Anazida Zainal

Feature Selection Using Rough Set in Intrusion Detection

Most of existing intrusion detection systems use all data features to detect an intrusion. Very little works address the importance of having a small feature subset in designing an efficient intrusion detection system. Some features are redundant and some contribute little to the intrusion detection process. The purpose of this study is to investigate the effectiveness of rough set theory in identifying important features in building an intrusion detection system. Rough set was also used to classify the data. Here, we used KDD Cup 99 data. Empirical results indicate that rough set is comparable to other feature selection techniques deployed by few other researchers

Feature selection using rough-DPSO in anomaly intrusion detection

Most of the existing IDS use all the features in network packet to evaluate and look for known intrusive patterns. Some of these features are irrelevant and redundant. The drawback to this approach is a lengthy detection process. In real-time environment this may degrade the performance of an IDS. Thus, feature selection is required to address this issue. In this paper, we use wrapper approach where we integrate Rough Set and Particle Swarm to form a 2-tier structure of feature selection process. Experimental results show that feature subset proposed by Rough-DPSO gives better representation of data and they are robust.

Advancements of data anomaly detection research in wireless sensor networks: a survey and open issues.

Wireless Sensor Networks (WSNs) are important and necessary platforms for the future as the concept “Internet of Things” has emerged lately. They are used for monitoring, tracking, or controlling of many applications in industry, health care, habitat, and military. However, the quality of data collected by sensor nodes is affected by anomalies that occur due to various reasons, such as node failures, reading errors, unusual events, and malicious attacks. Therefore, anomaly detection is a necessary process to ensure the quality of sensor data before it is utilized for making decisions. In this review, we present the challenges of anomaly detection in WSNs and state the requirements to design efficient and effective anomaly detection models. We then review the latest advancements of data anomaly detection research in WSNs and classify current detection approaches in five main classes based on the detection methods used to design these approaches. Varieties of the state-of-the-art models for each class are covered and their limitations are highlighted to provide ideas for potential future works. Furthermore, the reviewed approaches are compared and evaluated based on how well they meet the stated requirements. Finally, the general limitations of current approaches are mentioned and further research opportunities are suggested and discussed.

Fraud detection system

The increment of computer technology use and the continued growth of companies have enabled most financial transactions to be performed through the electronic commerce systems, such as using the credit card system, telecommunication system, healthcare insurance system, etc. Unfortunately, these systems are used by both legitimate users and fraudsters. In addition, fraudsters utilized different approaches to breach the electronic commerce systems. Fraud prevention systems (FPSs) are insufficient to provide adequate security to the electronic commerce systems. However, the collaboration of FDSs with FPSs might be effective to secure electronic commerce systems. Nevertheless, there are issues and challenges that hinder the performance of FDSs, such as concept drift, supports real time detection, skewed distribution, large amount of data etc. This survey paper aims to provide a systematic and comprehensive overview of these issues and challenges that obstruct the performance of FDSs. We have selected five electronic commerce systems; which are credit card, telecommunication, healthcare insurance, automobile insurance and online auction. The prevalent fraud types in those E-commerce systems are introduced closely. Further, state-of-the-art FDSs approaches in selected E-commerce systems are systematically introduced. Then a brief discussion on potential research trends in the near future and conclusion are presented.

An adaptive and efficient dimension reduction model for multivariate wireless sensor networks applications

Wireless sensor networks (WSNs) applications are growing rapidly in various fields such as environmental monitoring, health care management, and industry control. However, WSNs are characterized by constrained resources especially; energy which shortens their lifespan. One of the most important factors that cause a rapid drain of energy is radio communication of multivariate data between nodes and base station. Besides, the dynamic changes of environmental variables pose a need for an adaptive solution that cope with these changes over the time. In this paper, a new adaptive and efficient dimension reduction model (APCADR) is proposed for hierarchical sensor networks based on the candid covariance-free incremental PCA (CCIPCA). The performance of the model is evaluated using three real sensor networks datasets collected at Intel Berkeley Research Lab (IBRL), Great St. Bernard (GSB) area, and Lausanne Urban Canopy Experiments (LUCE). Experimental results show 33.33% and 50% reduction of multivariate data in dynamic and static environments, respectively. Results also show that 97-99% of original data is successfully approximated at cluster heads in both environment types. A comparison with the multivariate linear regression model (MLR) and simple linear regression model (SLR) shows the advantage of the proposed model in terms of efficiency, approximation accuracy, and adaptability with dynamic environmental changes.

