classify the network connections with satisfying performance. © 2008 IEEE.
  • Default Image
    Item
    An approach to solve computer attacks based on hybrid model
    (2006) Surat Srinoy; Witcha Chimphlee; Siriporn Chimphlee; Yoothapoom Poopaibool; S. Srinoy; Faculty of Science and Technology, Suan Dusit Rajabhat University, Dusit, Bangkok, 295 Ratchasima Road, Thailand; email: surat_sri@dusit.ac.th
    It is an important issue for the security of network to detect new intrusion attack. We introduce the idea of the Independent component analysis (ICA) based feature selection heuristics, and present Support Vector Machine (SVM) algorithm for data classification. ICA aims at extracting unknown hidden factors/components from multivariate data using only the assumption that unknown factors are mutually independent. The experimental results on dataset Knowledge Discovery and Data Mining (KDDCup99) show that our method outperforms the existing intrusion detection methods.
  • Default Image
    Item
    An integrated fuzzy ants and artificial immune recognition system for anomaly detection
    (2006) Surat Srinoy; Werasak Kurutach; S. Srinoy; Department of Computer Science, Suan Dusit Rajabhat University, Bangkok, Thailand; email: surat_sri@dusit.ac.th
    A computer system intrusion is seen as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. The introduction to networks and the internet caused great concern about the protection of sensitive information and have resulted in many computer security research efforts during the past few years. This paper highlights a novel approach for detecting intrusion based on bio-inspired algorithm. The intrusion detection model combines the fuzzy ants clustering algorithm and artificial immune recognition algorithm to maximize detection accuracy and minimize computational complexity. The implemented system has been tested on the training data set from DARPA DATA SET by MIT Lincoln Laboratory on intrusion. The applicability of the proposed method and the enhanced security it provides are discussed. © 2006 ICASE.
  • Default Image
    Item
    Anomaly intrusion detection systems based on evolutionary computing
    (2007) Surat Srinoy; Siriporn Chimphlee; Witcha Chimphlee
    As malicious intrusions are a growing problem, we need a solution to detect the intrusions accurately. Network administrators are continuously looking for new ways to protect their resources from harm, both internally and externally. Intrusion detection systems look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. New intrusion types, of which detection systems are unaware, are the most difficult to detect. The amount of available network audit data instances is usually large; human labeling is tedious, time-consuming, and expensive. The objective of this paper is to describe a fuzzy c-means and genetic algorithms and discuss its usage to detect intrusion in a computer network. We are using a Genetic Algorithms (GA) to select a subset of input features for clustering with a goal of increasing the detection rate and decreasing the false alarm rate in network intrusion detection. Fuzzy c-Means allow objects to belong to several clusters simultaneously, with different degrees of membership. Experiments were performed with DARPA data sets, which have information on computer networks, during normal behavior and intrusive behavior.
  • Default Image
    Item
    Integrating genetic algorithms and fuzzy c-means for anomaly detection
    (2005) Witcha Chimphlee; Abdul Hanan Abdullah; Mohd Moor Md Sap; Siriporn Chimphlee; Surat Srinoy; W. Chimphlee; Faculty of Science and Technology, Suan Dusit Rajabhat University, Dusit, Bangkok, 295 Rajasrima Road, Thailand; email: witcha_chi@dusit.ac.th
    The goal of intrusion detection is to discover unauthorized use of computer systems. New intrusion types, of which detection systems are unaware, are the most difficult to detect. The amount of available network audit data instances is usually large; human labeling is tedious, time-consuming, and expensive. Traditional anomaly detection algorithms require a set of purely normal data from which they train their model. In this paper we propose an intrusion detection method that combines Fuzzy Clustering and Genetic Algorithms. Clustering-based intrusion detection algorithm which trains on unlabeled data in order to detect new intrusions. Fuzzy c-Means allow objects to belong to several clusters simultaneously, with different degrees of membership. Genetic Algorithms (GA) to the problem of selection of optimized feature subsets to reduce the error caused by using land-selected features. Our method is able to detect many different types of intrusions, while maintaining a low false positive rate. We used data set from 1999 KDD intrusion detection contest. © 2005 IEEE.
  • Default Image
    Item
    Intrusion detection via independent component analysis based on rough fuzzy
    (2006) Surat Srinoy; Werasak Kurutach; Witcha Chimphlee; Siriporn Chimphlee; Santi Sounsri; S. Srinoy; Department of Computer Engineering, Mahanakorn University of Technology, Nongchok, Bangkok, 51 Chuemsumphun Road, Thailand; email: surat_sri@dusit.ac.th
    Independent component analysis (ICA) aims at extracting unknown hidden factors/components from multivariate data using only the assumption that unknown factors are mutually independent. In this paper we discuss an intrusion detection method that proposes independent component analysis based feature selection heuristics and using rough fuzzy for clustering data. Rough set has to decrease the amount of data and get rid of redundancy and Fuzzy methods allow objects to belong to several clusters simultaneously, with different degrees of membership. The experimental results on Knowledge Discovery and Data Mining-(KDDCup 1999) dataset.
  • Default Image
    Item
    To detect misuse and anomaly attacks through rule induction analysis and fuzzy methods
    (2006) Witcha Chimphlee; Abdul Hanan Abdullah; Mohd Noor Md. Sap; Siriporn Chimphlee; Surat Srinoy; W. Chimphlee; Faculty of Science and Technology, Suan Dusit Rajabhat University, Dusit, Bangkok, 295 Rajasrima Road, Thailand; email: witcha_chi@dusit.ac.th
    To protect networks, intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. In this paper we propose an intrusion detection method that combines rule induction analysis for misuse detection and Fuzzy c-means for anomaly detection. Rule induction is used to generate patterns from data and finding a set of rules that satisfy some predefined criteria. Fuzzy c-Means allow objects to belong to several clusters simultaneously, with different degrees of membership. Our method is an accurate model for handle complex attack patterns in large networks. Empirical studies using the network security data set from the DARPA 1998 offline intrusion detection project (KDD 1999 Cup) show the feasibility of misuse and anomaly detection results.
  • Default Image
    Item
    To identify suspicious activity in anomaly detection based on soft computing
    (2006) Witcha Chimphlee; Mohd Noor Md Sap; Abdul Hanan Abdullah; Siriporn Chimphlee; Surat Srinoy; W. Chimphlee; Faculty of Science and Technology, Suan Dusit Rajabhat University, Dusit, Bangkok, 295 Rajasrima Road, Thailand; email: witcha_chi@dusit.ac.th
    The Traditional intrusion detection systems (IDS) look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely "attack signature", resulting in false alarms. In this paper we propose an intrusion detection method that proposes rough set based feature selection heuristics and using fuzzy c-means for clustering data. Rough set has to decrease the amount of data and get rid of redundancy. Fuzzy Clustering methods allow objects to belong to several clusters simultaneously, with different degrees of membership. Our approach allows us to recognize not only known attacks but also to increase accuracy detection rate for suspicious activity and signature detection. Empirical studies using the network security data set from the DARPA 1998 offline intrusion detection project (KDD 1999 Cup) show the feasibility of misuse and anomaly detection results.