Refine your search
Collections
Co-Authors
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Paul, Abuonji
- Prototype Intelligent Log-based Intrusion Detection System
Abstract Views :213 |
PDF Views:1
Authors
Affiliations
1 School of Informatics and Innovative Systems, Jaramogi Oginga Odinga University of Science and Technology, Bondo, KE
1 School of Informatics and Innovative Systems, Jaramogi Oginga Odinga University of Science and Technology, Bondo, KE
Source
International Journal of Advanced Networking and Applications, Vol 12, No 1 (2020), Pagination: 4519-4527Abstract
The maintenance of web server security is a daunting task today. Threats arise from hardware failures, software flaws, tentative probing and worst of all malicious attacks. Analysing server logs to detect suspicious activities is regarded as a key form of defence, however, their sheer size makes human log analysis challenging. Additionally, traditional intrusion detection systems rely on methods based on pattern-matching techniques which are not sustainable given the high rates at which new attack techniques are launched every day. The aim of this paper is to develop a proto-type intelligent log based intrusion detection system that can detect known and unknown intrusions automatically. Under a data mining framework, the intrusion detection system is trained with unsupervised learning algorithms specifically the k-means algorithm and the One Class SVM (Support Vector Machine) algorithm. The development of the prototype system is limited to machine generated logs due to lack of real access log files. However, the system’s development and implementation proved to be up to 85% accurate in detecting anomalous log patterns within the test logs.Keywords
Prototype, Intrusion Detection, Log-Based, Data MiningReferences
- Amoli, P. V., Hamalainen, T., David, G., Zolotukhin, M., & Mirzamohammad, M. (2016). Unsupervised Network Intrusion Detection Systems for Zero-Day Fast-Spreading Attacks and Botnets. JDCTA (International Journal of Digital Content Technology and its Applications, Volume 10 Issue 2, 1-13.
- CERT Coordination Center (CERT/CC). CERT/CC Statistics 1988-2003. http://www.cert.org/stats/cert_stats.html#incidents
- CISCO Systems Ltd White paper:. The Science of Intrusion Detection System Attack Identification . http://www.cisco.com/en/US/products/sw/securs w/ps2113/products_whitepaper09186a008009233 4.shtml. last accessed December 2016 last accessed December 2016
- Coates, A., Lee, H., & Ng, A. Y. (2010). An analysis of single-layer networks in unsupervised feature learning. Ann Arbor, 1001(48109), 2.
- Deepa H. Kulkarni Computational Statistics and Predictive Analysis in Machine Learning. (2016). International Journal Of Science And Research (IJSR), 5(1), 1521-1524. http://dx.doi.org/10.21275/v5i1.nov152818 last accessed February 2017
- Forrest, S., Perelson, A. S., Allen, L., & Cherukuri, R. (1994, May). Self-nonself discrimination in a computer. In Research in Security and Privacy, 1994. Proceedings., 1994 IEEE Computer Society Symposium on (pp. 202212). IEEE.
- Gardner, A. B., Krieger, A. M., Vachtsevanos, G., & Litt, B. (2006). One-class novelty detection for seizure analysis from intracranial EEG. Journal of Machine Learning Research, 7(Jun), 1025-1044.
- Gitau, J. M. (2016) Automated Log Analysis Using AI: Intelligent Intrusion Detection System. Jaramogi Odinga Oginga University of Science andTechnology. http://jooust.ac.ke/projects/siis/2016/JGM-102016.pdf last accessed February 2017 9. Github https://github.com/kiritbasu/FakeApache-Log-Generator
- Hand, D. J., Mannila, H., & Smyth, P. (2001). Principles of data mining. MIT press.
- Hinton, G. E., & Sejnowski, T. J. (1999). Unsupervised learning: foundations of neural computation. MIT press
- Kanungo, T, Mount, D. M., Netanyahu, N. S., Piatko, C. D., Silverman, R. and Wu, A. Y. 2002. An efficient k-means clustering algorithm: Analysis and implementation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 24(7):881–892.