Ensemble of One-Class Classifiers for Network Intrusion Detection System

To achieve high accuracy while lowering false alarm rates are major challenges in designing an intrusion detection system. In addressing this issue, this paper proposes an ensemble of one-class classifiers where each uses different learning paradigms. The techniques deployed in this ensemble model are; linear genetic programming (LGP), adaptive neural fuzzy inference system (ANFIS) and random forest (RF). The strengths from the individual models were evaluated and ensemble rule was formulated. Empirical results show an improvement in detection accuracy for all classes of network traffic; normal, probe, DoS, U2R and R2L. RF, which is an ensemble learning technique that generates many classification trees and aggregates the individual result was also able to address imbalance dataset problem that many of machine learning techniques fail to sufficiently address it.

Adaptive and online data anomaly detection for wireless sensor systems

Wireless sensor networks (WSNs) are increasingly used as platforms for collecting data from unattended environments and monitoring important events in phenomena. However, sensor data is affected by anomalies that occur due to various reasons, such as, node software or hardware failures, reading errors, unusual events, and malicious attacks. Therefore, effective, efficient, and real time detection of anomalous measurement is required to guarantee the quality of data collected by these networks. In this paper, two efficient and effective anomaly detection models PCCAD and APCCAD are proposed for static and dynamic environments, respectively. Both models utilize the One-Class Principal Component Classifier (OCPCC) to measure the dissimilarity between sensor measurements in the feature space. The proposed APCCAD model incorporates an incremental learning method that is able to track the dynamic normal changes of data streams in the monitored environment. The efficiency and effectiveness of the proposed models are demonstrated using real life datasets collected by real sensor network projects. Experimental results show that the proposed models have advantages over existing models in terms of efficient utilization of sensor limited resources. The results further reveal that the proposed models achieve better detection effectiveness in terms of high detection accuracy with low false alarms especially for dynamic environmental data streams compared to some existing models.

One-Class Principal Component Classifier for anomaly detection in wireless sensor network

To ensure the quality of data collected by sensor networks, misbehavior in measurements should be detected efficiently and accurately in each sensor node before relying the data to the base station. In this paper, a novel anomaly detection model is proposed based on the lightweight One Class Principal Component Classifier for detecting anomalies in sensor measurements collected by each node locally. The efficiency and accuracy of the proposed model are demonstrated using two real life wireless sensor networks datasets namely; labeled dataset (LD) and Intel Berkeley Research Lab dataset (IBRL). The simulation results show that our model achieves higher detection accuracy with relatively lower false alarms. Furthermore, the proposed model incurs less energy consumption by reducing the computational complexity in each node.

Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation

Grouping and clustering alerts for intrusion detection based on the similarity of features is referred to as structurally base alert correlation and can discover a list of attack steps. Previous researchers selected different features and data sources manually based on their knowledge and experience, which lead to the less accurate identification of attack steps and inconsistent performance of clustering accuracy. Furthermore, the existing alert correlation systems deal with a huge amount of data that contains null values, incomplete information, and irrelevant features causing the analysis of the alerts to be tedious, time-consuming and error-prone. Therefore, this paper focuses on selecting accurate and significant features of alerts that are appropriate to represent the attack steps, thus, enhancing the structural-based alert correlation model. A two-tier feature selection method is proposed to obtain the significant features. The first tier aims at ranking the subset of features based on high information gain entropy in decreasing order. The‏ second tier extends additional features with a better discriminative ability than the initially ranked features. Performance analysis results show the significance of the selected features in terms of the clustering accuracy using 2000 DARPA intrusion detection scenario-specific dataset.

Data integrity and privacy model in cloud computing

Cloud computing is the future of computing industry and it is believed to be the next generation of computing technology. Among the major concern in cloud computing is data integrity and privacy. Clients require their data to be safe and private from any tampering or unauthorized access. Various algorithms and protocols (MD5, AES, and RSA-based PHE) are implemented by the various components of this model to provide the maximum levels of integrity management and privacy preservation for data stored in public cloud such as Amazon S3. The impact of algorithms and protocols, used to ensure data integrity and privacy, is studied to test the performance of the proposed model. The prototype system showed that data integrity and privacy are ensured against unauthorized parties. This model reduces the burden of checking the integrity of data stored in cloud storage by utilizing a third party, integrity checking service, and applies security mechanism that ensure privacy and confidentiality of data stored in cloud computing. This paper proposes an architecture based model that provides data integrity verification and privacy preserving in cloud computing.