SlideShare una empresa de Scribd logo

Adaptive Intrusion Detection Using Learning Classifiers

Descargar como PPSX, PDF
Patrick Nicolas
Patrick Nicolas

The document discusses using learning classifiers and genetic algorithms to implement an adaptive intrusion detection system. Traditional data mining techniques are limited in their ability to adapt to changing environments, but learning classifiers systems combine genetic algorithms and reinforcement learning to discover and evolve security policies and rules from real-time data. The rules are represented as genes and evolved over time through processes of crossover, mutation, and selection to accurately identify threats.

TecnologíaEducación
1 de 24
Adaptive Intrusion Detection Using Learning Classifiers Patrick Nicolas June 21, 2013 patricknicolas.blogspot.com www.slideshare.net/pnicolas github.com/prnicolas
Introduction 2 The objective of this presentation is to review the different method to implement an adaptive intrusion detection (IDS) solution. The second part of the presentation dives into learning classifiers class of algorithms to detect, evaluate and act upon a security breach or cyber attack. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Data Mining Techniques Learning Classifiers Systems
Context 4 The effectiveness of an intrusion detection system depends on its adaptability to ● Ever changing IT environment ● Evolving internal policies & regulations ● Agile organization & mobile workforce Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Data Mining: Overview Data mining is becoming a popular method to extract knowledge from historical data. However, traditional data mining techniques fail to capture the evolutionary nature of an organization, its process, rules and IT infrastructure. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 5
Data Mining: Clustering Unsupervised learning methods such as clustering or spectral analysis have drawbacks: ● ● ● ● Poor classification of mix variable types No descriptive representation Limited leverage of the domain expertise High computational cost to update models Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 6
Data Mining: Supervised Learning Supervised learning methods can be effective ona large set of historical data but have the following limitations: ● Need for large training set to alleviate data over-fitting ● No descriptive representation ● Limited role for domain expert Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 7
Data Mining Techniques Learning Classifiers Systems
An evolutionary approach 9 1. An intrusion detection solution should learn from its suggestions through a process borrowed from human behavior: rewardbased learning 1. It should evolve with the monitors: Darwinian process Patrick Nicolas © 2013 http://patricknicolas.blogspot.com system https://github.com/prnicolas it
Rule-based Learners 10 A class of algorithms known as learning classifiers (LCS) or extended learning classifiers (XCS) combines genetic algorithm and reinforcement learning to discover, evolve security policies and rules from real-time data. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
LCS/XCS Benefits 11 ● Rule-based representation allows security experts to monitor evolving knowledge ● Learn from each security event, making very well suited for streamed data ● Support various seeds schema such as initial rules set, training set and clustering. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Security rules 12 Security rules are used to represent the knowledge of a security expert. IFnum. outbounds ftp sessions >5 THENcost+2(source: KDD Cup Dataset 1999) Those rules are chained to support reasoning about a sequence of events in a data center. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Rules Set Evolution 13 The rules set needs to adapt constantly to the ever changing environment & objectives. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Rule Encoding 14 In order to evolve, rules are represented as genes in Genetic Algorithm. A gene is implemented at a binary vector structure for which the state or condition of the rule is expressed as op(x, value) (i.e. x > value) IF op(x, value) THEN f(cost) is translated 010 1000101 0101101110 01101110100101010 op x values cost or action Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Rules Chains & Chromosomes As with any rules-based inference engine, encoded rules can be chained by aggregating binary representations: IF op1(x1, v1) AND op2(x2, v2)THEN f(cost) 001 010 1000101 01011110 010 100101 0101101110 01101110100101010 && op1 x1 v1 op2 x2 v2 cost or action In terms of evolutionary algorithm, the firing of multiple rules is represented as a sequence of genes or chromosomes Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 15
Rules Evolutionary Process The rules set evolves through the genetic recombination of rules using cross-over, mutation and transposition operations. Parent rules Offspring rules 0101101011101110101010111010100111 0101101011101110101010111010100111 1101010101110101001101010110101110 1101010101110110100111010110101110 1 Cross-over operation 0101101011101110101010111010100111 0101101011101110101010101010100011 Mutation operation 0101101011101110101010111010100111 0101101011101110101010101010100011 Transposition operation Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 16
Rules Fitness 17 Rules are selected according to their fitness before being ‘mated’ and mutated. The fitness of a rule represents its contribution to a detection or prevention of an intrusion. The rules which are repeatedly invoked, have the highest fitness values and thrive overtime. Other rules become slowly irrelevant. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Overview Genetic Algorithm The rules set is constantly updated by the Genetic Algorithm to guarantee that it identifies intrusion correctly. Initial rules set Encoding Initial chromosomes Fitness Selection Cross-over Mutation New rules set Decoding New chromosomes Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 18
Rule Fitness & Reward The fitness criteria of one or multiple rules has to be updated according to the state of the Infrastructure, organization & policies. The fitness function is updated to provide the best possible reward (or credit) to the rules that contribute to the detection of an intrusion. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 19
Reinforcement Learning Reinforcement learning techniques are widely used in robotics. In the context of IDS, it rewards (or punishes) rules for their contribution (or lack of) in identifying threats taking into account changes in the organization, external accesses and IT infrastructure. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 20
Evolutionary Security Rules Genetic 7 Evolution Algorithm 6 3 Reward Update Fitness New rule 5 State 21 Rules Matching Real-time data Threats monitor IDS 2 Threat predictor 4 1 Threat level Data Center Cloud 1. Process new data/eventfrom the system 2. Find the security related rule(s) which condition matches the event 3. Create a new rule if none match (Covering) 4. Fire the fittest rules with the highest predicted outcome. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Evolutionary Security Rules Genetic 7 Evolution Algorithm 6 3 Reward Update Fitness New rule 5 State 22 Rules Matching Real-time data Threats monitor IDS 2 Threat predictor 4 1 Threat level Data Center Cloud 5. Process new state on system 6. Reward contributing/matching rules by updating the rule fitness 7. Genetic algorithm update the existing population of security rules through reproduction and mutation of rules. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
Conclusion 23 By combining evolutionary algorithms with reinforcement learning, rule-based learners such as learning classifiers systems allow security policies and constraintsto adapt to any change in environment or data center andthereforestay a step ahead of ever changing threats. Patrick Nicolas © 2003 http://patricknicolas.blogspot.com https://github.com/prnicolas
References 24 ● Genetic Programming: On the Programming of Computers by Means of Natural Selection - j. Koza ● Reinforcement Learning: An Introduction to Adaptive Computation and Machine Learning - R. Sutton, A. Barto ● Learning Classifiers Systems in L. Bull, E. Bernado-Mansilla, J. Holms Data Mining ● Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers G. Ateniese, G. Felici, L. Mancini, D. Vitali, A. Spognardi ● Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers D. Damopoulos, S. Menesidou, G. Kambourakis, M Papadaki, N. Clarke ● http://patricknicolas.blogspot.com Patrick Nicolas © 2003 http://patricknicolas.blogspot.com https://github.com/prnicolas

Recomendados

Data Modeling using Symbolic Regression
Data Modeling using Symbolic RegressionData Modeling using Symbolic Regression
Data Modeling using Symbolic RegressionPatrick Nicolas
 
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosObtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosElasticsearch
 
Operar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaOperar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaElasticsearch
 
Sophisticated Security - Naïve Bayesian Algorithms by Tim Shelton
Sophisticated Security - Naïve Bayesian Algorithms by Tim SheltonSophisticated Security - Naïve Bayesian Algorithms by Tim Shelton
Sophisticated Security - Naïve Bayesian Algorithms by Tim SheltonClear Technologies
 
Privacy-Preserving Data Analysis, Adria Gascon
Privacy-Preserving Data Analysis, Adria GasconPrivacy-Preserving Data Analysis, Adria Gascon
Privacy-Preserving Data Analysis, Adria GasconUlrik Lyngs
 
DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)Spencer Henderson
 
DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)Jonathan Holman
 
Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Ram Shankar Siva Kumar
 

Recomendados

Data Modeling using Symbolic Regression
Data Modeling using Symbolic RegressionData Modeling using Symbolic Regression
Data Modeling using Symbolic RegressionPatrick Nicolas
 
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosObtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosElasticsearch
 
Operar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaOperar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaElasticsearch
 
Sophisticated Security - Naïve Bayesian Algorithms by Tim Shelton
Sophisticated Security - Naïve Bayesian Algorithms by Tim SheltonSophisticated Security - Naïve Bayesian Algorithms by Tim Shelton
Sophisticated Security - Naïve Bayesian Algorithms by Tim SheltonClear Technologies
 
Privacy-Preserving Data Analysis, Adria Gascon
Privacy-Preserving Data Analysis, Adria GasconPrivacy-Preserving Data Analysis, Adria Gascon
Privacy-Preserving Data Analysis, Adria GasconUlrik Lyngs
 
DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)Spencer Henderson
 
DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)DSP-MSSMDR-DataSheet_Final (1)
DSP-MSSMDR-DataSheet_Final (1)Jonathan Holman
 
Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Ram Shankar Siva Kumar
 
Neural networks, naïve bayes and decision tree machine learning
Neural networks, naïve bayes and decision tree machine learningNeural networks, naïve bayes and decision tree machine learning
Neural networks, naïve bayes and decision tree machine learningFrancisco E. Figueroa-Nigaglioni
 
C3602021025
C3602021025C3602021025
C3602021025ijceronline
 
There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?Nane Kratzke
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Denny Lee
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosElasticsearch
 
bbbPaper
bbbPaperbbbPaper
bbbPaperLodewijk Brand
 
Advanced Functional Programming in Scala
Advanced Functional Programming in ScalaAdvanced Functional Programming in Scala
Advanced Functional Programming in ScalaPatrick Nicolas
 
Monadic genetic kernels in Scala
Monadic genetic kernels in ScalaMonadic genetic kernels in Scala
Monadic genetic kernels in ScalaPatrick Nicolas
 
powerpoint feb
powerpoint febpowerpoint feb
powerpoint febimu409
 
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big DataPradeeban Kathiravelu, Ph.D.
 
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...Pradeeban Kathiravelu, Ph.D.
 
machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...Armando Vieira
 
Data Stream Outlier Detection Algorithm
Data Stream Outlier Detection Algorithm Data Stream Outlier Detection Algorithm
Data Stream Outlier Detection Algorithm Hamza Aslam
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Ids presentation
Ids presentationIds presentation
Ids presentationSolmaz Salehian
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML ConferenceDB Tsai
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Scala for Machine Learning
Scala for Machine LearningScala for Machine Learning
Scala for Machine LearningPatrick Nicolas
 
Efficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data SetsEfficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data SetsPradeeban Kathiravelu, Ph.D.
 

Más contenido relacionado

La actualidad más candente

Neural networks, naïve bayes and decision tree machine learning
Neural networks, naïve bayes and decision tree machine learningNeural networks, naïve bayes and decision tree machine learning
Neural networks, naïve bayes and decision tree machine learningFrancisco E. Figueroa-Nigaglioni
 
There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?Nane Kratzke
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Denny Lee
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosElasticsearch
 

La actualidad más candente (8)

Neural networks, naïve bayes and decision tree machine learning
Neural networks, naïve bayes and decision tree machine learningNeural networks, naïve bayes and decision tree machine learning
Neural networks, naïve bayes and decision tree machine learning
 
C3602021025
C3602021025C3602021025
C3602021025
 
There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profit
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
 
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivos
 
bbbPaper
bbbPaperbbbPaper
bbbPaper
 

Destacado

Advanced Functional Programming in Scala
Advanced Functional Programming in ScalaAdvanced Functional Programming in Scala
Advanced Functional Programming in ScalaPatrick Nicolas
 
Monadic genetic kernels in Scala
Monadic genetic kernels in ScalaMonadic genetic kernels in Scala
Monadic genetic kernels in ScalaPatrick Nicolas
 
powerpoint feb
powerpoint febpowerpoint feb
powerpoint febimu409
 
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big DataPradeeban Kathiravelu, Ph.D.
 
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...Pradeeban Kathiravelu, Ph.D.
 
machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...Armando Vieira
 
Data Stream Outlier Detection Algorithm
Data Stream Outlier Detection Algorithm Data Stream Outlier Detection Algorithm
Data Stream Outlier Detection Algorithm Hamza Aslam
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML ConferenceDB Tsai
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Scala for Machine Learning
Scala for Machine LearningScala for Machine Learning
Scala for Machine LearningPatrick Nicolas
 
Efficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data SetsEfficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data SetsPradeeban Kathiravelu, Ph.D.
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique Sujeet Suryawanshi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Lambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, Scala
Lambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, ScalaLambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, Scala
Lambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, ScalaHelena Edelson
 
Stock Market Prediction using Hidden Markov Models and Investor sentiment
Stock Market Prediction using Hidden Markov Models and Investor sentimentStock Market Prediction using Hidden Markov Models and Investor sentiment
Stock Market Prediction using Hidden Markov Models and Investor sentimentPatrick Nicolas
 

Destacado (20)

