Yihua Liao, V. Rao Vemuri Mingxing Gong CISC850 Cyber Analytics - PowerPoint PPT Presentation

Dec 20, 2022 •254 likes •455 views

Use of K-Nearest Neighbor classifier for intrusion detection Yihua Liao, V. Rao Vemuri Mingxing Gong CISC850 Cyber Analytics Outline Introduction Methodology Experiments Discussion & Conclusion Outline Introduction

Use of K-Nearest Neighbor classifier for intrusion detection Yihua Liao, V. Rao Vemuri Mingxing Gong CISC850 Cyber Analytics
Outline • Introduction • Methodology • Experiments • Discussion & Conclusion
Outline • Introduction • Methodology • Experiments • Discussion & Conclusion
Introduction ▪ High false alarm probability or low attack detection accuracy ▪ Two general approaches: • Misuse detection • Anomaly detection ▪ Local ordering vs. frequency of system calls
Nearest Neighbour Rule Consider a two class problem where each sample consists of two measurements ( x,y ). k = 1 Compute the k nearest neighbours and assign the class by majority vote. k = 3 Reference: www.robots.ox.ac.uk/~dclaus/cameraloc/samples/nearestneighbour.ppt
Outline • Introduction • Methodology • Experiments • Discussion & Conclusion
Methodology • Apply text categorization methods to intrusion detection
Methodology • Each document is represented by a vector of words • Weighting approach tf·idf (term frequency – inverse document frequency) • The cosine similarity is defined as follows:
Outline • Introduction • Methodology • Experiments • Discussion & Conclusion
Experiments • DARPA data • Cross validation and 50 distinct system calls
KNN classifier algorithm for anomaly detection
KNN classifier performance
Anomaly Detection • The overall running time of the kNN method is O(N) • Integrate with signature verification
Frequency Weighting vs. tf·idf Weighting
Frequency Weighting vs. tf·idf Weighting
Outline • Introduction • Methodology • Experiments • Discussion & Conclusion
Discussion • kNN Classifier advantages • Compared tf·idf weighting with the frequency weighting • Classification cost can be further reduced by only using most influential system calls
Conclusion • kNN Classifier is able to effectively detect intrusive program behavior with low false positive rate • Further research is in process to investigate the reliability and scaling properties of the kNN classifier method
Reference [1] www.robots.ox.ac.uk/~dclaus/cameraloc/samples/nearestneighbour.ppt [2] Yihua Liao, V. Rao Vemuri , ‘Use of K -Nearest Neighbor classifier for intrusion detection’, Computers & Security, Volume 21, Issue 5 , 1 October 2002, Pages 439-448

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Novel Tensor Distribution Model for the Diffusion Weighted MR Signal Baba C. Vemuri UFRF

Introduction Background Theory Results Conclusions A Novel Tensor Distribution Model for the Diffusion Weighted MR Signal Baba C. Vemuri UFRF Professor & Director Center for Vision, Graphics, and Medical Imaging Department of Computer

1.35k views • 101 slides

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo

Throughput prediction based on mobile device context in Cellular Network Yihua (Ethan) Guo University of Michigan AIMS-5 2013 Background Prevalence of cellular networks Mobile Traffic is expected to grow rapidly in the near future

510 views • 18 slides

of Wear OS Xiao Zhu 1 Yihua Ethan Guo 2 Ashkan Nikravesh 1 Feng Qian 3 Z. Morley Mao 1 1 University

Understanding the Networking Performance of Wear OS Xiao Zhu 1 Yihua Ethan Guo 2 Ashkan Nikravesh 1 Feng Qian 3 Z. Morley Mao 1 1 University of Michigan 2 Uber Techologies Inc. 3 Univeristy of Minnesota 1 Wearable Networking Is Important

580 views • 28 slides

A Systematic Data Driven Comparison Xiaofeng Zhou, Xu Yihua, Brandon Suehs, Abraham Hartzema,

