Hanen Brahmi

OMC-IDS: at the cross-roads of OLAP mining and intrusion detection

Due to the growing threat of network attacks, the efficient detection as well as the network abuse assessment are of paramount importance. In this respect, the Intrusion Detection Systems (IDS) are intended to protect information systems against intrusions. However, IDS are plugged with several problems that slow down their development, such as low detection accuracy and high false alarm rate. In this paper, we introduce a new IDS, called OMC-IDS, which integrates data mining techniques and On Line Analytical Processing (OLAP) tools. The association of the two fields can be a powerful solution to deal with the defects of IDS. Our experiment results show the effectiveness of our approach in comparison with those fitting in the same trend.

Discovering Multi-stage Attacks Using Closed Multi-dimensional Sequential Pattern Mining

Due to the growing amount and kinds of intrusions, multi-stage attack is becoming the one of the main methods of the network security threaten. Although, the Intrusion Detection Systems (IDS) are intended to protect information systems against intrusions. Nevertheless, they can only discover single-step attacks but not complicated multi-stage attacks. Consequently, IDS are plugged with the problem of the excessive generation of alerts. Therefore, it is not only important, but also challenging for security managers to correlate security alerts to predict a multi-stage attack. In this respect, an approach based on sequential pattern mining technique to discover multi-stage attack activity is efficient to reduce the labor to construct pattern rules. In this paper, we introduce a novel approach of alert correlation, based on a new closed multi-dimensional sequential patterns mining algorithm. The main idea behind this approach is to discover temporal patterns of intrusions which reveal behaviors of attacks using alerts generated by IDS. Our experiment results show the robustness and efciency of our new algorithm against those in the literature.

A New Concise and Exact Representation of Data Cubes

To efficiently answer OLAP queries on data warehouses, pre-computed data cubes provide an interesting solution. Nevertheless, the amount of generated aggregated data is huge and requires large amounts of storage space and mining time. To address this issue, various research works highlighted the added-value of compact representations of data cubes from which the remaining redundant patterns can be derived. In this respect, we introduce in this chapter a new concise and exact representation called closed non derivable data cubes (CND-Cube), which is based on the concept of non derivable minimal generators. We also propose a novel algorithm dedicated to the mining of CND-Cube from multidimensional databases. Our experiment results show the effectiveness of our approach in comparison with those fitting in the same trend. In this comparison, we focus on the efficiency of our algorithm and the compactness of the storage space terms.

Using Homomorphic Encryption to Compute Privacy Preserving Data Mining in a Cloud Computing Environment

Cloud computing refers to an information technology infrastructure where data and software are stored and processed in a remote data center, accessible as a service through the Internet. Typical data centers within these fields are large, complex and often noisy. Further-more, privacy preserving data mining is an important challenge. It is required to protect the confidentiality of data sources during the extraction of frequent closed patterns. In fact, no site should be able to learn contents of a transaction at any other site. The work carried out in this paper deals with this problem. In this context, we suggest an approach that combines the extraction of frequent closed patterns in a distributed environment such as the cloud. We aim at maintaining the privacy of the sites during the data mining task in a cloud environment based on homomorphic encryption. The Simulation results and performance analysis show that our mechanism requires less communication and computation overheads. It can effectively preserve data privacy, check data integrity, and ensures high data transmission efficiency.

A Multi-agents Intrusion Detection System Using Ontology and Clustering Techniques

Nowadays, the increase in technology has brought more sophisticated intrusions. Consequently, Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. This paper introduces a novel hybrid multi-agents IDS based on the intelligent combination of a clustering technique and an ontology model, called OCMAS-IDS. The latter integrates the desirable features provided by the multi-agents methodology with the benefits of semantic relations as well as the high accuracy of the data mining technique. Carried out experiments showed the efficiency of our distributed IDS, that sharply outperforms other systems over real traffic and a set of simulated attacks.

Constrained Closed Non Derivable Data Cubes

It is well recognized that data cubes often produce huge outputs. Several efforts were devoted to this problem through Constrained Cubes allowing the user to focus on a particular set of interesting tuples. In this paper, we investigate reduced representations for the Constrained Cube (e.g., Constrained Closed Cube and Constrained Quotient Cube). That is why we introduce a new and concise representation of data cubes: the Constrained Closed Non Derivable Data Cube (CCND − Cube). The latter captures all the tuples of a data cube fulfilling a combination of monotone/anti-monotone constraints. It can be represented in a very compact way in order to optimize both computation time and required storage space. The results of our experiments confirm the relevance of our proposal.

A Security Approach for Data Migration in Cloud Computing Based on Human Genetics

Cloud computing technology is flexible, cost effective and reliable for the provision of IT services to businesses and individuals through means of internet. Clearly beneficial in terms of costs, this technology has gained immediate popularity. However, security concerns have slowed its expansion. It is possible that the full adoption of cloud computing is not appropriate in some cases, for security reasons related to confidentiality and data integrity. Cryptographic methods that could reduce these risks to acceptable levels, however, were developed. In this article, we introduce a method implementing encryption based on human genetics, more particularly on protein biosynthesis. The attractive coupling between the encryption of content and biosynthesis protects data against unauthorized access. The experiments show that our proposal provides a good balance between the integrity and confidentiality of data.

Security Issues in Cloud Computing and Associated Alleviation Approaches

Cloud computing is the fruit of recent developments in information technology, it provides access to many online services as well as remote computing resources as needed. To be more specific, cloud computing stands today as a satisfactory answer to the problem of storage and computing of data encountered by companies. It provides treatment and accommodation of their digital information via a fully outsourced infrastructure. The latter enables users to benefit from many online services without worrying about the technical aspects of their use. In the meanwhile, it limits costs generated by the management of these data. However, this advanced technology has immediately highlighted many serious security troubles. The major issue that prevents many companies to migrate to the cloud is the security of sensitive data hosted in the provider. Actually, the security problem related to this technology has slowed their expansion and restricted in a severe way their scope. The work in this paper deals to present a literature review of data security approaches for cloud computing, and evaluates them in terms of how well they support critical security services and what level of adaptation they achieve.

OMAIDS: A Multi-agents Intrusion Detection System Based Ontology

Nowadays, as a security infrastructure the Intrusion Detection System (IDS) have evolved significantly since their inception. Generally, most existing IDSs are plugged with various drawbacks, e.g., excessive generation of false alerts, low efficiency, etc., especially when they face distributed attacks. In this respect, various new intelligent techniques have been used to improve the intrusion detection process. This paper introduces a novel intelligent IDS, which integrates the desirable features provided by the multi-agents methodology with the benefits of semantic relations. Carried out experiments showed the efficiency of our distributed IDS, that sharply outperforms other systems over real traffic and a set of simulated attacks.

Mining Frequent Closed Flows Based on Approximate Support with a Sliding Window over Packet Streams

Due to the varying and dynamic characteristics of network traffic, the analysis of traffic flows is of paramount importance for network security. In this context, the main challenge consists in mining the traffic flows with high accuracy and limited memory consumption. In this respect, we introduce a novel algorithm, which mines the approximate closed frequent patterns over a stream of packets within a sliding window model. The latter is based on a relaxation rate parameter as well as an approximate support concept. Our experiment results show the robustness and efficiency of our new algorithm against those in the literature.