Ambareen Siraj

Fuzzy cognitive maps for decision support in an intelligent intrusion detection system

The health of a computer network needs to be assessed and protected in much the same manner as the health of a person. The task of an intrusion detection system is to protect a computer system by detecting and diagnosing attempted breaches of the integrity of the system. A robust intrusion detection system for a computer network will necessarily use multiple sensors, each providing different types of information about some aspect of the monitored system. In addition, the sensor data will often be analyzed in several different ways. We describe a decision engine for an intelligent intrusion detection system that fuses information from different intrusion detection modules using a causal knowledge based inference technique. Fuzzy cognitive maps (FCMs) and fuzzy rule-bases are used for the causal knowledge acquisition and to support the causal knowledge reasoning process.

Intrusion sensor data fusion in an intelligent intrusion detection system architecture

Most modern intrusion detection systems employ multiple intrusion sensors to maximize their trustworthiness. The overall security view of the multi-sensor intrusion detection system can serve as an aid to appraise the trustworthiness in the system. This paper presents our research effort in that direction by describing a decision engine for an intelligent intrusion detection system (IIDS) that fuses information from different intrusion detection sensors using an artificial intelligence technique. The decision engine uses fuzzy cognitive maps (FCMs) and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process. In this paper, we report on the workings of the decision engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research (CCSR), Mississippi State University.

Multi-level alert clustering for intrusion detection sensor data

Alert fusion is a promising research area in information assurance today. To increase trustworthiness in systems, most modern information systems deployed in distributed environments employ multiple, diverse sensors that monitor security violations throughout the network. The outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion essentially combines alert prioritization, alert clustering and alert correlation. In this paper, we address the alert clustering aspect of sensor data fusion in an intrusion detection environment. A causal knowledge based inference technique with fuzzy cognitive modeling is used to cluster alerts by discovering structural relationships in sensor data.

Smart grid energy fraud detection using artificial neural networks

Energy fraud detection is a critical aspect of smart grid security and privacy preservation. Machine learning and data mining have been widely used by researchers for extensive intelligent analysis of data to recognize normal patterns of behavior such that deviations can be detected as anomalies. This paper discusses a novel application of a machine learning technique for examining the energy consumption data to report energy fraud using artificial neural networks and smart meter fine-grained data. Our approach achieves a higher energy fraud detection rate than similar works in this field. The proposed technique successfully identifies diverse forms of fraudulent activities resulting from unauthorized energy usage.

Clustering of smart meter data for disaggregation

This research addresses privacy concerns in smart meter data. Smart meter data is analyzed for learning normal consumer usage of electricity. Clustering technique such as Fuzzy C-Means is used to disaggregate and learn energy consumption patterns in smart meter data. Results of experimentation with real world meter data demonstrate that it is realistically possible to profile the electricity consumption behavior of consumers analyzing their usage captured by smart meters.

Empowering faculty to embed security topics into computer science courses

Security illiteracy is a very common problem among Computer Science (CS) graduates entering the nations digital workforce, which has contributed to a national cyber-infrastructure that could and should be more resilient to cyber-enemies than it is now. The Security Knitting Kit (SecKnitKit) project aims to improve security awareness, knowledge, and interest of undergraduate CS students by exposing them to computer security concepts and issues in their regular course of study. The project is developing, deploying, and disseminating a multi-faceted out-of-the-box instructional support system to empower non-security faculty. These are faculty who have no experience in teaching security but recognize the importance of security in todays world and want to broaden their teaching repertoire. This project enables them to weave relevant security topics traditional computer science courses seamlessly and effectively. The project is organized by the CS department at Tennessee Tech University (TTU) and supported by the National Science Foundation under grant DUE-1140864.

Decision Tree Learning for Fraud Detection in Consumer Energy Consumption

The electrical grid is transitioning to new smart grid technology. With smart meters becoming an essential feature in smart homes, concerns regarding smart meters and the vast amount of consumer data that it captures are on the rise. While access to this fine-grained energy consumption data captured by smart meters can potentially violate consumer privacy, advanced analysis of this data can help to protect the interest of both the consumer and the utility company by enabling fraud detection at either end. The use of machine learning techniques has been a very common approach to energy fraud detection. Patterns in energy consumption can be recognized and used to detect anomalous behavior. This research reports on a novel application of decision tree learning technique to profile normal energy consumption behavior allowing for the detection of potentially fraudulent activity.

Weaving a tapestry: creating a satellite workshop to support HS CS teachers in attracting and engaging students

In this paper, we describe the Tennessee Technological University (TTU) Tapestry Workshop for high school (HS) teachers. The Tapestry Workshop initiative - a collaborative partnership between TTU, the University of Virginia (UVA) and HS teachers - shares strategies, practices, and innovative ideas for teaching Computer Science (CS) effectively. This three-day professional development workshop utilized informational, technical, networking, activity-, and discussion-oriented sessions geared towards attracting and engaging a diverse body of CS students. The workshop was a worthwhile professional development activity for both the organizers and attendees and contributed to the initiation of a local HS CS program.

Integrating security in the computer science curriculum

With increased focus on the global computing infrastructures vulnerability to cyber-attacks - the time is right for security integration across the computer science curriculum to contribute to a cyber-ready workforce. The challenges to integrating security into computer science (CS) curriculum are significant---lack of faculty to teach security, a dearth of effective teaching resources, and little room to spare in CS curriculum. This article describes an initiative that aims to develop faculty expertise in cybersecurity, provide a library of resources for security education, and build a community of CS educators to prepare computing graduates to meet current and future cybersecurity challenges.

Integrity Based Intrusion Detection System for Enterprise and Cloud Environments

Virtualization enables the disconnect between software and hardware allowing multiple operating systems to safely execute simultaneously on a single machine. This creates many benefits including server consolidation, fault tolerance, and intrusion isolation. Although each virtual machine (VM) is isolated, an intrusion may give attackers access to sensitive information located on shared storage. A kernel-level root kit may be used to obtain continuous privileged access to the compromised VM due to its escalated privilege level and the detection difficulty. This paper presents the design and evaluation of the virtual system-level lightweight integrity monitor (vSLIM). vSLIM is an intrusion detection system (IDS) capable of detecting kernel-level root kits and adapting to updating kernels. Our evaluation shows that vSLIM detects many known root kits with minimal overhead.