Observational Medical Outcomes Partnership and Mini-Sentinel Common Data Models and Analytics: A Systematic Data Driven Comparison Xiaofeng Zhou, Xu Yihua, Brandon Suehs, Abraham Hartzema, Michael Kahn, Yola Moride, Brian Sauer, Qing Liu,

244 views • 20 slides

MANDALA Team Edo Roth (Systems Architect) Harsha Vemuri (Tester) Kanika Verma (Manager)

MANDALA Team Edo Roth (Systems Architect) Harsha Vemuri (Tester) Kanika Verma (Manager) Samantha Wiener (Language Guru) Motivations Mandala is a geometric pattern Simple and intuitive code complex and accurate geometric designs

351 views • 10 slides

for HPC workloads Key Liao Center for HPC Shanghai Jiao Tong University Jan 9th, 2019 About Me

Benchmarking Huawei ARM Multi-Core Processors for HPC workloads Key Liao Center for HPC Shanghai Jiao Tong University Jan 9th, 2019 About Me Key Liao ( ) B.S. from Environment Science and Engineering, SJTU. HPC Engineer of Center

664 views • 21 slides

Simulating Soil Moisture Dynamics in NCEP Numerical Weather/Climate Prediction Models Yihua Wu 1 ,

Simulating Soil Moisture Dynamics in NCEP Numerical Weather/Climate Prediction Models Yihua Wu 1 , Youlong Xia 1 , Helin Wei 1 & Jack Kain 2 1 IMSG at NOAA/NCEP/EMC, 2 NOAA/NCEP/EMC, 6/06/2018 MOISST2018, Lincoln, NE 1 Outline

646 views • 18 slides

SECOND LIFE WORK FLOW Tejeshwar Sangameswaran Ayu Nakaoka Sanjay Vemuri Keith Perkins OUTLINE The

SECOND LIFE WORK FLOW Tejeshwar Sangameswaran Ayu Nakaoka Sanjay Vemuri Keith Perkins OUTLINE The problem at hand Work previously done The solution Project status Pharmacy simulation Demo PROBLEM AT HAND Workflow is a sequence of

252 views • 12 slides

Hard Disk Reading Process Hard Disk Reading Process Becky Jaiven Becky Jaiven Dini Vemuri

Hard Disk Reading Process Hard Disk Reading Process Becky Jaiven Becky Jaiven Dini Vemuri Vemuri Dini Jason Naso Naso Jason Gabi Nunes Nunes Gabi Reading Components Reading Components Modern disk drives typically consist of

234 views • 11 slides

Highway Networks and Residual Networks Renjie Liao University of Toronto Jan 26, 2016 Renjie

Highway Networks and Residual Networks Renjie Liao University of Toronto Jan 26, 2016 Renjie Liao (UofT) Highway Networks and Residual Networks Jan 26, 2016 1 / 23 Neural Network A network connecting numerous neurons Renjie Liao (UofT)

685 views • 40 slides

Incremental Randomized Sketching for Online Kernel Learning Shizhong Liao Xiao Zhang College

Incremental Randomized Sketching for Online Kernel Learning Shizhong Liao Xiao Zhang College of Intelligence and Computing, Tianjin University szliao@tju.edu.cn June 13, 2019 Xiao Zhang Shizhong Liao (TJU) ICML 2019 June 13, 2019 1 / 11

246 views • 11 slides

Decentralized Prediction of End-to-End Network Performance Classes Yongjun Liao, Wei Du, Pierre

Introduction Class-based Representation Matrix Completion Experiments and Evaluations Conclusions and Future Work Decentralized Prediction of End-to-End Network Performance Classes Yongjun Liao, Wei Du, Pierre Geurts, Guy Leduc Research Unit

899 views • 75 slides

? ? Dun-Hao Chang, Wen-Chieh Liao, Hsu Ma Division of Plastic Surgery, Department of Surgery,

