Ensemble fuzzy belief intrusion detection design

With the rapid growth of the Internet, computer attacks are increasing at a fast pace and can easily cause millions of dollar in damage to an organization. Detecting these attacks is an important issue of computer security. There are many types of attacks and they fall into four main categories, Denial of Service (DoS) attacks, Probe, User to Root (U2R) attacks, and Remote to Local (R2L) attacks. Within these categories, DoS and Probe attacks continuously show up with greater frequency in a short period of time when they attack systems. They are different from the normal traffic data and can be easily separated from normal activities. On the contrary, U2R and R2L attacks are embedded in the data portions of the packets and normally involve only a single connection. It becomes difficult to achieve satisfactory detection accuracy for detecting these two attacks. Therefore, we focus on studying the ambiguity problem between normal activities and U2R/R2L attacks. The goal is to build a detection system that can accurately and quickly detect these two attacks. In this dissertation, we design a two-phase intrusion detection approach. In the first phase, a correlation-based feature selection algorithm is proposed to advance the speed of detection. Features with poor prediction ability for the signatures of attacks and features inter-correlated with one or more other features are considered redundant. Such features are removed and only indispensable information about the original feature space remains. In the second phase, we develop an ensemble intrusion detection system to achieve accurate detection performance. The proposed method includes multiple feature selecting intrusion detectors and a data mining intrusion detector. The former ones consist of a set of detectors, and each of them uses a fuzzy clustering technique and belief theory to solve the ambiguity problem. The latter one applies data mining technique to automatically extract computer users’ normal behavior from training network traffic data. The final decision is a combination of the outputs of feature selecting and data mining detectors. The experimental results indicate that our ensemble approach not only significantly reduces the detection time but also effectively detect U2R and R2L attacks that contain degrees of ambiguous information.

Ensemble Fuzzy Belief Intrusion Detection Design

With the rapid growth of the Internet, computer attacks are increasing at a fast pace and can easily cause millions of dollar in damage to an organization. Detecting these attacks is an important issue of computer security. There are many types of attacks and they fall into four main categories, Denial of Service (DoS) attacks, Probe, User to Root (U2R) attacks, and Remote to Local (R2L) attacks. Within these categories, DoS and Probe attacks continuously show up with greater frequency in a short period of time when they attack systems. They are different from the normal traffic data and can be easily separated from normal activities. On the contrary, U2R and R2L attacks are embedded in the data portions of the packets and normally involve only a single connection. It becomes difficult to achieve satisfactory detection accuracy for detecting these two attacks. Therefore, we focus on studying the ambiguity problem between normal activities and U2R/R2L attacks. The goal is to build a detection system that can accurately and quickly detect these two attacks. In this dissertation, we design a two-phase intrusion detection approach. In the first phase, a correlation-based feature selection algorithm is proposed to advance the speed of detection. Features with poor prediction ability for the signatures of attacks and features inter-correlated with one or more other features are considered redundant. Such features are removed and only indispensable information about the original feature space remains. In the second phase, we develop an ensemble intrusion detection system to achieve accurate detection performance. The proposed method includes multiple feature selecting intrusion detectors and a data mining intrusion detector. The former ones consist of a set of detectors, and each of them uses a fuzzy clustering technique and belief theory to solve the ambiguity problem. The latter one applies data mining technique to automatically extract computer users’ normal behavior from training network traffic data. The final decision is a combination of the outputs of feature selecting and data mining detectors. The experimental results indicate that our ensemble approach not only significantly reduces the detection time but also effectively detect U2R and R2L attacks that contain degrees of ambiguous information.

Implementação da Pedagogia Genológica com Alunos com Necessidades Educativas Especiais - Contributos para uma Literacia Inclusiva

O presente Relatório inscreve-se no Mestrado de Educação Especial – Domínio Cognitivo-Motor e apresenta a investigação que visou testar a eficácia da pedagogia Reading to Learn (R2L), de David Rose (2013), junto de um grupo de alunos do 8ºano de escolaridade, com Necessidades Educativas Especiais no domínio cognitivo (ainda que sem o diagnóstico de Incapacidade Intelectual), a usufruírem de medidas de Educação Especial ao abrigo do Decreto-Lei 03/2008 de 07 de janeiro, numa Escola com 2º e 3º ciclos, de um Agrupamento de Escolas de grande dimensão, na zona oeste do país. Recorreu-se a um desenho Quasi-Experimental, no qual participaram 29 alunos distribuídos por um «grupo de intervenção» de cinco elementos com NEE e dois «grupos de testemunho» (1 e 2), compostos por cinco alunos com NEE e 19 sem NEE, respetivamente. O estudo foi composto por pré-teste, intervenção exclusiva para o grupo-alvo e pós-teste, procedendo-se à análise dos textos narrativos produzidos nos momentos inicial e final do estudo, e comparando-se o desempenho de uns e outros, mediante o nº de palavras e qualidade dos textos, aferida mediante referencial de análise do próprio programa R2L. Os resultados apurados apontam para um impacto bastante positivo do Programa R2L implementado junto do «grupo de intervenção», denotando-se uma evolução progressiva e significativa quer na extensão, quer na qualidade dos textos produzidos pelo grupo dos alunos sujeitos à intervenção. Do mesmo modo, percebeu-se que, do momento de pré-teste para o pós-teste, se registou uma diminuição da diferença entre «grupo de intervenção» e «grupo de testemunho 2», tanto na extensão como qualidade dos textos produzidos, enquanto as prestações dos elementos do «grupo de testemunho 1» tiveram melhorias menos expressivas. Também a opinião das docentes de Educação Especial, que acompanham os alunos intervencionados, confirma uma melhoria no plano das aprendizagens, decorrente de um maior envolvimento, motivação e capacidade de organização dos textos escritos.

Data Mining for Network Intrusion Detection : A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks

Data mining can be defined as the extraction of implicit, previously un-known, and potentially useful information from data. Numerous re-searchers have been developing security technology and exploring new methods to detect cyber-attacks with the DARPA 1998 dataset for Intrusion Detection and the modified versions of this dataset KDDCup99 and NSL-KDD, but until now no one have examined the performance of the Top 10 data mining algorithms selected by experts in data mining. The compared classification learning algorithms in this thesis are: C4.5, CART, k-NN and Naïve Bayes. The performance of these algorithms are compared with accuracy, error rate and average cost on modified versions of NSL-KDD train and test dataset where the instances are classified into normal and four cyber-attack categories: DoS, Probing, R2L and U2R. Additionally the most important features to detect cyber-attacks in all categories and in each category are evaluated with Weka’s Attribute Evaluator and ranked according to Information Gain. The results show that the classification algorithm with best performance on the dataset is the k-NN algorithm. The most important features to detect cyber-attacks are basic features such as the number of seconds of a network connection, the protocol used for the connection, the network service used, normal or error status of the connection and the number of data bytes sent. The most important features to detect DoS, Probing and R2L attacks are basic features and the least important features are content features. Unlike U2R attacks, where the content features are the most important features to detect attacks.