The Application of Weighted Association Rules in Host-Based Intrusion Detection System

Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.

New method for detection fusion of MAC based on DCM and NP rule

The problem of distributed detection fusion using multiple sensors for remote underwater target detection is studied. Considering that multiple access channel （MAC） schemes are able to offer high efficiency in bandwidth usage and consume less energy than the parallel access channel （PAC）, the MAC scheme is introduced into the underwater target detection field. The model of underwater distributed detection fusion based on MAC schemes is established. A new method for detection fusion of MAC based on deflection coefficient maximization （DCM） and Neyman-Pearson （NP） rule is proposed. Under the power constraint of local sensors, this paper uses the DCM theory to derive the optimal weight coefficients and offsets. The closed-form expressions of detection probability and false alarm probability for fusion systems are obtained. The optimal detection performance of fusion systems is analyzed and deeply researched. Both the theory analysis and simulation experiments indicate that the proposed method could improve the detection performance and decrease the error probability effectively under power constraints of local sensors and low signal to noise ratio.

Milling Fault Detection Method Based on Fault Tree Analysis and Hierarchical Belief Rule Base

Expert knowledge is the key to modeling milling fault detection systems based on the belief rule base.The construction of an initial expert knowledge base seriously affects the accuracy and interpretability of the milling fault detection model.However,due to the complexity of the milling system structure and the uncertainty of the milling failure index,it is often impossible to construct model expert knowledge effectively.Therefore,a milling system fault detection method based on fault tree analysis and hierarchical BRB(FTBRB)is proposed.Firstly,the proposed method uses a fault tree and hierarchical BRB modeling.Through fault tree analysis(FTA),the logical correspondence between FTA and BRB is sorted out.This can effectively embed the FTA mechanism into the BRB expert knowledge base.The hierarchical BRB model is used to solve the problem of excessive indexes and avoid combinatorial explosion.Secondly,evidence reasoning(ER)is used to ensure the transparency of the model reasoning process.Thirdly,the projection covariance matrix adaptation evolutionary strategies(P-CMA-ES)is used to optimize the model.Finally,this paper verifies the validity model and the method’s feasibility techniques for milling data sets.

Performance Analysis of Distributed Neyman-Pearson Detection Systems

The performance of a distributed Neyman-Pearson detection system is considered with the decision rules of the sensors given and the decisions from different sensors being mutually independent conditioned on both hypothese. To achieve the better performance at the fusion center for a general detection system of n 〉 3 sensor configuration, the necessary and sufficient conditions are derived by comparing the probability of detec- tion at the fusion center with that of each of the sensors, with the constraint that the probability of false alarm at the fusion center is equal to that of the sensor. The conditions are related with the performances of the sensors and using the results we can predict the performance at the fusion center of a distributed detection system and can choose appropriate sensors to construct efficient distributed detection systems.

Association Rules Applied to Intrusion Detection

We discuss the basic intrusion detection techniques, and focus on how to apply association rules to intrusion detection. Begin with analyzing some close relations between user’s behaviors, we discuss the mining algorithm of association rules and apply to detect anomaly in IDS. Moreover, according to the characteristic of intrusion detection, we optimize the mining algorithm of association rules, and use fuzzy logic to improve the system performance.

A NOVEL FRAMEWORK FOR SOCCER GOAL DETECTION BASED ON SEMANTIC RULE

Focusing on the problem of goal event detection in soccer videos,a novel method based on Hidden Markov Model(HMM) and the semantic rule is proposed.Firstly,a HMM for a goal event is constructed.Then a Normalized Semantic Weighted Sum(NSWS) rule is established by defining a new feature of shots,semantic observation weight.The test video is detected based on the HMM and the NSWS rule,respectively.Finally,a fusion scheme based on logic distance is proposed and the detection results of the HMM and the NSWS rule are fused by optimal weights in the decision level,obtaining the final result.Experimental results indicate that the proposed method achieves 96.43% precision and 100% recall,which shows the effectiveness of this letter.