Advanced Functional Programming in Scala
Advanced Functional Programming in ScalaAdvanced Functional Programming in Scala
Advanced Functional Programming in Scala
 
Monadic genetic kernels in Scala
Monadic genetic kernels in ScalaMonadic genetic kernels in Scala
Monadic genetic kernels in Scala
 
powerpoint feb
powerpoint febpowerpoint feb
powerpoint feb
 
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
∂u∂u Multi-Tenanted Framework: Distributed Near Duplicate Detection for Big Data
 
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
ViTeNA: An SDN-Based Virtual Network Embedding Algorithm for Multi-Tenant Dat...
 
machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...machine learning in the age of big data: new approaches and business applicat...
machine learning in the age of big data: new approaches and business applicat...
 
Data Stream Outlier Detection Algorithm
Data Stream Outlier Detection Algorithm Data Stream Outlier Detection Algorithm
Data Stream Outlier Detection Algorithm
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
 
Ids presentation
Ids presentationIds presentation
Ids presentation
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data Mining
 
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
2015 01-17 Lambda Architecture with Apache Spark, NextML Conference
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Scala for Machine Learning
Scala for Machine LearningScala for Machine Learning
Scala for Machine Learning
 
Efficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data SetsEfficient Duplicate Detection Over Massive Data Sets
Efficient Duplicate Detection Over Massive Data Sets
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Lambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, Scala
Lambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, ScalaLambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, Scala
Lambda Architecture with Spark Streaming, Kafka, Cassandra, Akka, Scala
 
Stock Market Prediction using Hidden Markov Models and Investor sentiment
Stock Market Prediction using Hidden Markov Models and Investor sentimentStock Market Prediction using Hidden Markov Models and Investor sentiment
Stock Market Prediction using Hidden Markov Models and Investor sentiment
 

Similar a Adaptive Intrusion Detection Using Learning Classifiers

Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Enforcing Corporate Security Policies via Computational Intelligence Techniques
Enforcing Corporate Security Policies via Computational Intelligence TechniquesEnforcing Corporate Security Policies via Computational Intelligence Techniques
Enforcing Corporate Security Policies via Computational Intelligence TechniquesJuan J. Merelo
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Finding Emerging Topics Using Chaos and Community Detection in Social Media G...
Finding Emerging Topics Using Chaos and Community Detection in Social Media G...Finding Emerging Topics Using Chaos and Community Detection in Social Media G...
Finding Emerging Topics Using Chaos and Community Detection in Social Media G...Paragon_Science_Inc
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital SecurityShawn Wells
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 
Dawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton RavindranDawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton RavindranGSTF
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best FriendEmilyGladstoneCole
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickMichael Man
 
Penetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfPenetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfHimalaya raj Sinha
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12Mustafa Jarrar
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
 
Research of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortResearch of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortFrancis Yang
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 

Similar a Adaptive Intrusion Detection Using Learning Classifiers (20)

Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Enforcing Corporate Security Policies via Computational Intelligence Techniques
Enforcing Corporate Security Policies via Computational Intelligence TechniquesEnforcing Corporate Security Policies via Computational Intelligence Techniques
Enforcing Corporate Security Policies via Computational Intelligence Techniques
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Finding Emerging Topics Using Chaos and Community Detection in Social Media G...
Finding Emerging Topics Using Chaos and Community Detection in Social Media G...Finding Emerging Topics Using Chaos and Community Detection in Social Media G...
Finding Emerging Topics Using Chaos and Community Detection in Social Media G...
 
2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security2017-07-12 GovLoop: New Era of Digital Security
2017-07-12 GovLoop: New Era of Digital Security
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
 
Dawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton RavindranDawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton Ravindran
 
BLOCKHUNTER.pptx
BLOCKHUNTER.pptxBLOCKHUNTER.pptx
BLOCKHUNTER.pptx
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security Brick
 
Penetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfPenetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdf
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
 
Research of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on SnortResearch of Intrusion Preventio System based on Snort
Research of Intrusion Preventio System based on Snort
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of building
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 

Más de Patrick Nicolas

Autonomous medical coding with discriminative transformers
Autonomous medical coding with discriminative transformersAutonomous medical coding with discriminative transformers
Autonomous medical coding with discriminative transformersPatrick Nicolas
 
Open Source Lambda Architecture for deep learning
Open Source Lambda Architecture for deep learningOpen Source Lambda Architecture for deep learning
Open Source Lambda Architecture for deep learningPatrick Nicolas
 
