to use the concept of data mining and machine learning concept for cyber security and intrusion...
TRANSCRIPT
Monday, May 1, 2023 1
Presented By : Nishant D. MehtaClass : TE-A
Roll No. : TA1326Subject : Seminar & Technical
Communication LaboratoryGuidance : Prof. Ashwini Taksal
To Use The Concept of Data
Mining and Machine Learning
Methods for Cyber Security
& Intrusion Detection
J.S.P.M.’s Imperial College of Engineering & Research
Department of Computer Engineering
Monday, May 1, 2023 2
Agenda Abstract Introduction Objectives Literature Review Overview And Study Conclusion Future Scope References
Monday, May 1, 2023 3
AbstractThe main focus of this project is on
survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection.
The data are so important in ML/DM
approaches, some well-known cyber data sets used in ML/DM are described.
Discussion of challenges for using ML/DM for cyber security is presented, and some recommendations on when to use a given methods are provided.
Monday, May 1, 2023 4
Introduction Due to the proliferation of high-speed
Internet access, more and more organizations are becoming vulnerable to potential cyber attacks, such as network intrusions.
The ML/DM methods are described, as well as several applications of each method to cyber intrusion detection problems also stated.
Monday, May 1, 2023 5
ObjectiveThe main focus is on cyber intrusion detection as it applies to wired networks. With a wired
network, an adversary must pass through several layers of defense at firewalls and
operating systems, or gain physical access to the network. However, a wireless network can
be targeted at any node, so it is naturally more vulnerable to malicious attacks than a wired network. The ML and DM methods covered in
this seminar are fully applicable to the intrusion and misuse detection problems in
both wired and wireless networks.
Monday, May 1, 2023 6
Literature SurveySr. No.
Name of the author
Year of Project
Research PaperName
Disadvantage
s1. T. T. T. Nguyen, G.
Armitage 2008 “A survey of
techniques for internet traffic classification using machine learning “
Focused only on IP Flows and Cyber
Data. Methods Are
not introduced for
intrusion detection.
2. P. Garcia-Teodoro , J. Diaz-Verdejo , G. Maciá-Fernándezand E. Vázquez
2009 “Anomaly-based network intrusion detection: Techniques, systems and challenges ”
Does not present a full set of state-
of-the-art machine learning methods.
Monday, May 1, 2023 7
Literature SurveySr. No.
Name of the author
Year of Project
Research PaperName
Disadvantages
3. A. SperottoG. SchaffrathR. Sadre,C. Morariu Prasand B. Stiller
2010 “An overview of IP flow-
based intrusion
detection ”
There is no explanation of the technical details of the
individual methods
4. S. X. Wu and W. Banzhaf
2010 “The use of computation
al intelligence in intrusion detection systems: A review”
Only Computational
Intelligence methods are described,
major ML/DM methods such as clustering , decision trees , and rule mining are not included
Monday, May 1, 2023 8
What is Cyber Crime ? Crime committed using a computer and
the internet to steal data or information.
The computer used as an object or subject of crime..
Malicious programs.
Illegal imports.
Computer Vandalism.
Monday, May 1, 2023 9
What is Cyber Security ?
Set of technologies and processes designed computers, networks and data from unauthorized access, change or destruction.
Composed of computer security system and network security systems.
Monday, May 1, 2023 10
Continue…
Cyber Security includes :• Firewall.• Antivirus Software.• Intrusion Detection System (IDS).
Monday, May 1, 2023 11
Intrusion Detection System
Fig : Intrusion Detection System
Monday, May 1, 2023 12
Continue… There are three main types of
cyber analytics for supporting IDS :
1) Misuse Based.2) Anomaly Based.3) Hybrid.
Monday, May 1, 2023 13
Continue… Misuse Based Detection• Designed to detect known attacks
by using signatures of those attacks.
• Effective detecting known type of attacks without generating false alarms.
• Frequent manual updating of data is required.
• Cannot detect Novel (Zero-day) attacks.
