A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier

With increasing Internet connectivity and traffic volume, recent intrusion incidents have reemphasized the importance of network intrusion detection systems for combating increasingly sophisticated network attacks. Techniques such as pattern recognition and the data mining of network events are often used by intrusion detection systems to classify the network events as either normal events or attack events. Our research study claims that the Hidden Naïve Bayes (HNB) model can be applied to intrusion detection problems that suffer from dimensionality, highly correlated features and high network data stream volumes. HNB is a data mining model that relaxes the Naïve Bayes method’s conditional independence assumption. Our experimental results show that the HNB model exhibits a superior overall performance in terms of accuracy, error rate and misclassification cost compared with the traditional Naïve Bayes model, leading extended Naïve Bayes models and the Knowledge Discovery and Data Mining (KDD) Cup 1999 winner. Our model performed better than other leading state-of-the art models, such as SVM, in predictive accuracy. The results also indicate that our model significantly improves the accuracy of detecting denial-of-services (DoS) attacks.     

Fuzzy approach for intrusion detection based on user’s commands

The article concerns the problem of detecting masqueraders in computer systems. A masquerader in a computer system is an intruder who pretends to be a legitimate user in order to gain access to protected resources. The article presents an intrusion detection method based on a fuzzy approach. Two types of user’s activity profiles are proposed along with the corresponding data structures. The solution analyzes the activity of the computer user in a relatively short period of time, building a user’s profile. The profile is based on the most recent activity of the user, therefore, it is named the local profile. Further analysis involves creating a more general structure based on a defined number of local profiles of one user, called the fuzzy profile. It represents a generalized behavior of the computer system user. The fuzzy profiles are used directly to detect abnormalities in users’ behavior, and thus possible intrusions. The proposed solution is prepared to be able to create user’s profiles based on any countable features derived from user’s actions in computer system (i.e., used commands, mouse and keyboard data, requested network resources). The presented method was tested using one of the commonly available standard intrusion data sets containing command names executed by users of a Unix system. Therefore, the obtained results can be compared with other approaches. The results of the experiments have shown that the method presented in this article is comparable with the best intrusion detection methods, tested with the same data set, in the matter of the obtained results. The proposed solution is characterized by a very low computational complexity, which has been confirmed by experimental results.     

Abnormal traffic-indexed state estimation: A cyber–physical fusion approach for Smart Grid attack detection

Integration with information network not only facilitates Smart Grid with many unprecedented features, but also introduces many new security issues, such as false data injection and system intrusion. One of the biggest challenges in Smart Grid attack detection is how to fuse the heterogeneous data from the power system and information network. In this paper, a novel cyber–physical fusion approach is proposed to detect a Smart Grid attack Bad Data Injection (BDI), by merging both the features of the traffic flow in information network and the inherent physical laws in the power system into a unified model, named as Abnormal Traffic-indexed State Estimation (ATSE). The cyber security incidents, monitored by intrusion detection system (IDS), are quantized to serve as the impact factors that are incorporated into the bad data detection system based on state estimation model in power grid. Hundreds of attack cases are simulated on each transmission line of three IEEE standard systems to compare ATSE with current cyber, physical abnormal detection methods and cyber–physical fusion method, including IDS (Snort), bad data detection algorithm (Chi-square test) and SCPSE. The results indicate that ATSE can improve the detection rate 20% than the Chi-square Test on average, filter most false alarms generated by Snort, and solve the observability problem of SCPSE.     

A novel intrusion detection approach learned from the change of antibody concentration in biological immune response

Inspired by the relationship between the antibody concentration and the intrusion network traffic pattern intensity, we present a Novel Intrusion Detection Approach learned from the change of Antibody Concentration in biological immune response (NIDAAC) to reduce false alarm rate without affecting detection rate. In NIDAAC, the concepts and formal definitions of self, nonself, antibody, antigen and detector in the intrusion detection domain are given. Then, in initial IDS, new detectors are generated from the gene library and tested by the negative selection. In every effective IDS node, according to the intrusion network traffic pattern intensity, the change of antibody number is recorded from the process of clone proliferation based on the detector evolution. Finally, building upon the above works, a probabilistic calculation model for intrusion alarm production, which is based on the correlation between the antibody concentration and the intrusion network traffic pattern intensity, is proposed. Compared with Naive Bayes (NB), Multilevel Classifier (AdaBoost) and Hidden Markov Model (HMM), the false alarm rate of NIDAAC is reduced by 8.66%, 4.93% and 6.36%, respectively. Our theoretical analysis and experimental results show that NIDAAC has a better performance than previous approaches.     