CNN and Fuzzy Rules Based Text Detection and Recognition from Natural Scenes

In today’s real world, an important research part in image processing isscene text detection and recognition. Scene text can be in different languages,fonts, sizes, colours, orientations and structures. Moreover, the aspect ratios andlayouts of a scene text may differ significantly. All these variations appear assignificant challenges for the detection and recognition algorithms that are consideredfor the text in natural scenes. In this paper, a new intelligent text detection andrecognition method for detectingthe text from natural scenes and forrecognizingthe text by applying the newly proposed Conditional Random Field-based fuzzyrules incorporated Convolutional Neural Network (CR-CNN) has been proposed.Moreover, we have recommended a new text detection method for detecting theexact text from the input natural scene images. For enhancing the presentation ofthe edge detection process, image pre-processing activities such as edge detectionand color modeling have beenapplied in this work. In addition, we have generatednew fuzzy rules for making effective decisions on the processes of text detectionand recognition. The experiments have been directedusing the standard benchmark datasets such as the ICDAR 2003, the ICDAR 2011, the ICDAR2005 and the SVT and have achieved better detection accuracy intext detectionand recognition. By using these three datasets, five different experiments havebeen conducted for evaluating the proposed model. And also, we have comparedthe proposed system with the other classifiers such as the SVM, the MLP and theCNN. In these comparisons, the proposed model has achieved better classificationaccuracywhen compared with the other existing works.

GRAPH GRAMMAR METHOD FOR 3-D CORNER DETECTION

Most of local feature descriptors assume that the scene is planar. In the real scene, the captured images come from the 3-D world. 3-D corner as a novel invariant feature is important for the image matching and the object detection, while automatically discriminating 3-D corners from ordinary corners is difficult. A novel method for 3-D corner detection is proposed based on the image graph grammar, and it can detect the 3-D features of corners to some extent. Experimental results show that the method is valid and the 3-D corner is useful for image matching.

Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

Writable XOR executable （W⊕X） and address space layout randomisation （ASLR） have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems （NIDS） with appropriate signatures can detect this attack efficiently.

A Novel Deep Neural Network Compression Model for Airport Object Detection

A novel deep neural network compression model for airport object detection has been presented.This novel model aims at disadvantages of deep neural network,i.e.the complexity of the model and the great cost of calculation.According to the requirement of airport object detection,the model obtains temporal and spatial semantic rules from the uncompressed model.These spatial semantic rules are added to the model after parameter compression to assist the detection.The rules can improve the accuracy of the detection model in order to make up for the loss caused by parameter compression.The experiments show that the effect of the novel compression detection model is no worse than that of the uncompressed original model.Even some of the original model false detection can be eliminated through the prior knowledge.

SVR-Miner:Mining Security Validation Rules and Detecting Violations in Large Software

For various reasons,many of the security programming rules applicable to specific software have not been recorded in official documents,and hence can hardly be employed by static analysis tools for detection.In this paper,we propose a new approach,named SVR-Miner(Security Validation Rules Miner),which uses frequent sequence mining technique [1-4] to automatically infer implicit security validation rules from large software code written in C programming language.Different from the past works in this area,SVR-Miner introduces three techniques which are sensitive thread,program slicing [5-7],and equivalent statements computing to improve the accuracy of rules.Experiments with the Linux Kernel demonstrate the effectiveness of our approach.With the ten given sensitive threads,SVR-Miner automatically generated 17 security validation rules and detected 8 violations,5 of which were published by Linux Kernel Organization before we detected them.We have reported the other three to the Linux Kernel Organization recently.

A FEATURE SELECTION ALGORITHM DESIGN AND ITS IMPLEMENTATION IN INTRUSION DETECTION SYSTEM

Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.

Enhancing Network Intrusion Detection Model Using Machine Learning Algorithms

After the digital revolution,large quantities of data have been generated with time through various networks.The networks have made the process of data analysis very difficult by detecting attacks using suitable techniques.While Intrusion Detection Systems(IDSs)secure resources against threats,they still face challenges in improving detection accuracy,reducing false alarm rates,and detecting the unknown ones.This paper presents a framework to integrate data mining classification algorithms and association rules to implement network intrusion detection.Several experiments have been performed and evaluated to assess various machine learning classifiers based on the KDD99 intrusion dataset.Our study focuses on several data mining algorithms such as;naïve Bayes,decision trees,support vector machines,decision tables,k-nearest neighbor algorithms,and artificial neural networks.Moreover,this paper is concerned with the association process in creating attack rules to identify those in the network audit data,by utilizing a KDD99 dataset anomaly detection.The focus is on false negative and false positive performance metrics to enhance the detection rate of the intrusion detection system.The implemented experiments compare the results of each algorithm and demonstrate that the decision tree is the most powerful algorithm as it has the highest accuracy(0.992)and the lowest false positive rate(0.009).

Algorithm of Intrusion Detection Based on Data Mining and Its Implementation

Intrusion detection is regarded as classification in data mining field. However instead of directly mining the classification rules, class association rules, which are then used to construct a classifier, are mined from audit logs. Some attributes in audit logs are important for detecting intrusion but their values are distributed skewedly. A relative support concept is proposed to deal with such situation. To mine class association rules effectively, an algorithms based on FP-tree is exploited. Experiment result proves that this method has better performance.