Monday, May 1, 2023 14
Continue… Anomaly Based Detection • Identifies the anomalies from normal
behavior• Able to detect Zero-Day Attack• Profiles of normal activity are
customized for every system
Hybrid Detection • Combination of misuse and anomaly
detection.• Increases the detection rate and
decreases the false alarm generation.
Monday, May 1, 2023 15
What is Machine Learning And Data Mining ?
Machine Learning :• Introduced in 1960’s• It gives ability to computers to learn
without being explicitly programmed. • Need of goal from domain• There should be three phases :- 1.
Training, 2. Validation and 3. Testing. Data Mining :• Introduced in 1980’s• Focused on discovery of previously
unknown and important properties in data.
• Used for extracting patterns from data
Monday, May 1, 2023 16
CRISP- DM Model
Fig : CRISP-DM Model
Monday, May 1, 2023 17
Cyber Security Data Sets For DM & ML
The Cyber Security data sets for DM and ML are given below :
a) Packet Level Data
b) Netflow Data
c) Public Data Sets
Monday, May 1, 2023 18
Packet Level Data Protocols are used for transmission of
packet through network.
The network packets are transmitted and received at the physical interface.
Packets are captured by API in computers called as pcap.
For Linux it is Libpcap and for windows it
is WinPCap.
Ethernet port have payload called as IP payload.
Monday, May 1, 2023 19
NetFlow Data Introduced as a router feature by Cisco.
Version 5 defines unidirectional flow of packets.
The packet attributes are : ingress interface, source IP address, destination IP address, IP protocol, source port, destination port and type of services.
Netflow includes compressed and preprocessed packets.
Monday, May 1, 2023 20
Public Data Set The Defense Advance Research
Projects Agency (DARPA) in 1998 and 1999 data sets are mostly used.
This Data Set has basic features captured by pcap.
DARPA defines four types of attacks in 1998 :
DOS Attack, U2R Attack, R2L Attack, Probe or Scan.
Monday, May 1, 2023 21
Cyber Security Methods For DM & ML
Artificial Neural Networks (ANN) Association Rules & Fuzzy
Association Rules Bayesian Network Clustering Decision Tree Ensemble Learning Evolutionary Computation Hidden Markov Model Inductive Learning Nalve Bayes Sequential Pattern Mining Support Vector Machine
Monday, May 1, 2023 22
Artificial Neural Network
Network of Neurons
Output of one node is input to other.
ANN can be used as a multi-category classifier of intrusion detection
Data processing stage used to select 9 features: protocol ID, source port, destination port, source address, destination address, ICMP type, ICMP code, raw data length and raw data.
Monday, May 1, 2023 23
Association Rule & Fuzzy Association Rule
Monday, May 1, 2023 24
Fig : Bayesian Network
Bayesian Network
Monday, May 1, 2023 25
Hidden Markov Model
Fig : Hidden Markov Model
Monday, May 1, 2023 26
Conclusion This seminar describes the literature
review of ML and DM methods used for Cyber Security. Different ML and DM techniques in the cyber domain can be used for both Misuse Detection and Anomaly Detection.
There are some peculiarities of the cyber problem that make ML and DM methods more difficult to use.
They are especially related to how often the model needs to be retrained.
Monday, May 1, 2023 27
References A. Mukkamala, and A. Sung, and A.
Abraham, “Cyber security challenges: designing efficient intrusion detection systems and antivirus tools,” Vemuri, V. Rao, Enhancing Computer Security with Smart Technology.(Auerbach, 2006) (2005), pp. 125–163
T. T. T. Nguyen, and G. Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Communications Surveys & Tutorials, no. 4, 2008, pp. 56–76
P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Computers & security 28, no. 1, 2009, pp. 18–28
Monday, May 1, 2023 28
References S. X. Wu, and W. Banzhaf, “The use of
computational intelligence in intrusion detection systems: A review,” Applied Soft Computing 10, no. 1, 2010, pp. 1–35
Y. Zhang, L. Wenke, and Yi-An Huang, “Intrusion detection techniques for mobile wireless networks,” Wireless Networks 9.5, 2003, pp. 545-556.
Monday, May 1, 2023 29
Questions ?
Monday, May 1, 2023 30
Thank You !!!