Mohd Aizaini Maarof

Feature Selection Using Rough Set in Intrusion Detection

Most of existing intrusion detection systems use all data features to detect an intrusion. Very little works address the importance of having a small feature subset in designing an efficient intrusion detection system. Some features are redundant and some contribute little to the intrusion detection process. The purpose of this study is to investigate the effectiveness of rough set theory in identifying important features in building an intrusion detection system. Rough set was also used to classify the data. Here, we used KDD Cup 99 data. Empirical results indicate that rough set is comparable to other feature selection techniques deployed by few other researchers

Feature selection using rough-DPSO in anomaly intrusion detection

Most of the existing IDS use all the features in network packet to evaluate and look for known intrusive patterns. Some of these features are irrelevant and redundant. The drawback to this approach is a lengthy detection process. In real-time environment this may degrade the performance of an IDS. Thus, feature selection is required to address this issue. In this paper, we use wrapper approach where we integrate Rough Set and Particle Swarm to form a 2-tier structure of feature selection process. Experimental results show that feature subset proposed by Rough-DPSO gives better representation of data and they are robust.

Advancements of data anomaly detection research in wireless sensor networks: a survey and open issues.

Wireless Sensor Networks (WSNs) are important and necessary platforms for the future as the concept “Internet of Things” has emerged lately. They are used for monitoring, tracking, or controlling of many applications in industry, health care, habitat, and military. However, the quality of data collected by sensor nodes is affected by anomalies that occur due to various reasons, such as node failures, reading errors, unusual events, and malicious attacks. Therefore, anomaly detection is a necessary process to ensure the quality of sensor data before it is utilized for making decisions. In this review, we present the challenges of anomaly detection in WSNs and state the requirements to design efficient and effective anomaly detection models. We then review the latest advancements of data anomaly detection research in WSNs and classify current detection approaches in five main classes based on the detection methods used to design these approaches. Varieties of the state-of-the-art models for each class are covered and their limitations are highlighted to provide ideas for potential future works. Furthermore, the reviewed approaches are compared and evaluated based on how well they meet the stated requirements. Finally, the general limitations of current approaches are mentioned and further research opportunities are suggested and discussed.

Fraud detection system

The increment of computer technology use and the continued growth of companies have enabled most financial transactions to be performed through the electronic commerce systems, such as using the credit card system, telecommunication system, healthcare insurance system, etc. Unfortunately, these systems are used by both legitimate users and fraudsters. In addition, fraudsters utilized different approaches to breach the electronic commerce systems. Fraud prevention systems (FPSs) are insufficient to provide adequate security to the electronic commerce systems. However, the collaboration of FDSs with FPSs might be effective to secure electronic commerce systems. Nevertheless, there are issues and challenges that hinder the performance of FDSs, such as concept drift, supports real time detection, skewed distribution, large amount of data etc. This survey paper aims to provide a systematic and comprehensive overview of these issues and challenges that obstruct the performance of FDSs. We have selected five electronic commerce systems; which are credit card, telecommunication, healthcare insurance, automobile insurance and online auction. The prevalent fraud types in those E-commerce systems are introduced closely. Further, state-of-the-art FDSs approaches in selected E-commerce systems are systematically introduced. Then a brief discussion on potential research trends in the near future and conclusion are presented.

An adaptive and efficient dimension reduction model for multivariate wireless sensor networks applications

Wireless sensor networks (WSNs) applications are growing rapidly in various fields such as environmental monitoring, health care management, and industry control. However, WSNs are characterized by constrained resources especially; energy which shortens their lifespan. One of the most important factors that cause a rapid drain of energy is radio communication of multivariate data between nodes and base station. Besides, the dynamic changes of environmental variables pose a need for an adaptive solution that cope with these changes over the time. In this paper, a new adaptive and efficient dimension reduction model (APCADR) is proposed for hierarchical sensor networks based on the candid covariance-free incremental PCA (CCIPCA). The performance of the model is evaluated using three real sensor networks datasets collected at Intel Berkeley Research Lab (IBRL), Great St. Bernard (GSB) area, and Lausanne Urban Canopy Experiments (LUCE). Experimental results show 33.33% and 50% reduction of multivariate data in dynamic and static environments, respectively. Results also show that 97-99% of original data is successfully approximated at cluster heads in both environment types. A comparison with the multivariate linear regression model (MLR) and simple linear regression model (SLR) shows the advantage of the proposed model in terms of efficiency, approximation accuracy, and adaptability with dynamic environmental changes.

Ensemble of One-Class Classifiers for Network Intrusion Detection System

To achieve high accuracy while lowering false alarm rates are major challenges in designing an intrusion detection system. In addressing this issue, this paper proposes an ensemble of one-class classifiers where each uses different learning paradigms. The techniques deployed in this ensemble model are; linear genetic programming (LGP), adaptive neural fuzzy inference system (ANFIS) and random forest (RF). The strengths from the individual models were evaluated and ensemble rule was formulated. Empirical results show an improvement in detection accuracy for all classes of network traffic; normal, probe, DoS, U2R and R2L. RF, which is an ensemble learning technique that generates many classification trees and aggregates the individual result was also able to address imbalance dataset problem that many of machine learning techniques fail to sufficiently address it.