- Li, K. L., Huang, H. K., Tian, S. F., & Xu, W. (2003, November). Improving one-class SVM for anomaly detection. Machine Learning and Cybernetics, 2003 International Conference Vol. 5, pp. 3077-3081. IEEE.
- Li, W. (2013). Automatic Log Analysis using Machine Learning: Awesome Automatic Log Analysis version 2.0. http://uu.divaportal.org/smash/get/diva2:667650/FULLTEXT01.pdf last accessed December 2016
- Ma, P. (2003). Log Analysis-Based Intrusion Detection via Unsupervised Learning. Master of Science, School of Informatics, University of Edinburgh.
- Manevitz, L. M., & Yousef, M. (2001). One-class SVMs for document classification. Journal of Machine Learning Research, 2(Dec), 139-154.
- Markou, M., & Singh, S. (2003). Novelty detection: a review—part 1: statistical approaches. Signal processing, 83(12), 24812497.
- Matherson, K. (2015). Machine Learning Log File Analysis. http://docplayer.net/10128120Machine-learning-log-file-analysis.html
- Muller, K. R., Mika, S., Ratsch, G., Tsuda, K., & Scholkopf, B. (2001). An introduction to kernelbased learning algorithms. IEEE transactions on neural networks, 12(2), 181-201.
- Parzen, E. (1962). On estimation of a probability density function and mode. The annals of mathematical statistics, 33(3), 1065-1076.
- Patil , A. S and Patil, D. R. Post-Attack Intrusion Detection using Log Files Analysis. International Journal of Computer Applications 127(18):19-21, October 2015. Foundation of Computer Science (FCS), NY, USA.. http://dx.doi.org/10.5120/ijca2015906731 last accessed December 2016
- Ryan, J., Lin, M. J., & Miikkulainen, R. (1998). Intrusion detection with neural networks. Advances in neural information processing systems, 943-949.
- Schultz, M. G., Eskin, E., Zadok, E., Bhattacharyya, M., & Stolfo, S. J. (2001, June). MEF: Malicious Email Filter-A UNIX Mail Filter That Detects Malicious Windows Executables. In USENIX Annual Technical Conference, FREENIX Track (pp. 245-252).
- Scikit-learn: machine learning in Python — scikit-learn 0.18.1 documentation. (2016). Scikitlearn.org. Retrieved 2 December 2016, from http://scikit-learn.org/stable/
- Svensson, C. (2015). Automatic Log Analysis System Integration: Message Bus Integration in a Machine Learning Environment. http://www.divaportal.org/smash/get/diva2:81853 8/FULLTEXT01.pdf last accessed February 2017
- Yen, T. F., Oprea, A., Onarlioglu, K., Leetham, T., Robertson, W., Juels, A., & Kirda, E. (2013, December). Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks. In Proceedings of the 29th Annual Computer Security Applications Conference (pp. 199-208). ACM.
- Zwietasch, T. (2014). Detecting anomalies in system log files using machine learning techniques . http://dx.doi.org/10.18419/opus3454 last accessed February 2017
- Rai, K., Davi, M. S. & Guleria, A. (2016), Decision Tree Based Algorithm for Intrusion Detection: Int. J. Advanced Networking and Applications, Volume: 07 Issue: 04 Pages: 28282834 (2016) ISSN: 0975-0290.
