Evgeniya Nikolova

Some similarity coefficients and application of data mining techniques to the anomaly-based IDS

This paper introduces an approach to anomaly-based intrusion detection, which searches the system activity data for deviations from preliminarily described profiles of normal activity. The normal system activity in the proposed methodology is described using data mining techniques, namely classification trees. The intrusion detection is performed using some similarity coefficients with a purpose to measure the similarity between the normal activity and the current one. The evaluation of the represented simulation results indicates the proposed methodology produces reliable and steady results.

An Adaptive Approach of Clustering Application in the Intrusion Detection Systems

The present paper introduces an innovative approach for anomaly-based IDS. The main idea is to construct model that characterizes the expected/acceptable behavior of the system using a clustering algorithm based on a 2-means clustering anomaly detection technique and a classification tree. Methods for clustering, training and detection are provided. The applied parameter, considered for performance measurement, is the Rand index. Index Dunn and C-index are used in order to determine whether the clusters are compact and well separated.

Anomaly Based Intrusion Detection Using Data Mining and String Metrics

Computer systems and networks are subject to electronic attacks with increasing number and severity. Intrusion detection is an important technology in the contemporary world as well as an active area of research. The present paper introduces an adaptive approach of data mining techniques and string metrics in anomaly based intrusion detection systems. The conducted simulation experiments and represented results substantiate the proposed method produces reliable results while monitoring the protected system and alarming the detected attacks.

Applications of Clustering Methods to Anomaly-Based Intrusion Detection Systems

The present paper introduces some applications of clustering methodology, namely FLAME algorithm to the behavioral analysis of the user activities, performed by a host-based intrusion detection system. The normal and anomalous activity patterns are distinguished by 2-means clustering algorithm and separated into two non-intersecting clusters. The results of the performed simulation experiments are represented as well.

An Adaptive Approach of String Metrics Application in the Intrusion Detection Systems

The present paper introduces an innovative approach for the anomaly-based intrusion detection systems (IDS). The main idea is to construct a model that characterizes the expected/acceptable behavior of the system using list decoding techniques and distinguishes the intrusive activity from legal one using string metric algorithms. The conducted simulation experiments are represented and discussed as well.

Decoding efficiency of the MAP and the max-log MAP algorithm as a strategy in anomaly-based intrusion detection systems

Hidden Markov Methodology, with particular care to the parameter estimation and the training phase, represents a powerful finite state machine, suitable in various recognition problems. This paper investigated the capabilities of this methodology in anomaly-based intrusion detection. The model training is performed using ML criterion, based on the gradient method. Since the attacks recognition is considered as a decoding problem, the MAP and the max log MAP algorithms combined with gradient based method were applied. The comparison between these two decoding algorithms as a strategy in anomalybased IDS is represented as well.

An Application of Learning Problem in Anomaly-based Intrusion Detection Systems

The present paper introduces an approach to anomaly-based intrusion detection using the hidden Markov models (HMM) and the BCJR decoding algorithm. The main idea is to distinguish the normal traces of user activity from abnormal ones using the BCJR decoding algorithm applied in conjunction with HMM parameters adjustment using the gradient based method. Some results from the conducted simulation experiments are introduced as well