Research of the Fate of Fat Graft ? ? Dun-Hao Chang, Wen-Chieh Liao, Hsu Ma Division of Plastic Surgery, Department of Surgery, Taipei Veterans General Hospital, Taiwan The authors have nothing to disclose for financial interest. Early

219 views • 10 slides

TOWARDS AN OPTIMAL SUBSPACE FOR K-MEANS ADVISOR: JIA-LING KOH SPEAKER: YIN-HSIANG LIAO

TOWARDS AN OPTIMAL SUBSPACE FOR K-MEANS ADVISOR: JIA-LING KOH SPEAKER: YIN-HSIANG LIAO 2018/01/30, FROM KDD 2017. Introduction Which Two attributes you will pick, If you what to show the clusters? Petal_length, Petal_width. Iris dataset 2

555 views • 32 slides

Counting defective interfering particles: Easy as 1, 2, 3, . . . ? Laura Liao 1 1 Department of

What is a DIP? Conventional DIP counting An alternative method Conclusions Counting defective interfering particles: Easy as 1, 2, 3, . . . ? Laura Liao 1 1 Department of (Viro) Physics, Ryerson University Supervisor: Prof. Catherine Beauchemin

310 views • 10 slides

Assessing the Similarity of Bio-analytical Methods (Linear Case) Jason Liao, Ph.D. Merck

Assessing the Similarity of Bio-analytical Methods (Linear Case) Jason Liao, Ph.D. Merck Research Laboratories Joint work with Yu Tian, Rong Liu, Robert Capen Non-Clinical Statistics Conference, 2008 Outline Introduction

361 views • 21 slides

HIPAA Security HIPAA Security Jeanne Smythe, UNC-CH Jeanne Smythe, UNC-CH Jack McCoy, ECU Jack

HIPAA Security HIPAA Security Jeanne Smythe, UNC-CH Jeanne Smythe, UNC-CH Jack McCoy, ECU Jack McCoy, ECU Chad Bebout, UNC-CH Chad Bebout, UNC-CH Doug Brown, UNC-CH Doug Brown, UNC-CH What is this? What is this? Federal Regulations

514 views • 29 slides

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS RFP #2416 OUR DIFFERENTIATORS Global Risk Atlantic has a deep understanding of Risk Assessment and Penetration Testing on a Assessment global

519 views • 7 slides

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech Information Security Center Georgia Tech

763 views • 16 slides

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br Instituto de Informtica UFRGS Securing Networks in the Programmable Data Plane Era Network softwarization : the first wave P4 programs are

607 views • 12 slides

PAGE 2 The Need for New Levels of Protection Business Drivers Greater Increased Higher

Kaspersky Endpoint Security 8 Control Technologies PAGE 1 Youre in c ontrol. Youre in the drivers seat. . Applications Devices Web content filtering PAGE 2 The Need for New Levels of Protection Business Drivers Greater Increased

457 views • 20 slides

De Deli livering ering Sustainable stainable Val alue ue Invest estor Presen enta tati

De Deli livering ering Sustainable stainable Val alue ue Invest estor Presen enta tati tion on Augus ust t 2012 Certain of the statements made in this Presentation may contain forward-looking statements within the meaning of the

762 views • 48 slides

Cyb yber er Sec ecurity rity @ UN @ UNC Industr stry y Based ed Broadening dening

Cyb yber er Sec ecurity rity @ UN @ UNC Industr stry y Based ed Broadening dening Information rmation Operat rations ns Denni nis s Schmid idt Assistant Vice Chancellor for Information Security and Privacy and Chief Information

624 views • 38 slides

TSX:V - ZON 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Disclaimer CAUTIONARY STATEMENT

TSX:V - ZON 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Disclaimer CAUTIONARY STATEMENT REGARDING FORWARD-LOOKING INFORMATION Except for the statements of historical fact, the information contained in this document is of a forward-looking

398 views • 24 slides