A software-based dynamic-warp scheduling approach for load-balancing the Viola–Jones face detection algorithm on GPUs

Face detection is a key component in applications such as security surveillance and human–computer interaction systems, and real-time recognition is essential in many scenarios. The Viola–Jones algorithm is an attractive means of meeting the real time requirement, and has been widely implemented on custom hardware, FPGAs and GPUs. We demonstrate a GPU implementation that achieves competitive performance, but with low development costs. Our solution treats the irregularity inherent to the algorithm using a novel dynamic warp scheduling approach that eliminates thread divergence. This new scheme also employs a thread pool mechanism, which significantly alleviates the cost of creating, switching, and terminating threads. Compared to static thread scheduling, our dynamic warp scheduling approach reduces the execution time by a factor of 3. To maximize detection throughput, we also run on multiple GPUs, realizing 95.6 FPS on 5 Fermi GPUs.     

A coupled encoder–decoder network for joint face detection and landmark localization

Face detection and landmark localization have been extensively investigated and are the prerequisite for many face related applications, such as face recognition and 3D face reconstruction. Most existing methods address only one of the two problems. In this paper, we propose a coupled encoder–decoder network to jointly detect faces and localize facial key points. The encoder and decoder generate response maps for facial landmark localization. Moreover, we observe that the intermediate feature maps from the encoder and decoder represent facial regions, which motivates us to build a unified framework for multi-scale cascaded face detection by coupling the feature maps. Experiments on face detection using two public benchmarks show improved results compared to the existing methods. They also demonstrate that face detection as a pre-processing step leads to increased robustness in face recognition. Finally, our experiments show that the landmark localization accuracy is consistently better than the state-of-the-art on three face-in-the-wild databases.     

A scheduling algorithm for maximum throughput based on the link condition in heterogeneous network

Nowadays, a lot of wireless interfaces can be used by mobile users to access the Internet, such as WLAN, WiMAX, WlFI and even 3G. If a mobile terminal is equipped with multiple interfaces, it can use them simultaneously to improve the performance at the hot point where different RANs （Radio Access Networks） overlap. This paper proposes a scheduling algorithm based on the link condition that ensures the whole network has the maximum throughput. Simulation is also done to show the improvement of throughput with this scheduling algorithm.     

A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods

This paper presents a novel host-based combinatorial method based on k-Means clustering and ID3 decision tree learning algorithms for unsupervised classification of anomalous and normal activities in computer network ARP traffic. The k-Means clustering method is first applied to the normal training instances to partition it into k clusters using Euclidean distance similarity. An ID3 decision tree is constructed on each cluster. Anomaly scores from the k-Means clustering algorithm and decisions of the ID3 decision trees are extracted. A special algorithm is used to combine results of the two algorithms and obtain final anomaly score values. The threshold rule is applied for making the decision on the test instance normality. Experiments are performed on captured network ARP traffic. Some anomaly criteria has been defined and applied to the captured ARP traffic to generate normal training instances. Performance of the proposed approach is evaluated using five defined measures and empirically compared with the performance of individual k-Means clustering and ID3 decision tree classification algorithms and the other proposed approaches based on Markovian chains and stochastic learning automata. Experimental results show that the proposed approach has specificity and positive predictive value of as high as 96 and 98%, respectively.     

Automated driving for individualized sheet metal part production—A neural network approach

The manufacturing of individualized sheet metal components is one of the most important issues in industrial sheet metal working. Incremental forming methods, in particular driving, offer the opportunity for achieving this objective. However, these manual processes are very difficult to automate, as a result of their complexity and user interactivity. To resolve this problem, a knowledge-based approach is presented, which utilizes a special type of driving process. Initially, a neural network architecture is established which delivers manufacturing strategies allowing part production for simple component shapes. After providing a method for training data generation, training sessions are carried out. Strategies, computed by trained networks, are adopted for processing sheet blanks which are used for evaluating the framework. Finally, the developed procedure is generalized, and a concept is designed which allows a transfer, in order to facilitate the production of arbitrary individualized sheet metal parts.     

An online game approach for improving students’ learning performance in web-based problem-solving activities

In this paper, an online game was developed in the form of a competitive board game for conducting web-based problem-solving activities. The participants of the game determined their move by throwing a dice. Each location of the game board corresponds to a gaming task, which could be a web-based information-searching question or a mini-game; the former was used to guide the participants to search for information to answer a series of questions related to the target learning issue, while the latter was used to provide supplementary materials during the gaming process. To evaluate the performance of the proposed approach, an experiment was conducted on an elementary school natural science course. The experimental results showed that the proposed approach not only significantly promoted the flow experience, learning attitudes, learning interest and technology acceptance degree of the students, but also improved their learning achievements in the web-based problem-solving activity.     

Location and allocation decisions for multi-echelon supply chain network – A multi-objective evolutionary approach

This paper aims at multi-objective optimization of single-product for four-echelon supply chain architecture consisting of suppliers, production plants, distribution centers (DCs) and customer zones (CZs). The key design decisions considered are: the number and location of plants in the system, the flow of raw materials from suppliers to plants, the quantity of products to be shipped from plants to DCs, from DCs to CZs so as to minimize the combined facility location and shipment costs subject to a requirement that maximum customer demands be met. To optimize these two objectives simultaneously, four-echelon network model is mathematically represented considering the associated constraints, capacity, production and shipment costs and solved using swarm intelligence based Multi-objective Hybrid Particle Swarm Optimization (MOHPSO) algorithm. This evolutionary based algorithm incorporates non-dominated sorting algorithm into particle swarm optimization so as to allow this heuristic to optimize two objective functions simultaneously. This can be used as decision support system for location of facilities, allocation of demand points and monitoring of material flow for four-echelon supply chain network.     

