Mehdi Abadi; Sa'eed Jalili
Abstract
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by ...
Read More
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. Then, in the detection phase, any traffic that does not match with the known intrusion signatures and deviates from the established normal profile is detected as a novel intrusion. Using an inductive learning method, the signature of this novel intrusion is generated and the signature database is automatically updated. We evaluate our approach by performing experiments on the dataset provided by the DARPA Intrusion Detection Evaluation Program. The results of experiments show that our proposed approach can be successfully used for automatic generation of novel intrusion signatures.
Sa'eed Jalili; Ali Akbar Sadri
Abstract
Nowadays, the automated text classification has witnessed special importance due to the increasing availability of documents in digital form and ensuing need to organize them. Although this problem is in the Information Retrieval (IR) field, the dominant approach is based on machine learning techniques. ...
Read More
Nowadays, the automated text classification has witnessed special importance due to the increasing availability of documents in digital form and ensuing need to organize them. Although this problem is in the Information Retrieval (IR) field, the dominant approach is based on machine learning techniques. Approaches based on classifier committees have shown a better performance than the others. In this research, in addition to study text classification techniques and classification committees, two ideas in this field are proposed.
The first idea, is proposed based on Bagging committees. According to this idea, first, a training set by one of clustering techniques automatically is divided into several clusters based on class similarity (or dissimilarity). So for documents of every cluster, a classifier is trained and put in the committee as a member. In this approach the members of committee are created by the same technique. In our experiments for this idea, Naïve Bayesian, Rocchio and SVM learning techniques are used.
In the second idea, the creation of two layered committee is discussed. Based on this idea, one committee can be created that its members are itself a committee. Members of subcommittees are creating based on the first idea. This idea is based on the fact that if Naïve Bayesian committee acts better than Naïve Bayesian classifier and so, a committee out of these committees will improve the performance of classification.
Evaluation of the first idea showed that the improvement in performance based on precision and recall in Naïve Bayesian committee is exceeded the other committees (respectively 12 and 5.1 percent). Evaluation of the second idea showed that the improvement in performance in the second type of committee (based on the second idea) is more than that in the first type of committee (based on the first idea). Most improvement of performance in the second type of committee is referred to the Rocchio’s committee (based on precision and recall 3.8 and 18.8 percent, respectively).