Shaohua Teng

An Algorithm to Improve the Effectiveness of Apriori

Apriori is one of the most important algorithms used in rule association mining. In this paper, we first discuss the limitations of the Apriori algorithm and then propose an enhancement for improving its efficiency. The improved algorithm is based on the combination of forward scan and reverse scan of a given database. If certain conditions are satisfied, the improved algorithm can greatly reduce the scanning times required for the discovery of candidate itemsets. Theoretical proof and analysis are given for the rationality of our algorithm. A simulation instance is given in order to show the advantages of this algorithm compared with Apriori.

A Cooperative Network Intrusion detection Based on Fuzzy SVMs

T he re is a large number of noise in the data obtained from network , which deteriorates intrusion detection performance. To delete the noise data, data preprocess ing is done before the constructi on of hyperplane in support vector machine ( SVM ) . By introduc ing fuzzy theory into SVM, a new method is proposed for network i ntrusion detection. Because the attack behavior is different for different network protocol , a different fuzzy membership function is formatted, such that for each class of protocol there is a SVM. To implement this approach, a f uzzy SVM -based cooperative network intrusion detection system with multi-agent architecture is presented. It is composed of three types of agents corresponding to TCP, UDP , and ICMP protocol s, respectively. Simulation experiment s are done by using KDD CUP 1999 data set , results show that the training time is significantly shortened, storage space requirement is reduced, and classification accuracy is improved.

Scan attack detection based on distributed cooperative model

Researchers have done lots of work in scan attack detection. Various methods have been proposed. Although these methods can defense some scan attacks from hackers in some degree, there are lots of missing detections and false alerts. Especially current intrusion detection systems are difficult to satisfy the demand of large-scale distributed network. After we carefully research on network topological architecture and scan attack method and mechanism, we find that scan attack always happened at network layer and transport layer. Then we propose a scan detection method based on distributed cooperative model. It is composed of feature-based detection, scenario-based detection and statistic-based detection. The experiment results show that this method has obvious advantages. It can efficiently detect more scan attacks.

Solving the Many to Many assignment problem by improving the Kuhn-Munkres algorithm with backtracking

The Many to Many (M-M) assignment problem is an important open problem where one task is assigned to many, but different, agents and one agent may undertake many, but different, tasks. The Kuhn-Munkres (K-M) algorithm is a famous and traditional process used in dealing with assignment problems. In this paper, we propose a solution to the M-M assignment problem by improving the K-M algorithm with backtracking (KMB). To demonstrate the solutions suitability, we prove that the proposed KMB algorithm is valid and that the worst time complexity of the KMB algorithm is O ( ( ? L a i ) 3 ) , where L a i denotes the maximum number of tasks that can be assigned to agent i. After that, we discuss several critical problems related to the algorithm and provide the necessary and sufficient conditions of solving the M-M assignment problem. Finally, we demonstrate, through experimentation, the validity, practicality and efficiency of the KMB algorithm. It improves the K-M algorithm to solve the M-M assignment problem.The improved algorithm (KMB) introduces backtracking.The KMB algorithm is valid and the worst time complexity is O ( ( ? L a i ) 3 ) .It provides the necessary and sufficient conditions for the solution.It illustrates the validity and efficiency of the KMB algorithm through simulations.

Fuzzy Multi-Class Support Vector Machines for cooperative network intrusion detection

A large number of noise data always exits when obtaining information through Internet, which deteriorates intrusion detection performance. In order to avoid the affection of noise data, data preprocessing needs to be done before the construction of hyperplane in Support Vector Machine (SVM). By importing fuzzy theory into SVM, a new method is proposed for cooperative network intrusion detection. Due to the various attack methods in different network protocol, a fuzzy membership function is formatted under each protocol, which means a unique Multi-Class SVM is suitable for only one network protocol. To implement this approach, a fuzzy Multi-Class-SVM-based cooperative network intrusion detection model with multi-agent architecture is presented in this paper, which is composed of three types of agents corresponding to TCP, UDP, and ICMP protocols, respectively and a statistic-based agent. Moreover, simulation experiments are performed by using KDD CUP 1999 data set while it is shown in the results that the training time can be significantly shortened, storage space requirement can be sharply reduced, and classification accuracy is improved apparently by using the SVM method preprocessing the data.

