The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Classifying network traffic is very challenging and is still an issue yet to be solved due to the increase of new applications and traffic encryption. In this paper, we propose a novel hybrid approach for the network flow classification, in which we first apply the payload signature based classifier to identify the flow applications and unknown flows are then identified by a decision tree based classifier...
The signature-based intrusion detection is one of the most commonly used techniques implemented in modern intrusion detection systems (IDS). Being based on a set of rules, i.e., attack signatures, the accuracy and reliability of IDS detection heavily depend on the quality of the employed rule set. In this context, any conflicts that arise between rules create ambiguity in classification of network...
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP'99 is the mostly widely used data set for the evaluation of these systems. Having conducted a statistical analysis on this data set, we found two important issues which highly affects the performance of evaluated systems,...
Summary form only given. Online classification of network traffic is very challenging and still an issue to be solved due to the increase of new applications and traffic encryption. In this paper, we propose a hybrid mechanism for online classification of network traffic, in which we apply a signature-based method at the first level, and then we take advantage of a learning algorithm to classify the...
A botnet is a network of compromised computers infected with malicious code that can be controlled remotely under a common command and control (C&C) channel. As one the most serious security threats to the Internet, a botnet cannot only be implemented with existing network applications (e.g. IRC, HTTP, or Peer-to-Peer) but also can be constructed by unknown or creative applications, thus making...
The intention of this paper is to introduce a risk analysis methodology called Astrolabe. Astrolabe is based on causal analysis of systems risks. It allows the analysts to both align the current standpoint of the system with its intentions and identify any vulnerabilities or hazards that threaten the systems stability. Astrolabe adopts concepts from organizational theory and software requirement engineering...
Botnets are networks of compromised computers controlled under a common command and control (C&C) channel. Recognized as one the most serious security threats on current Internet infrastructure, botnets are often hidden in existing applications, e.g. IRC, HTTP, or Peer-to-Peer, which makes the botnet detection a challenging problem. Previous attempts for detecting botnets are to examine traffic...
One of the aspects of a clustering algorithm that should be considered for choosing an appropriate algorithm in an unsupervised learning task is stability. A clustering algorithm is stable (on a dataset) if it results in the same clustering as it performed on the whole dataset, when actually performs on a (sub)sample of the dataset. In this paper, we report the results of an empirical study on the...
In this paper, a new dynamic clustering algorithm based on random sampling is proposed. The algorithm addresses well known challenges in clustering such as dynamism, stability, and scaling. The core of the proposed method isbased on the definition of a function, named the Oracle,which can predict whether two random data points belongto the same cluster or not. Furthermore, this algorithm isalso equipped...
Belief merging is concerned with the integration of several not necessarily consistent belief bases such that a coherent belief base is developed as a result. Various belief merging models often consist of two key functions, namely: negotiation, and weakening. A negotiation function finds the weakest belief bases among the available belief bases, and then the selected belief bases concede based on...
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks. However, having a relatively high false alarm rate, anomaly detection has not been wildly used in real networks. In this paper, we have proposed a novel anomaly detection scheme using the correlation information contained in groups of...
Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we present a novel network anomaly detection approach based on wavelet analysis, approximate autoregressive and outlier detection techniques. In order to characterize network traffic behaviors, we proposed fifteen features...
One of the most important steps in attack detection using Intrusion Detection Systems (IDSs) is dealing with huge number of alerts that can be either critical single alerts and multi-step attack scenarios or false alerts and non-critical ones. In this paper we try to address the problem of managing alerts via a multi-layer alert correlation and Itering that can identify critical alerts after each...
Viewpoint-based conceptual modeling is concerned with the identification of a complete and coherent set of software models that have been developed with the involvement of various analysts. The contribution of multiple analysts in this process will provide a rich and comprehensive final product. One of the major concerns in any process requiring the direct involvement of human analysts is the introduction...
As our daily life depends more and more on Internet technology, it also becomes increasingly susceptible to new types of cyber threats. These threats often take a form of innovative malicious behavior and commonly emerge in a pace that exceeds the capability of security experts to develop timely solutions to counter such threats. In this context it becomes particularly important to develop a good...
The feature selection phase is one of the first, and yet very important, tasks to be completed during the development of any intrusion detection system. If this phase is neglected, the detection performance of the entire system can drop significantly, regardless of the internal detection algorithms that are used. Our research focuses on mining the most useful network features for attack detection...
Merging and integrating different conceptual models which have been developed by domain experts and analysts with dissimilar perspectives on the same issue has been the subject of tremendous amount of research. In this paper, we focus on the fact that human analysts' opinions possess a degree of uncertainty which can be exploited while integrating such information. We propose an underlying modeling...
In this paper, youreye, the real-time phrase recommender is introduced that suggests the related frequent phrases to the incomplete user query. The frequent phrases are extracted from within previous queries based on a new frequency rate metric suitable for query stream mining. The advantages of YourEye compared to Google suggest, a service powered by Google for phrase suggestion, is described. The...
There have been various proposals for the formalization of appropriate viewpoint-based frameworks. Each of these approaches have been devised with a specific motive and to address an important concern. The model that we propose in this paper attempts to provide a basis for conceptual model integration particularly with the existence of partial ignorance and uncertainty. The model attempts to formalize...
In this paper we focus on the architecture, design and implementation of a generic user modeling server for adaptive web systems (GUMSAWS), reaching the goals of generality, extendability and replaceability. GUMSAWS acts as a centralized user modeling server to assist several adaptive Web systems (possibly in different domains) concurrently. It incrementally builds up user models, provides functions...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.