AI for electronic health records
AI for electronic health recordsAI for electronic health records
AI for electronic health recordsPatrick Nicolas
 
Semantic Analysis using Wikipedia Taxonomy
Semantic Analysis using Wikipedia TaxonomySemantic Analysis using Wikipedia Taxonomy
Semantic Analysis using Wikipedia TaxonomyPatrick Nicolas
 
Taxonomy-based Contextual Ads Targeting
Taxonomy-based Contextual Ads TargetingTaxonomy-based Contextual Ads Targeting
Taxonomy-based Contextual Ads TargetingPatrick Nicolas
 
Multi-tenancy in Private Clouds
Multi-tenancy in Private CloudsMulti-tenancy in Private Clouds
Multi-tenancy in Private CloudsPatrick Nicolas
 

Más de Patrick Nicolas (7)

Autonomous medical coding with discriminative transformers
Autonomous medical coding with discriminative transformersAutonomous medical coding with discriminative transformers
Autonomous medical coding with discriminative transformers
 
Open Source Lambda Architecture for deep learning
Open Source Lambda Architecture for deep learningOpen Source Lambda Architecture for deep learning
Open Source Lambda Architecture for deep learning
 
AI for electronic health records
AI for electronic health recordsAI for electronic health records
AI for electronic health records
 
Semantic Analysis using Wikipedia Taxonomy
Semantic Analysis using Wikipedia TaxonomySemantic Analysis using Wikipedia Taxonomy
Semantic Analysis using Wikipedia Taxonomy
 
Hadoop Ecosystem
Hadoop EcosystemHadoop Ecosystem
Hadoop Ecosystem
 
Taxonomy-based Contextual Ads Targeting
Taxonomy-based Contextual Ads TargetingTaxonomy-based Contextual Ads Targeting
Taxonomy-based Contextual Ads Targeting
 
Multi-tenancy in Private Clouds
Multi-tenancy in Private CloudsMulti-tenancy in Private Clouds
Multi-tenancy in Private Clouds
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Adaptive Intrusion Detection Using Learning Classifiers