- Discovery and Diminution of Variance between Actual and Expected Outsourced Bandwidth Supply in Corporate Network Infrastructure
Abstract Views :133 |
PDF Views:1
Authors
Affiliations
1 School of Informatics and Innovative Systems, Jaramogi Oginga Odinga University of Science and Technology, P. O. Box 210- 40601, Bondo, KE
1 School of Informatics and Innovative Systems, Jaramogi Oginga Odinga University of Science and Technology, P. O. Box 210- 40601, Bondo, KE
Source
International Journal of Advanced Networking and Applications, Vol 13, No 1 (2021), Pagination:Abstract
How much money do you constantly pay to your internet service provider (ISP) for provision of internet services to your organization? How sure are you that you are always receiving the service as per the agreement? The two questions require deeper thought before giving the correct answer since the unfortunate reality is that there are many service contracts or service level agreements that organizations sign with ISPs that are never honored by the ISPs but the clients continue paying for sub-optimal services offered throughout the life of the contract most of which span one year and beyond. The researcher conducted a study, to investigate whether the ISPs of the University were actually constantly providing the quantity of bandwidth subscribed as per the service contract. The unsettling reality was that on various occasions, the ISPs reneged on the contracts by supplying less that subscribed bandwidth. However, when this was discovered by the client and reported to the ISPs, they owned up since there was overwhelming evidence. One ISP even committed to provision more than double the bandwidth for three months in lieu of the lost bandwidth in order to avoid litigation and to safeguard the business. Other factors that were discovered to affect the internet bandwidth availability were link stability and DoS attacks targeting DNS and gateway IP addresses. It was concluded that a client should always deploy tools to help monitor and report on bandwidth quantity supplied vis a vis subscribed bandwidth.Keywords
Internet, Network, bandwidth, ISP, SLA, Contract.References
- Tanenbaum, A. S. (2011). Computer Networks; 4th ed. Prentice-Hall, Inc: New Jersey.
- Kalra, P. (2013); Securing E-commerce; International Journal of IT & Knowledge Management (IJITKM); Volume 7, Number 1, December 2013 pp. 75-80 (ISSN 0973-4414)
- Vaneeta& Rani, S. (2021). A Perspective for Intrusion Detection &Prevention in Cloud Environment; Int. J. Advanced Networking and Applications, Volume: 12 Issue: 06 Pages: 47704775(2021) ISSN: 0975-0290
- Cocca, P. (2004). SANS Institute InfoSec Reading Room: Email Security Threats. Retrieved on 17th November, 2012 from: http://www.sans.org/reading_room/whitepapers/e mail/email-security-threats_1540
- Nweke, L. O. (2017); Using the CIA and AAA Models to Explain Cyber security Activities; PM World Journal Vol. VI, Issue XII – December 2017, retrieved on 19th April, 2018, from: www.pmworldjournal.net
- Mir, S. Q., Dar, M., Quadri, S. M. K. & Beig, B. M. (2011); Information Availability: Components, Threats and Protection Mechanisms: Journal of Global Research in Computer Science; Volume 2, No. 3
- Harris, S. (2013), All in One CISSP. McGrowHill: New York
- Sattarova, F. Y. & Kim, T. (2007); IT Security Review: Privacy, Protection, Access Control, Assurance and System Security; International Journal of Multimedia and Ubiquitous Engineering Vol. 2, No. 2, April, 2007
- Stallings, W. (2011). Network Security Essentials: Applications and Standards, 4th Ed; Pearson Education, Inc: Prentice Hall
- Laudon, K. C. &Laudon, J. P. (2012). Management Information Systems: Managing the Digital Firm, 12th ed. Pearson Education Limited: Edinburgh Gate, Harlow.
- Orzach, Y. (2013), Network Analysis using Wireshark Cookbook; PackT Publishing: Birmingham-Mumbai
- Abuonji, P., Rodrigues A. J. &Raburu, O. G (2018); A Stratified Cyber Security Vigilance Model: An Augmentation of Risk-Based Information System Security; Transactions on Networks and Communications; Society for Science and Education, UK; Vol. 6, Issue 5, ISSN: 2054-7420
- Mugenda, A.G. (2008), Social Science Research: Theory and Principles. Acts Press, Nairobi.
- Kothari, C. R. &Garg, G. (2014): Research methodology: Methods and techniques. New Delhi: New Age International (P) Ltd, Publishers.
- Nzioki, P.M., Kimeli, S. K., Abudho, M. R., Nthiwa, J. M. (2013): Management of working capital and its effects on profitability of manufacturing companies listed at NSE, Kenya: International Journal of Business and Financial Management Research, 1:35-42.
- Farooq, U. (2013), Types of Research Design. Referred Academic Journal, 08:21
- Kayalvizhi, E. & Gopalakrishnan, B., (2021), Adaptive Resource Optimization for Cognitive Radio Networks; Int. J. Advanced Networking and Applications Volume: 12 Issue: 06 Pages: 4793-4799(2021) ISSN: 0975-0290