INTRUSION detection is based on the assumption that intrusion activities are noticeably different from normal system activities and thus detectable. As defined in, intrusion detection is “the process of monitoring the events
occurring in a computer system or network and analyzing them for signs of intrusions. It is also defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network”. Anomaly Intrusion Detection Systems (IDSs) aim at distinguishing an abnormal activity from an ordinary one. Many approaches have been proposed which include statistical, machine learning, data mining and immunological inspired techniques. There are two main intrusion detection systems. Anomaly intrusion detection system is based on the profiles of normal behaviors of users or applications and checks whether the system is being used in a different manner.
The second one is called misuse intrusion detection system which collects attack signatures, compares a behavior with these attack signatures, and signals intrusion when there is a match. Independent component analysis (ICA) aims at extracting unknown hidden actors/components from multivariate data using only the assumption that the unknown factors are mutually independent. The theory of rough sets has been specially designed to handle data imperfections same as in fuzzy logic. Rough sets remove superfluous information by examining attribute dependencies. It deals with inconsistencies, uncertainty and incompleteness by imposing an upper and a lower approximation to set membership. Rough sets estimates the relevance of an attribute by using attribute dependencies regarding a given decision class. It achieves attribute set covering by imposing a discernibility relation. It is often impossible to analyze the vast amount of whole data, but one has to focus the analysis on an important portion of the data such as using some criteria, only the classes of interest can be selected for analysis or processing while the rest is rejected. This paper suggests the use ICA as a dimensionality reduction technique to avoid this information loss. The rest of this paper is organized as follows. In section II, we discuss the related works and independent component analysis; introduce rough set, fuzzy set and rough fuzzy in section III; explains experimental design in section IV; evaluate our intrusion detection model through experiments in section V; and in section VI ends the paper with a conclusion and some discussion.
Network Anomaly Detection using Soft Computing [PDF]
No comments:
Post a Comment