Imen Brahmi

MAD-IDS: novel intrusion detection system using mobile agents and data mining approaches

Intrusion Detection has been investigated for many years and the field reached the maturity. Nevertheless, there are still important challenges, e.g., how an Intrusion Detection System (IDS) can detect distributed attacks. To tackle this problem, we propose a novel distributed IDS, based on the desirable features provided by the mobile agent methodology and the high accuracy offered by the data mining techniques.

Towards a multiagent-based distributed intrusion detection system using data mining approaches

The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as Intrusion Detection System (IDS). The IDS need to be accurate, adaptive, and extensible. Although many established techniques and commercial products exist, their effectiveness leaves room for improvement. A great deal of research has been carried out on intrusion detection in a distributed environment to palliate the drawbacks of centralized approaches. However, distributed IDS suffer from a number of drawbacks e.g. , high rates of false positives, low efficiency, etc. In this paper, we propose a distributed IDS that integrates the desirable features provided by the multi-agent methodology with the high accuracy of data mining techniques. The proposed system relies on a set of intelligent agents that collect and analyze the network connections, and data mining techniques are shown to be useful to detect the intrusions. Carried out experiments showed superior performance of our distributed IDS compared to the centralized one.

OMC-IDS: at the cross-roads of OLAP mining and intrusion detection

Due to the growing threat of network attacks, the efficient detection as well as the network abuse assessment are of paramount importance. In this respect, the Intrusion Detection Systems (IDS) are intended to protect information systems against intrusions. However, IDS are plugged with several problems that slow down their development, such as low detection accuracy and high false alarm rate. In this paper, we introduce a new IDS, called OMC-IDS, which integrates data mining techniques and On Line Analytical Processing (OLAP) tools. The association of the two fields can be a powerful solution to deal with the defects of IDS. Our experiment results show the effectiveness of our approach in comparison with those fitting in the same trend.

Using Homomorphic Encryption to Compute Privacy Preserving Data Mining in a Cloud Computing Environment

Cloud computing refers to an information technology infrastructure where data and software are stored and processed in a remote data center, accessible as a service through the Internet. Typical data centers within these fields are large, complex and often noisy. Further-more, privacy preserving data mining is an important challenge. It is required to protect the confidentiality of data sources during the extraction of frequent closed patterns. In fact, no site should be able to learn contents of a transaction at any other site. The work carried out in this paper deals with this problem. In this context, we suggest an approach that combines the extraction of frequent closed patterns in a distributed environment such as the cloud. We aim at maintaining the privacy of the sites during the data mining task in a cloud environment based on homomorphic encryption. The Simulation results and performance analysis show that our mechanism requires less communication and computation overheads. It can effectively preserve data privacy, check data integrity, and ensures high data transmission efficiency.

A Multi-agents Intrusion Detection System Using Ontology and Clustering Techniques

Nowadays, the increase in technology has brought more sophisticated intrusions. Consequently, Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. This paper introduces a novel hybrid multi-agents IDS based on the intelligent combination of a clustering technique and an ontology model, called OCMAS-IDS. The latter integrates the desirable features provided by the multi-agents methodology with the benefits of semantic relations as well as the high accuracy of the data mining technique. Carried out experiments showed the efficiency of our distributed IDS, that sharply outperforms other systems over real traffic and a set of simulated attacks.

A Security Approach for Data Migration in Cloud Computing Based on Human Genetics

Cloud computing technology is flexible, cost effective and reliable for the provision of IT services to businesses and individuals through means of internet. Clearly beneficial in terms of costs, this technology has gained immediate popularity. However, security concerns have slowed its expansion. It is possible that the full adoption of cloud computing is not appropriate in some cases, for security reasons related to confidentiality and data integrity. Cryptographic methods that could reduce these risks to acceptable levels, however, were developed. In this article, we introduce a method implementing encryption based on human genetics, more particularly on protein biosynthesis. The attractive coupling between the encryption of content and biosynthesis protects data against unauthorized access. The experiments show that our proposal provides a good balance between the integrity and confidentiality of data.

Security Issues in Cloud Computing and Associated Alleviation Approaches

Cloud computing is the fruit of recent developments in information technology, it provides access to many online services as well as remote computing resources as needed. To be more specific, cloud computing stands today as a satisfactory answer to the problem of storage and computing of data encountered by companies. It provides treatment and accommodation of their digital information via a fully outsourced infrastructure. The latter enables users to benefit from many online services without worrying about the technical aspects of their use. In the meanwhile, it limits costs generated by the management of these data. However, this advanced technology has immediately highlighted many serious security troubles. The major issue that prevents many companies to migrate to the cloud is the security of sensitive data hosted in the provider. Actually, the security problem related to this technology has slowed their expansion and restricted in a severe way their scope. The work in this paper deals to present a literature review of data security approaches for cloud computing, and evaluates them in terms of how well they support critical security services and what level of adaptation they achieve.

OMAIDS: A Multi-agents Intrusion Detection System Based Ontology

Nowadays, as a security infrastructure the Intrusion Detection System (IDS) have evolved significantly since their inception. Generally, most existing IDSs are plugged with various drawbacks, e.g., excessive generation of false alerts, low efficiency, etc., especially when they face distributed attacks. In this respect, various new intelligent techniques have been used to improve the intrusion detection process. This paper introduces a novel intelligent IDS, which integrates the desirable features provided by the multi-agents methodology with the benefits of semantic relations. Carried out experiments showed the efficiency of our distributed IDS, that sharply outperforms other systems over real traffic and a set of simulated attacks.

Mining Frequent Closed Flows Based on Approximate Support with a Sliding Window over Packet Streams

Due to the varying and dynamic characteristics of network traffic, the analysis of traffic flows is of paramount importance for network security. In this context, the main challenge consists in mining the traffic flows with high accuracy and limited memory consumption. In this respect, we introduce a novel algorithm, which mines the approximate closed frequent patterns over a stream of packets within a sliding window model. The latter is based on a relaxation rate parameter as well as an approximate support concept. Our experiment results show the robustness and efficiency of our new algorithm against those in the literature.

Mining approximate frequent closed flows over packet streams

Due to the varying and dynamic characteristics of network traffic, the analysis of traffic flows is of paramount importance for network security, accounting and traffic engineering. The problem of extracting knowledge from the traffic flows is known as the heavy-hitter issue. In this context, the main challenge consists in mining the traffic flows with high accuracy and limited memory consumption. In the aim of improving the accuracy of heavy-hitters identification while having a reasonable memory usage, we introduce a novel algorithm called ACLStream. The latter mines the approximate closed frequent patterns over a stream of packets. Carried out experiments showed that our proposed algorithm presents better performances compared to those of the pioneer known algorithms for heavy-hitters extraction over real network traffic traces.