Research on the Strategy of Underwater United Detection Fusion and Communication Using Multi-sensor

In order to solve the distributed detection fusion problem of underwater target detection, when the signal to noise ratio (SNR) of the acoustic channel is low, a new strategy for united detection fusion and communication using multiple sensors was proposed. The performance of detection fusion was studied and compared based on the Neyman-Pearson principle when the binary phase shift keying (BPSK) and on-off keying (OOK) modes were used by the local sensors. The comparative simulation and analysis between the optimal likelihood ratio test and the proposed strategy was completed, and both the theoretical analysis and simulation indicate that using the proposed new strategy could improve the detection performance effectively. In theory, the proposed strategy of united detection fusion and communication is of great significance to the establishment of an underwater target detection system.

Intrusion Detection Using Ensemble Wrapper Filter Based Feature Selection with Stacking Model

The number of attacks is growing tremendously in tandem with the growth of internet technologies.As a result,protecting the private data from prying eyes has become a critical and tough undertaking.Many intrusion detection solutions have been offered by researchers in order to decrease the effect of these attacks.For attack detection,the prior system has created an SMSRPF(Stacking Model Significant Rule Power Factor)classifier.To provide creative instance detection,the SMSRPF combines the detection of trained classifiers such as DT(Decision Tree)and RF(Random Forest).Nevertheless,it does not generate any accuratefindings that are adequate.The suggested system has built an EWF(Ensemble Wrapper Filter)feature selection with SMSRPF classifier for attack detection so as to overcome this problem.The UNSW-NB15 dataset is used as an input in this proposed research project.Specifically,min–max normalization approach is used to pre-process the incoming data.The feature selection is then carried out using EWF.Based on the selected features,SMSRPF classifiers are utilized to detect the attacks.The SMSRPF is integrated with the trained classi-fiers such as DT and RF to create creative instance detection.After that,the testing data is classified using MCAR(Multi-Class Classification based on Association Rules).The SRPF judges the rules correctly even when the confidence and the lift measures fail.Regarding accuracy,precision,recall,f-measure,computation time,and error,the experimental findings suggest that the new system outperforms the prior systems.

An analysis method of topological relations between Snort rules

It is difficult to knowall the relations between Snort rules. To deal with this problem, the topological relations between Snort rules are classified based on the set theory, and a method for calculating the topological relations between Snort rules is proposed. In the existing methods for analyzing the relations of Snort rules, the relations are usually determined only according to the header information of the Snort rules. Without considering the actions of Snort rules, the proposed method improves upon the existing methods and it can classify and calculate the topological relations between Snort rules according to both headers and options information of Snort rules. In addition, the proposed method is implemented by the functional language Haskell. The experimental results showthat the topological relations between Snort rules can be calculated rapidly and effectively. The proposed method also provides an important basis for conflict detection in the succeeding Snort rules.

A Secure Framework for WSN-IoT Using Deep Learning for Enhanced Intrusion Detection

The security of the wireless sensor network-Internet of Things(WSN-IoT)network is more challenging due to its randomness and self-organized nature.Intrusion detection is one of the key methodologies utilized to ensure the security of the network.Conventional intrusion detection mechanisms have issues such as higher misclassification rates,increased model complexity,insignificant feature extraction,increased training time,increased run time complexity,computation overhead,failure to identify new attacks,increased energy consumption,and a variety of other factors that limit the performance of the intrusion system model.In this research a security framework for WSN-IoT,through a deep learning technique is introduced using Modified Fuzzy-Adaptive DenseNet(MF_AdaDenseNet)and is benchmarked with datasets like NSL-KDD,UNSWNB15,CIDDS-001,Edge IIoT,Bot IoT.In this,the optimal feature selection using Capturing Dingo Optimization(CDO)is devised to acquire relevant features by removing redundant features.The proposed MF_AdaDenseNet intrusion detection model offers significant benefits by utilizing optimal feature selection with the CDO algorithm.This results in enhanced Detection Capacity with minimal computation complexity,as well as a reduction in False Alarm Rate(FAR)due to the consideration of classification error in the fitness estimation.As a result,the combined CDO-based feature selection and MF_AdaDenseNet intrusion detection mechanism outperform other state-of-the-art techniques,achieving maximal Detection Capacity,precision,recall,and F-Measure of 99.46%,99.54%,99.91%,and 99.68%,respectively,along with minimal FAR and Mean Absolute Error(MAE)of 0.9%and 0.11.