  • 1. Adaptive Intrusion Detection Using Learning Classifiers Patrick Nicolas June 21, 2013 patricknicolas.blogspot.com www.slideshare.net/pnicolas github.com/prnicolas
  • 2. Introduction 2 The objective of this presentation is to review the different method to implement an adaptive intrusion detection (IDS) solution. The second part of the presentation dives into learning classifiers class of algorithms to detect, evaluate and act upon a security breach or cyber attack. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 3. Data Mining Techniques Learning Classifiers Systems
  • 4. Context 4 The effectiveness of an intrusion detection system depends on its adaptability to ● Ever changing IT environment ● Evolving internal policies & regulations ● Agile organization & mobile workforce Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 5. Data Mining: Overview Data mining is becoming a popular method to extract knowledge from historical data. However, traditional data mining techniques fail to capture the evolutionary nature of an organization, its process, rules and IT infrastructure. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 5
  • 6. Data Mining: Clustering Unsupervised learning methods such as clustering or spectral analysis have drawbacks: ● ● ● ● Poor classification of mix variable types No descriptive representation Limited leverage of the domain expertise High computational cost to update models Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 6
  • 7. Data Mining: Supervised Learning Supervised learning methods can be effective ona large set of historical data but have the following limitations: ● Need for large training set to alleviate data over-fitting ● No descriptive representation ● Limited role for domain expert Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 7
  • 8. Data Mining Techniques Learning Classifiers Systems
  • 9. An evolutionary approach 9 1. An intrusion detection solution should learn from its suggestions through a process borrowed from human behavior: rewardbased learning 1. It should evolve with the monitors: Darwinian process Patrick Nicolas © 2013 http://patricknicolas.blogspot.com system https://github.com/prnicolas it
  • 10. Rule-based Learners 10 A class of algorithms known as learning classifiers (LCS) or extended learning classifiers (XCS) combines genetic algorithm and reinforcement learning to discover, evolve security policies and rules from real-time data. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 11. LCS/XCS Benefits 11 ● Rule-based representation allows security experts to monitor evolving knowledge ● Learn from each security event, making very well suited for streamed data ● Support various seeds schema such as initial rules set, training set and clustering. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 12. Security rules 12 Security rules are used to represent the knowledge of a security expert. IFnum. outbounds ftp sessions >5 THENcost+2(source: KDD Cup Dataset 1999) Those rules are chained to support reasoning about a sequence of events in a data center. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 13. Rules Set Evolution 13 The rules set needs to adapt constantly to the ever changing environment & objectives. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 14. Rule Encoding 14 In order to evolve, rules are represented as genes in Genetic Algorithm. A gene is implemented at a binary vector structure for which the state or condition of the rule is expressed as op(x, value) (i.e. x > value) IF op(x, value) THEN f(cost) is translated 010 1000101 0101101110 01101110100101010 op x values cost or action Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 15. Rules Chains & Chromosomes As with any rules-based inference engine, encoded rules can be chained by aggregating binary representations: IF op1(x1, v1) AND op2(x2, v2)THEN f(cost) 001 010 1000101 01011110 010 100101 0101101110 01101110100101010 && op1 x1 v1 op2 x2 v2 cost or action In terms of evolutionary algorithm, the firing of multiple rules is represented as a sequence of genes or chromosomes Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 15
  • 16. Rules Evolutionary Process The rules set evolves through the genetic recombination of rules using cross-over, mutation and transposition operations. Parent rules Offspring rules 0101101011101110101010111010100111 0101101011101110101010111010100111 1101010101110101001101010110101110 1101010101110110100111010110101110 1 Cross-over operation 0101101011101110101010111010100111 0101101011101110101010101010100011 Mutation operation 0101101011101110101010111010100111 0101101011101110101010101010100011 Transposition operation Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 16
  • 17. Rules Fitness 17 Rules are selected according to their fitness before being ‘mated’ and mutated. The fitness of a rule represents its contribution to a detection or prevention of an intrusion. The rules which are repeatedly invoked, have the highest fitness values and thrive overtime. Other rules become slowly irrelevant. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 18. Overview Genetic Algorithm The rules set is constantly updated by the Genetic Algorithm to guarantee that it identifies intrusion correctly. Initial rules set Encoding Initial chromosomes Fitness Selection Cross-over Mutation New rules set Decoding New chromosomes Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 18
  • 19. Rule Fitness & Reward The fitness criteria of one or multiple rules has to be updated according to the state of the Infrastructure, organization & policies. The fitness function is updated to provide the best possible reward (or credit) to the rules that contribute to the detection of an intrusion. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 19
  • 20. Reinforcement Learning Reinforcement learning techniques are widely used in robotics. In the context of IDS, it rewards (or punishes) rules for their contribution (or lack of) in identifying threats taking into account changes in the organization, external accesses and IT infrastructure. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas 20
  • 21. Evolutionary Security Rules Genetic 7 Evolution Algorithm 6 3 Reward Update Fitness New rule 5 State 21 Rules Matching Real-time data Threats monitor IDS 2 Threat predictor 4 1 Threat level Data Center Cloud 1. Process new data/eventfrom the system 2. Find the security related rule(s) which condition matches the event 3. Create a new rule if none match (Covering) 4. Fire the fittest rules with the highest predicted outcome. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 22. Evolutionary Security Rules Genetic 7 Evolution Algorithm 6 3 Reward Update Fitness New rule 5 State 22 Rules Matching Real-time data Threats monitor IDS 2 Threat predictor 4 1 Threat level Data Center Cloud 5. Process new state on system 6. Reward contributing/matching rules by updating the rule fitness 7. Genetic algorithm update the existing population of security rules through reproduction and mutation of rules. Patrick Nicolas © 2013 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 23. Conclusion 23 By combining evolutionary algorithms with reinforcement learning, rule-based learners such as learning classifiers systems allow security policies and constraintsto adapt to any change in environment or data center andthereforestay a step ahead of ever changing threats. Patrick Nicolas © 2003 http://patricknicolas.blogspot.com https://github.com/prnicolas
  • 24. References 24 ● Genetic Programming: On the Programming of Computers by Means of Natural Selection - j. Koza ● Reinforcement Learning: An Introduction to Adaptive Computation and Machine Learning - R. Sutton, A. Barto ● Learning Classifiers Systems in L. Bull, E. Bernado-Mansilla, J. Holms Data Mining ● Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers G. Ateniese, G. Felici, L. Mancini, D. Vitali, A. Spognardi ● Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers D. Damopoulos, S. Menesidou, G. Kambourakis, M Papadaki, N. Clarke ● http://patricknicolas.blogspot.com Patrick Nicolas © 2003 http://patricknicolas.blogspot.com https://github.com/prnicolas