71 resultados para network-based intrusion detection system
Resumo:
Internal and external computer network attacks or security threats occur according to standards and follow a set of subsequent steps, allowing to establish profiles or patterns. This well-known behavior is the basis of signature analysis intrusion detection systems. This work presents a new attack signature model to be applied on network-based intrusion detection systems engines. The AISF (ACME! Intrusion Signature Format) model is built upon XML technology and works on intrusion signatures handling and analysis, from storage to manipulation. Using this new model, the process of storing and analyzing information about intrusion signatures for further use by an IDS become a less difficult and standardized process.
Resumo:
Intrusion detection systems that make use of artificial intelligence techniques in order to improve effectiveness have been actively pursued in the last decade. Neural networks and Support Vector Machines have been also extensively applied to this task. However, their complexity to learn new attacks has become very expensive, making them inviable for a real time retraining. In this research, we introduce a new pattern classifier named Optimum-Path Forest (OPF) to this task, which has demonstrated to be similar to the state-of-the-art pattern recognition techniques, but extremely more efficient for training patterns. Experiments on public datasets showed that OPF classifier may be a suitable tool to detect intrusions on computer networks, as well as allow the algorithm to learn new attacks faster than the other techniques. © 2011 IEEE.
Resumo:
The computers and network services became presence guaranteed in several places. These characteristics resulted in the growth of illicit events and therefore the computers and networks security has become an essential point in any computing environment. Many methodologies were created to identify these events; however, with increasing of users and services on the Internet, many difficulties are found in trying to monitor a large network environment. This paper proposes a methodology for events detection in large-scale networks. The proposal approaches the anomaly detection using the NetFlow protocol, statistical methods and monitoring the environment in a best time for the application. © 2010 Springer-Verlag Berlin Heidelberg.
Resumo:
Recently, considerable research work have been conducted towards finding fast and accurate pattern classifiers for training Intrusion Detection Systems (IDSs). This paper proposes using the so called Fuzzy ARTMAT classifier to detect intrusions in computer network. Our investigation shows, through simulations, how efficient such a classifier can be when used as the learning mechanism of a typical IDS. The promising evaluation results in terms of both detection accuracy and training duration indicate that the Fuzzy ARTMAP is indeed viable for this sort of application.
Resumo:
Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP)
Resumo:
Concept drift, which refers to non stationary learning problems over time, has increasing importance in machine learning and data mining. Many concept drift applications require fast response, which means an algorithm must always be (re)trained with the latest available data. But the process of data labeling is usually expensive and/or time consuming when compared to acquisition of unlabeled data, thus usually only a small fraction of the incoming data may be effectively labeled. Semi-supervised learning methods may help in this scenario, as they use both labeled and unlabeled data in the training process. However, most of them are based on assumptions that the data is static. Therefore, semi-supervised learning with concept drifts is still an open challenging task in machine learning. Recently, a particle competition and cooperation approach has been developed to realize graph-based semi-supervised learning from static data. We have extend that approach to handle data streams and concept drift. The result is a passive algorithm which uses a single classifier approach, naturally adapted to concept changes without any explicit drift detection mechanism. It has built-in mechanisms that provide a natural way of learning from new data, gradually "forgetting" older knowledge as older data items are no longer useful for the classification of newer data items. The proposed algorithm is applied to the KDD Cup 1999 Data of network intrusion, showing its effectiveness.
Resumo:
In this paper an alternative method based on artificial neural networks is presented to determine harmonic components in the load current of a single-phase electric power system with nonlinear loads, whose parameters can vary so much in reason of the loads characteristic behaviors as because of the human intervention. The first six components in the load current are determined using the information contained in the time-varying waveforms. The effectiveness of this method is verified by using it in a single-phase active power filter with selective compensation of the current drained by an AC controller. The proposed method is compared with the fast Fourier transform.
Resumo:
Induction motors are largely used in several industry sectors. The selection of an induction motor has still been inaccurate because in most of the cases the load behavior in its shaft is completely unknown. The proposal of this article is to use artificial neural networks for torque estimation with the purpose of best selecting the induction motors rather than conventional methods, which use classical identification techniques and mechanical load modeling. Since proposed approach estimates the torque behavior from the transient to the steady state, one of its main contributions is the potential to also be implemented in control schemes for real-time applications. Simulation results are also presented to validate the proposed approach.
Resumo:
This work presents a methodology to analyze electric power systems transient stability for first swing using a neural network based on adaptive resonance theory (ART) architecture, called Euclidean ARTMAP neural network. The ART architectures present plasticity and stability characteristics, which are very important for the training and to execute the analysis in a fast way. The Euclidean ARTMAP version provides more accurate and faster solutions, when compared to the fuzzy ARTMAP configuration. Three steps are necessary for the network working, training, analysis and continuous training. The training step requires much effort (processing) while the analysis is effectuated almost without computational effort. The proposed network allows approaching several topologies of the electric system at the same time; therefore it is an alternative for real time transient stability of electric power systems. To illustrate the proposed neural network an application is presented for a multi-machine electric power systems composed of 10 synchronous machines, 45 buses and 73 transmission lines. (C) 2010 Elsevier B.V. All rights reserved.
Resumo:
This paper traces the development of a software tool, based oil a combination of artificial neural networks (ANN) and a few process equations. aiming to serve as a backup operation instrument in the reference generation for real-time controllers of a steel tandem cold mill By emulating the mathematical model responsible for generating presets under normal operational conditions, the system works as ail option to maintain plant operation in the event of a failure in the processing unit that executes the mathematical model. The system, built from the production data collected over six years of plant operation, steered to the replacement of the former backup operation mode (based oil a lookup table). which degraded both product quality and plant productivity. The study showed that ANN are appropriated tools for the intended purpose and that by this instrument it is possible to achieve nearly the totality of the presets needed by this land of process. The text characterizes the problem, relates the investigated options to solve it. justifies the choice of the ANN approach, describes the methodology and system implementation and, finally, shows and discusses the attained results. (C) 2009 Elsevier Ltd. All rights reserved
Resumo:
This work presents a methodology to analyze transient stability for electric energy systems using artificial neural networks based on fuzzy ARTMAP architecture. This architecture seeks exploring similarity with computational concepts on fuzzy set theory and ART (Adaptive Resonance Theory) neural network. The ART architectures show plasticity and stability characteristics, which are essential qualities to provide the training and to execute the analysis. Therefore, it is used a very fast training, when compared to the conventional backpropagation algorithm formulation. Consequently, the analysis becomes more competitive, compared to the principal methods found in the specialized literature. Results considering a system composed of 45 buses, 72 transmission lines and 10 synchronous machines are presented. © 2003 IEEE.
Resumo:
This work describes a hardware/software co-design system development, named IEEE 1451 platform, to be used in process automation. This platform intends to make easier the implementation of IEEE standards 1451.0, 1451.1, 1451.2 and 1451.5. The hardware was built using NIOS II processor resources on Alteras Cyclone II FPGA. The software was done using Java technology and C/C++ for the processors programming. This HW/SW system implements the IEEE 1451 based on a control module and supervisory software for industrial automation. © 2011 Elsevier B.V.
Resumo:
Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