Cooperative Intrusion Detection Model Based on State Transition Analysis

Many intrusion behaviors can be characterized as the execution of a sequence of crucial commands that results in an unauthorized access. Lots of attack sequences can be derived by either exchanging properly orders of crucial commands or replacing crucial commands with the functionally similar commands, which have the same performance. Therefore, it is very difficult to detect such attacks. In this paper, we propose a cooperative intrusion detection model based on state transition analysis, in which the topological order and isomorphic transformation are adopted. For a given sequence of crucial commands of an intrusion, all the possible derived sequences as an intrusion scenario can be generated by means of the model. We may also use the model to detect the attacks from different cooperating attackers and the attacks from one attacker in different login sessions. Furthermore, a derived intrusion can be seen as an unknown intrusion, in this sense that the technique presented in this paper can detect some unknown intrusions.

Research on Micro-blog Sentiment Polarity Classification Based on SVM

The key problem to be solved in the analysis of micro-blog emotion is the micro-blog sentiment polarity classification. Based on the analysis of various factors affecting sentiment classification of micro-blog, we recognize word sentimental polarity, extract affective and weighted sentimental feature in the sentence level. Then support vector machine (SVM) classifier is used for emotion recognition and micro-blog classification. Finally, we perform the classification model with the micro-blog corpus data sets, and improve classification accuracy by calculating confidence. The experimental results verify the effectiveness of the micro-blog sentiment polarity classification model applied to the micro-blog.

A cooperative network intrusion detection based on heterogeneous distance function clustering

Because the network connection information contains nominal and linear attributes, and linear attributes are divided into continuous and discrete attributes, the network connection information is the heterogeneous data. The heterogeneous distance functions are used to cluster data in this paper. The cooperative network intrusion detection based on semi-supervised clustering algorithm is proposed. Firstly, the network data flows are divided into three data flows (TCP flow, UDP flow, and ICMP flow) according to network protocol and are sent to three detection agents. Then every detection agent constructs the detection model using the fuzzy c-means clustering algorithm based on the HVDM (Heterogeneous Value Difference Metric) distance. Finally, revise and verify the detection model by using test data. Simulation experiments are done by using KDD CUP 1999 data set, results show that the method presented here is feasible and efficient.

Information Hiding for pervasive trusted authentication

Pervasive computing promises rich and seamless interaction with the surrounding computing environment. However, the ubiquitous environment presents a new security challenge. Authentication is a cornerstone of security. This paper proposes a secure authentication model based on Information Hiding and implements an approach for hiding and restoring the authentication information using IP header of TCP/IP packets. The proposed model, showing Information Hiding can play for authentication in a pervasive environment, may be generalized for trustworthy authentication of security devices such as firewalls. Finally we analyze the security properties of proposed model and approach, which shows that the model is feasible.

Cooperative intrusion detection model based on scenario

When a new intrusion means is developed, many intrusion methods can be derived by exchanging the command sequences or by replacing commands with the functionally similar commands, which makes the detection of the developed intrusion very difficult. To overcome this problem, a cooperative intrusion detection model based on scenario is proposed, which is consisted of 5 layers. Topological order, isomorphic transformation and state transition analysis method are applied in the text. For an intrusion case we generate all the possible derived intrusions as an intrusion base. Based on this intrusion base, we present an efficient method to detect such intrusions by using finite automaton. Further, we apply data fusion to analysis suspicious data. A derived intrusion can be seen as an unknown intrusion, in this sense the technique presented in this paper can detect some unknown intrusions.