Efficient image duplicated region detection model using sequential block clustering

Apart from robustness and accuracy of copy-paste image forgery detection, time complexity also plays an important role to evaluate the performance of the system. In this paper, the focus point is to improve time complexity of the block-matching algorithm. Hence, a coarse-to-fine approach is applied to propose an enhanced duplicated region detection model by using sequential block clustering. Clustering minimizes the search space in block matching. This significantly improves time complexity as it eliminates several extra block-comparing operations. We determine time complexity function of the proposed algorithm to measure the performance. The experimental results and mathematical analysis demonstrate that our proposed algorithm has more improvement in time complexity when the block size is small.

GREENIE: a novel hybrid routing protocol for efficient video streaming over wireless mesh networks

In recent years, video streaming over wireless mesh networks (WMNs) has been of great interest among the users. In WMNs, although node mobility and scalability are the two most important well-known advantages by end-users, they can decrease the perceived video quality on receivers with increasing the probability of path failure, especially when the number of mobile mesh nodes and their mobility speeds increase. Therefore, the necessity of employing an efficient routing protocol to consider the effects of node mobility is inevitable. Moreover, the interference can be sharply increased, especially on the gateways, when there are many mobile mesh nodes in a WMN. Interference does not permit the system to support many STA and mobile mesh nodes. In order to cope with these challenges, this study introduces and evaluates a g ood hybrid r outing protocol for data dissemination which e fficiently and e ffectively routes packets in a wireless mesh n etwork and i ntelligently e mploys proactive and reactive routing protocols based on the node mobility (GREENIE) for efficient video streaming over WMNs and extensively compares it with other routing protocols including hybrid wireless mesh protocol, proactive, reactive, and spanning trees using OMNET++ simulator. GREENIE intelligently distinguishes mobile from static nodes and selects the most stable path between a source and a destination which leads to higher perceived video quality on receivers. The results show the impact of GREENIE on the perceived video quality so that it considerably outperforms other routing protocols in terms of the total number of successfully received packets, the end-to-end delay, and the imposed routing overhead on the system. One of the main advantages of GREENIE is that it performs routing in the medium access control layer without applying any change in the functions of the internet protocol layer.

Adaptive and online data anomaly detection for wireless sensor systems

Wireless sensor networks (WSNs) are increasingly used as platforms for collecting data from unattended environments and monitoring important events in phenomena. However, sensor data is affected by anomalies that occur due to various reasons, such as, node software or hardware failures, reading errors, unusual events, and malicious attacks. Therefore, effective, efficient, and real time detection of anomalous measurement is required to guarantee the quality of data collected by these networks. In this paper, two efficient and effective anomaly detection models PCCAD and APCCAD are proposed for static and dynamic environments, respectively. Both models utilize the One-Class Principal Component Classifier (OCPCC) to measure the dissimilarity between sensor measurements in the feature space. The proposed APCCAD model incorporates an incremental learning method that is able to track the dynamic normal changes of data streams in the monitored environment. The efficiency and effectiveness of the proposed models are demonstrated using real life datasets collected by real sensor network projects. Experimental results show that the proposed models have advantages over existing models in terms of efficient utilization of sensor limited resources. The results further reveal that the proposed models achieve better detection effectiveness in terms of high detection accuracy with low false alarms especially for dynamic environmental data streams compared to some existing models.

Enhancing the Detection of Metamorphic Malware using Call Graphs

Malware stands for malicious software. It is software that is designed with a harmful intent. A malware detector is a system that attempts to identify malware using Application Programming Interface (API) call graph technique and/or other techniques. API call graph techniques follow two main steps, namely, transformation of malware samples into an API call graph using API call graph construction algorithm, and matching the constructed graph against existing malware call graph samples using graph matching algorithm. A major issue facing malware API call graph construction algorithms is building a precise call graph from information collected about malware samples. On the other hand call graph matching is an NP-complete problem and is slow because of computational complexity. In this study, a malware detection system based on API call graph is proposed. In the proposed system, each malware sample is represented as an API call graph. API call graph construction algorithm is used to transform input malware samples into API call graph by integrating API calls and operating system resource to represent graph nodes. Moreover, the dependence between different types of nodes is identified and represented using graph edges. After that, graph matching algorithm is used to calculate similarity between the input sample and malware API call graph samples that are stored in a database. The graph matching algorithm is based on an enhanced graph edit distance algorithm that simplifies the computational complexity using a greedy approach to select best common subgraphs from the integrating API call graph with high similarity, which helps in terms of detecting metamorphic malware. Experimental results on 514 malware samples demonstrate that the proposed system has 98% accuracy and 0 false positive rates. Detailed comparisons against other detection methods have been carried out and significant improvement over them is shown.