Comment on “A general model for long-tailed network traffic approximation”

The recent paper by Wang et al. (J. Supercomput. 38:155–172, 2006) proposed a Hyper Erlang model for long-tailed network traffic approximation. The paper argued that traditional models such as the Pareto, Weibull and log normal distributions are difficult to apply because of “their complex representations and theoretical properties”. The paper went on to say that the Pareto distribution “does not have analytic Laplace transform, and many other heavy-tailed distributions, such as Weibull and log normal also do not have closed-form Laplace transforms”. In the following, we would like to show that one can actually derive explicit expressions for Laplace transforms of heavy-tailed distributions. The next three sections provide explicit expressions for the Laplace transforms of the Pareto, Weibull and the log-normal distributions. To the best of our knowledge, these are the first known results on Laplace transforms of heavy-tailed distributions.

---

EFFORT: A new host–network cooperated framework for efficient and effective bot malware detection

Bots are still a serious threat to Internet security. Although a lot of approaches have been proposed to detect bots at host or network level, they still have shortcomings. Host-level approaches can detect bots with high accuracy. However they usually pose too much overhead on the host. While network-level approaches can detect bots with less overhead, they have problems in detecting bots with encrypted, evasive communication C&C channels. In this paper, we propose EFFORT, a new host–network cooperated detection framework attempting to overcome shortcomings of both approaches while still keeping both advantages, i.e., effectiveness and efficiency. Based on intrinsic characteristics of bots, we propose a multi-module approach to correlate information from different host- and network-level aspects and design a multi-layered architecture to efficiently coordinate modules to perform heavy monitoring only when necessary. We have implemented our proposed system and evaluated on real-world benign and malicious programs running on several diverse real-life office and home machines for several days. The final results show that our system can detect all 17 real-world bots (e.g., Waledac, Storm) with low false positives (0.68%) and with minimal overhead. We believe EFFORT raises a higher bar and this host–network cooperated design represents a timely effort and a right direction in the malware battle.     

Investigation progress on key photonic integration for application in optical communication network

Proceeding from the consideration of the demands from the functional architecture of high speed, high capacity optical communication network, this paper points out that photonic integrated devices, including high speed response laser source, narrow band response photodetector high speed wavelength converter, dense wavelength multi/demultiplexer, low loss high speed response photo-switch and multi-beam coupler are the key components in the system. The investigation progress in the laboratory will be introduced.     

Morphological operation and scaled Réyni entropy based approach for masses detection in mammograms

Multimedia Tools and Applications - Detection of suspicious masses in mammograms play a vital role in early diagnosis of breast cancer, to reduce the death rate among women. The presence of masses...     

A flexible edge matching technique for object detection in dynamic environment

Considering the robustness, stability and reduced volume of data, researchers have focused on using edge information in various video processing applications including moving object detection, tracking and target recognition. Though the edge information is more robust compared to intensity, it also exhibits variations in different frames due to illumination change and noise. In addition to this, the amount of variation varies from edge to edge. Thus, without making use of this variability information, it is difficult to obtain an optimal performance during edge matching. However, traditional edge pixel-based methods do not keep structural information of edges and thus they are not suitable to extract and hold this variability information. To achieve this, we represent edges as segments that make use of the structural and relational information of edges to allow extraction of this variability information. During edge matching, existing algorithms do not handle the size, positional and rotational variations to deal with edges of arbitrary shapes. In this paper, we propose a knowledge-based flexible edge matching algorithm where knowledge is obtained from the statistics on the environmental dynamics, and flexibility is to deal with the arbitrary shape and the geometric variations of edges by making use of this knowledge. In this paper, we detailed the effectiveness of the proposed matching algorithm in moving object detection and also indicated its suitability in other applications like target detection and tracking.     

A survey on data fusion: what for? in what form? what is next?

Journal of Intelligent Information Systems - Data fusion is the process of merging records from multiple sources which represent the same real-world object into a single representation. This review...     

A message passing strategy for array redistributions in a torus network

The array redistribution problem occurs in many important applications in parallel computing. In this paper, we consider this problem in a torus network. Tori are preferred to other multidimensional networks (like hypercubes) due to their better scalability (IEE Trans. Parallel Distrib. Syst. 50(10), 1201–1218, [2001]). We present a message combining approach that splits any array redistribution problem in a series of broadcasts where all sources send messages of the same size, thus a balanced traffic load is achieved. Unlike existing array redistribution algorithms, the scheme introduced in this work eliminates the need for data reorganization in the memory of the source and target processors. Moreover, the processing of the scheduled broadcasts is pipelined, thus the total cost of redistribution is reduced.