Nouria Harbi

COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.

Approach based ensemble methods for better and faster intrusion detection

This study introduces a new method based on Greedy-Boost, a multiple classifier system, for better and faster intrusion detection. Detection of the anomalies in the data-processing networks is regarded as a problem of data classification allowing to use data mining and machine learning techniques to perform intrusion detection. With such automatic processing procedures, human expertise only focuses on a small set of potential anomalies which may result in important time savings and efficiency. In order to be scalable and efficient, these kinds of approaches must respect important requirements. The first is to obtain a high level of precision, that is to be able to detect a maximum of anomalies with a minimum of false alarms. The second is to detect potential anomalies as fast as possible. We propose Greedy-Boost, a new approach of boosting which is based on an adaptive combination of multiple classifiers to perform the precision of the detection. This approach uses an aspect of smooth that ensures stability of the classifier system and offers speed of detection. The experimental results, conducted on the KDD99 dataset, prove that our proposed approach outperforms several state-of-the-art methods, particularly in detecting rare attack types.

Verification of Security Coherence in Data Warehouse Designs

This paper relies on a UML profile with a graphical concrete syntax for the design of secure data warehouses. The UML extensions define security concepts to adopt the RBAC and MAC standards, to define conflicts of interests, and to model multidimensional schemas. In addition, this profile has formal semantics defined in Prolog that provides for the verification of both the design well-formedness and the coherence of security policies of data warehouse designs.

An efficient local region and clustering-based ensemble system for intrusion detection

The dramatic proliferation of sophisticated cyber attacks, in conjunction with the ever growing use of Internet-based services and applications, is nowadays becoming a great concern in any organization. Among many efficient security solutions proposed in the literature to deal with this evolving threat, ensemble approaches, a particular family of data mining, have proven very successful in designing high performance intrusion detection systems (IDSs) resting on the mutual combination of multiple classifiers. However, the strength of ensemble systems depends heavily on the methods to generate and combine individual classifiers. In this thread, we propose a novel design method to generate a robust ensemble-based IDS. In our approach, individual classifiers are built using both the input feature space and additional features exploited from k-means clustering. In addition, the ensemble combination is calculated based on the classification ability of classifiers on different local data regions defined in form of k-means clustering. Experimental results prove that our solution is superior to several well-known methods.

Real detection intrusion using supervised and unsupervised learning

Advances in software and networking technologies have nowadays brought about innumerable benefits to both individuals and organizations. Along with technological explosions, there ironically exist numerous potential cyber-security breaches, thus advocating attackers to devise hazardous intrusion tactics against vulnerable information systems. Such security-related concerns have motivated many researchers to propose various solutions to face the continuous growth of cyber threats during the past decade. Among many existing IDS methodologies, data mining has brought a remarkable success in intrusion detection. However, data mining approaches for intrusion detection have still confronted numerous challenges ranging from data collecting and feature processing to the appropriate choice of learning methods and parametric thresholds. Hence, designing efficient IDSs remains very tough. In this paper, we propose a new intrusion detection system by combining unsupervised and supervised learning method. Results shows the performance of this system.

Secret sharing for cloud data security: a survey

Cloud computing helps reduce costs, increase business agility and deploy solutions with a high return on investment for many types of applications. However, data security is of premium importance to many users and often restrains their adoption of cloud technologies. Various approaches, i.e., data encryption, anonymization, replication and verification, help enforce different facets of data security. Secret sharing is a particularly interesting cryptographic technique. Its most advanced variants indeed simultaneously enforce data privacy, availability and integrity, while allowing computation on encrypted data. The aim of this paper is thus to wholly survey secret sharing schemes with respect to data security, data access and costs in the pay-as-you-go paradigm.

Hybrid Intrusion Detection in Information Systems

The expansion and democratization of the digital world coupled with the effect of the Internet globalization, has allowed individuals, countries, states and companies to interconnect and interact at incidence levels never previously imagined. Cybercrime, in turn, is unfortunately one the negative aspects of this rapid global interconnection expansion. We often find malicious individuals and/or groups aiming to undermine the integrity of Information Systems for either financial gain or to serve a cause. Our study investigates and proposes a hybrid data mining methodology in order to detect abnormal behavior that could potentially threaten the security of an Information System, in a simple way that is understandable to all involved parties, whether they are security experts or standard users.

Securing data warehouses: a semi-automatic approach for inference prevention at the design level

Data warehouses contain sensitive data that must be secured in two ways: by defining appropriate access rights to the users and by preventing potential data inferences. Inspired from development methods for information systems, the first way of securing a data warehouse has been treated in the literature during the early phases of the development cycle. However, despite the high risks of inferences, the second way is not sufficiently taken into account in the design phase; it is rather left to the administrator of the data warehouse. However, managing inferences during the exploitation phase may induce high maintenance costs and complex OLAP server administration. In this paper, we propose an approach that, starting from the conceptual model of the data sources, assists the designer of the data warehouse in indentifying multidimensional sensitive data and those that may be subject to inferences.

Sécurisation des entrepôts de données contre les inférences précises et partielles

RESUME. Les entrepots de donnees contiennent des donnees sensibles qui doivent etre protegees contre les acces non autorises, aussi bien directs que par inference. Les acces directs sont controlables par des autorisations gerees par le serveur OLAP. Cependant, ce dernier n’offre pas de mecanismes pour proteger l’entrepot contre deux types d’inferences : les inferences precises permettant la deduction de valeurs exactes des mesures, et les inferences partielles permettant d’avoir une idee grossiere sur les valeurs des mesures. Dans cet article, nous proposons une approche pour la securisation des entrepots de donnees qui, d’une part, interdit les inferences partielles dans le cas des requetes utilisant la fonction d’agregation Sum et, d’autre part, empeche les inferences precises dans le cas des requetes utilisant les fonctions d’agregation Min ou Max. pour ce faire, nous exploitons les methodes statistiques contre les inferences partielles, et les reseaux Bayesiens contre les inferences precises.