User Account

All Pages

Anomaly and intrusion detection systems

Assignment Help Computer Engineering
Reference no: EM131242948

Project Assignment: Computer Security

Overview

As computers and the Internet become increasingly popular, malicious activities in the cyberspace have increased significantly. Intrusion detection is an area of computer security that focuses on detecting these attacks reliably. Intrusion detection systems (IDS) usually have a knowledge base containing rules that characterize attacks. Building such knowledge base manually can be time consuming. Machine learning can help build such knowledge base in a more efficient manner. In order to detect attacks, we need to differentiate between instances of normal and attack behavior. Based on previous instances of normal and attack behavior, a machine learning algorithm can gain the knowledge on how to differentiate between the two types of behavior and represent the knowledge in a form than can be used to predict if current instances are malicious or not.

Objectives

This project aims to apply machine learning techniques for detecting attacks/intrusions. More specifically, the objectives are:

- machine learning can be achieved from historical data (experience)
- machine learning algorithms can be applied to computer security
- understanding the learning task of trying to detect attacks
- understanding a decision-tree learning algorithm
- a better understanding of search and knowledge representation
- evaluation of machine learning algorithms

Project Description

Over the last decade, malicious activities in the cyberspace have increased significantly. Intrusion detection is an area of computer security that focuses on detecting these attacks reliably. Intrusion detection systems (IDS) usually have a knowledge base containing rules that characterize attacks. Building such knowledge base manually can be time consuming. Machine learning can help build such a knowledge base in a more efficient manner.

In order to detect attacks, we need to differentiate between instances of normal and attack behavior. Based on previous instances of normal and attack behavior, a machine learning algorithm can gain the knowledge on how to differentiate between the two types of behavior and represent the knowledge in a form than can be used to predict if current instances are malicious or not.

For this project, you will need to implement1 the following decision-tree learning algorithm (also found in Russell and Norvig's book "Artificial Intelligence, A Modern Approach"):

function DECISION-TREE-LEARNINC;(examp/es, attributes, default) returns a decision tree

inputs: examples, set of examples

attributes, set of attributes

default, default value for the goal predicate

if examples is empty then return default

else if all examples have the same classification then return the classification

else if attributes is empty

then return NIAJoRITY-VALuE(exampies)

else

best ← CHOOSE- ATTRiBuTE(attributes, examples)

tree a new decision tree with root test best

for each value v, of best do

examples, {elements of examples with best = v,} subtree DECISION-TREE-LEARNINC;(exampies)) add a branch to tree with label v, and subtree subtree

end

return tree

You will then evaluate the accuracy of the algorithm on the provided training and test sets (described below).

1. Input to your program:
o file name of the attribute description,
o file name of the training set, and
o file name of the test set.

2. Output from your program:
o the tree using pre-order traversal with more indentation for nodes at deeper levels,
o accuracy of the tree on the training set, and
o accuracy of the tree on the (unseen) test set.

IDS Data Set

The IDS data set contains records of network activities that are normal or part of a denial of service (DOS) attack(s) called Neptune (aka SYN-flood). Neptune tries to make many "half" connections to a server. Due to limited resources, a server usually has a maximum number of connections that it can handle. Many malicious "half" connections can prevent legitimate connections to be made. That is, the server might be filled with useless "half" connections, and cannot accept legitimate connections and provide the intended service (hence "denial of service"). The provided data set is adapted from the much larger KDD Cup Data set (https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html). All values in the data set have been converted into discrete values.

Files for the data set:

- Attribute description: ids-attr.txt
- Training set: ids-train.txt (800 records)
- Test set: ids-test.txt (200 records)

Submission

For this assignment, you must submit the following:

1. Source code of your program

2. Executable of your program (runnable in either Windows or Unix)

3. Output from running your program with the provided data set.

4. Report (2-3 pages) that includes a discussion of your experiences creating decision-tree learning software, and in general, with the decision-tree learner in terms of the inputs, outputs, and performance.

Reference no: EM131242948

Questions Cloud

Describe style of leadership this decision reflects : Describe which framework the opponents of this move would use to support their statement that it be considered unethical. Describe style of leadership this decision reflects, and discuss whether this move would lead to a positive evaluation of lead..
Acceptable to post comments anonymously : Do you feel its acceptable to post comments anonymously, or do you think people should include their names? why or why not?
Find needed suction pressure that will lead to critical flow : Find the needed suction pressure that will lead to critical flow in the nozzle, the mass flow rate, and the blower work, assuming the blower exit is at atmospheric pressure, 100 kPa.
Probability of tripling investment : An investor is considering two alternatives for which she has Rs. 1,00,000 to invest. The first is commercial property; the second is stocks. Analysis has revealed that the property alternative offers a 0.50 probability of tripling her investment ..
Anomaly and intrusion detection systems : CSC 7210 - Anomaly and Intrusion Detection Systems Executable of your program (runnable in either Windows or Unix) and Output from running your program with the provided data set - You will then evaluate the accuracy of the algorithm on the provided ..
Same systems and policies everywhere they operate : Wal-Mart operated stores in both the US and Mexico. While Wal-Mart would like to maintain the same systems and policies everywhere they operate, culture creates some differences.
Determine the mass flow rate in the pipeline : The pressure drop across the orifice is 15 kPa, and the coefficient of discharge is 0.62. Determine the mass flow rate in the pipeline.
How public order crime can have a negative impact on society : Instead, they are crimes that threaten society in general. Give one example of a public order crime and how it can have a negative impact on society.
Etermine the pressure and temperature leaving the diffuser : Consider the inlet diffuser of the engine, where air leaves with a velocity of 100 m/s. Determine the pressure and temperature leaving the diffuser and the ratio of inlet to exit area of the diffuser, assuming the flow to be reversible and adiabat..

Reviews

Write a Review

 

Computer Engineering Questions & Answers

  When to use and function to set multiple conditions

When to use AND function to set multiple conditions that must be met and how to use AND function to set multiple conditions that must be met?

  Identify during the scanning and enumeration phase

Provide you with hands-on, practical experience with exploiting vulnerabilities that we identify during the scanning and enumeration phase.

  Design implement and test the not gate

Design, implement, and test the following logic gates. For parts 1-4, your code must reside on the EEPROM (ROM). For parts 5 and 6, your code must be in program section of RAM (PROG)

  United parcel services operations are driven by its

after reading chapter one watch the video real media player can be downloaded for free at www.real.com and read the

  Write a program that computes the amount of money

Write a program that computes the amount of money the computer club will receive from proceeds of their granola bar sales project.

  Write down a css rule

Write down a CSS rule

  Object-oriented analysis

Based on the following narrative, develop either an activity diagram or a fully developed description for the use case of Add a new vehicle to an existing policy in a car insurance system.

  Your company is currently investigating the use of linux

your company is currently investigating the use of linux. your manager has asked you to research the feasibility of

  Write and run a java program

Write down and run a Java program which outputs the average speed of an object given the distance and time traveled (speed = distance/time). Please comment the code very detailed.

  Gve five merits and demerits of partitioning a large hard

question 1 the unix operating system file system uses a file protection structure that differs from the file protection

  How to identify areas for improvement

plan a form that you would disseminate to your end user community that will aid in the assessment of a current system to identify areas for improvement.

  Create simple program to demonstrate using stream i/o

Most stream I/O uses sequential access processes, but it is possible to use stream I/O for random access. The RandomAccessFile class in java.io implements random access files.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd