Anomaly Detection Based on Chi-Square Statistic Technology in Computer Information System

2013 ◽  
Vol 462-463 ◽  
pp. 1046-1049 ◽  
Author(s):  
Ming Gu
Keyword(s):  
Information System ◽  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Detection Technique ◽  
Chi Square ◽  
Testing Data ◽  
Computer Information System

Algorithm and principle of anomaly detection technique based on a chi-square statistic was designed. In order to verify the effect of principle and algorithm, testing data of sample of Windows7 and Mac OS system was presented and compared. The results of this study show that chi-square technology achieves the 0% false alarm rate and the 100% detection rate for abnormal intrusion scenarios. All intrusion scenarios are detected at the first or second audit event.

An improved real-valued negative selection algorithm based on the constant detector for anomaly detection

2021 ◽  
Vol 40 (5) ◽  
pp. 8793-8806
Author(s):  
Dong Li ◽  
Xin Sun ◽  
Furong Gao ◽  
Shulin Liu
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
State Space ◽  
False Alarm Rate ◽  
Negative Selection ◽  
Detection Rate ◽  
Detection Methods ◽  
Selection Algorithm ◽  
Negative Selection Algorithm ◽  
Synthetic Datasets

Compared with the traditional negative selection algorithms produce detectors randomly in whole state space, the boundary-fixed negative selection algorithm (FB-NSA) non-randomly produces a layer of detectors closely surrounding the self space. However, the false alarm rate of FB-NSA is higher than many anomaly detection methods. Its detection rate is very low when normal data close to the boundary of state space. This paper proposed an improved FB-NSA (IFB-NSA) to solve these problems. IFB-NSA enlarges the state space and adds auxiliary detectors in appropriate places to improve the detection rate, and uses variable-sized training samples to reduce the false alarm rate. We present experiments on synthetic datasets and the UCI Iris dataset to demonstrate the effectiveness of this approach. The results show that IFB-NSA outperforms FB-NSA and the other anomaly detection methods in most of the cases.

scholarly journals Interface Detector Based on Vaccination Strategy for Anomaly Detection

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Yinghui Liu ◽  
Dong Li ◽  
Yuan Wei ◽  
Hongli Zhang
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Adaptive Learning ◽  
Detection Rate ◽  
Vaccination Strategy ◽  
Negative Selection Algorithm ◽  
Training Samples ◽  
Testing Stage ◽  
And Training

Interface detector is an enhanced negative selection algorithm with online adaptive learning under small training samples for anomaly detection. It has better detection performance when it has an appropriate self-radius. Otherwise, overfitting or underfitting would occur. In the present paper, an improved interface detector, which is based on vaccination strategy, is proposed. During the testing stage, negative vaccine can overcome overfitting to improve the detection rate and positive vaccine can overcome underfitting to reduce the false alarm rate. The experimental results show that under the same dataset, self-radius, and training samples condition, the detection rate of the interface detector with negative vaccine is much higher than that of interface detector, SVM, and BP neural network. Moreover, the false alarm rate of the interface detector with positive vaccine is much lower than that of the interface detector and PSA.

scholarly journals A Model for Anomaly Detection Using the Metaheuristic Methods

2022 ◽  
Vol 16 ◽  
pp. 12-16
Author(s):  
Sara Haj Ebrahimi ◽  
Amid Khatibi
Keyword(s):  
Neural Network ◽  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Clustering Algorithm ◽  
Performance Metrics ◽  
Weight Vector ◽  
New Approach ◽  
Metaheuristic Methods

Today detection of new threats has become a need for secured communication to provide complete data confidentiality, integrity and availability. Design and development of such an intrusion detection system in the communication world, should not only be new, accurate and fast but also effective in an environment encompassing the surrounding network. In this paper, a new approach is proposed for network anomaly detection by combining neural network and clustering algorithms. We propose a modified Self Organizing Map algorithm which initially starts with null network and grows with the original data space as initial weight vector, updating neighborhood rules and learning rate dynamically in order to overcome the fixed architecture and random weight vector assignment of simple SOM. New nodes are created using distance threshold parameter and their neighborhood is identified using connection strength and its learning rule and the weight vector updating is carried out for neighborhood nodes. The Fuzzy k-means clustering algorithm is employed for grouping similar nodes of Modified SOM into k clusters using similarity measures. Performance of the new approach is evaluated with standard bench mark dataset. The new approach is evaluated using performance metrics such as detection rate and false alarm rate. The result is compared with other individual neural network methods, which shows considerable increase in the detection rate and 1.5% false alarm rate.

scholarly journals Infrared small target detection based on region proposal and CNN classifier

2021 ◽  
Author(s):  
Mingming Fan ◽  
Shaoqing Tian ◽  
Kai Liu ◽  
Jiaxin Zhao ◽  
Yunsong Li
Keyword(s):  
Neural Network ◽  
False Alarm ◽  
False Alarm Rate ◽  
Target Detection ◽  
Detection Rate ◽  
Corner Detection ◽  
Small Target ◽  
Small Target Detection ◽  
Potential Target ◽  
Infrared Small Target

AbstractInfrared small target detection has been a challenging task due to the weak radiation intensity of targets and the complexity of the background. Traditional methods using hand-designed features are usually effective for specific background and have the problems of low detection rate and high false alarm rate in complex infrared scene. In order to fully exploit the features of infrared image, this paper proposes an infrared small target detection method based on region proposal and convolution neural network. Firstly, the small target intensity is enhanced according to the local intensity characteristics. Then, potential target regions are proposed by corner detection to ensure high detection rate of the method. Finally, the potential target regions are fed into the classifier based on convolutional neural network to eliminate the non-target regions, which can effectively suppress the complex background clutter. Extensive experiments demonstrate that the proposed method can effectively reduce the false alarm rate, and outperform other state-of-the-art methods in terms of subjective visual impression and quantitative evaluation metrics.

scholarly journals Security of Things Intrusion Detection System for Smart Healthcare

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1375
Author(s):  
Celestine Iwendi ◽  
Joseph Henry Anajemba ◽  
Cresantus Biamba ◽  
Desire Ngabo
Keyword(s):  
Genetic Algorithm ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Web Security ◽  
Intrusion Detection Systems ◽  
High Detection Rate ◽  
Detection Systems ◽  
Smart Healthcare

Web security plays a very crucial role in the Security of Things (SoT) paradigm for smart healthcare and will continue to be impactful in medical infrastructures in the near future. This paper addressed a key component of security-intrusion detection systems due to the number of web security attacks, which have increased dramatically in recent years in healthcare, as well as the privacy issues. Various intrusion-detection systems have been proposed in different works to detect cyber threats in smart healthcare and to identify network-based attacks and privacy violations. This study was carried out as a result of the limitations of the intrusion detection systems in responding to attacks and challenges and in implementing privacy control and attacks in the smart healthcare industry. The research proposed a machine learning support system that combined a Random Forest (RF) and a genetic algorithm: a feature optimization method that built new intrusion detection systems with a high detection rate and a more accurate false alarm rate. To optimize the functionality of our approach, a weighted genetic algorithm and RF were combined to generate the best subset of functionality that achieved a high detection rate and a low false alarm rate. This study used the NSL-KDD dataset to simultaneously classify RF, Naive Bayes (NB) and logistic regression classifiers for machine learning. The results confirmed the importance of optimizing functionality, which gave better results in terms of the false alarm rate, precision, detection rate, recall and F1 metrics. The combination of our genetic algorithm and RF models achieved a detection rate of 98.81% and a false alarm rate of 0.8%. This research raised awareness of privacy and authentication in the smart healthcare domain, wireless communications and privacy control and developed the necessary intelligent and efficient web system. Furthermore, the proposed algorithm was applied to examine the F1-score and precisionperformance as compared to the NSL-KDD and CSE-CIC-IDS2018 datasets using different scaling factors. The results showed that the proposed GA was greatly optimized, for which the average precision was optimized by 5.65% and the average F1-score by 8.2%.

scholarly journals A Multiple Target Positioning and Tracking System Behind Brick-Concrete Walls Using Multiple Monostatic IR-UWB Radars

Sensors ◽  
2019 ◽  
Vol 19 (18) ◽  
pp. 4033 ◽  
Author(s):  
Yoo ◽  
Wang ◽  
Seol ◽  
Lee ◽  
Chung ◽  
...  
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Tracking System ◽  
Radar System ◽  
Ultra Wideband ◽  
Radar Signal ◽  
High Detection Rate ◽  
Concrete Walls ◽  
Uwb Radar

Recognizing and tracking the targets located behind walls through impulse radio ultra-wideband (IR-UWB) radar provides a significant advantage, as the characteristics of the IR-UWB radar signal enable it to penetrate obstacles. In this study, we design a through-wall radar system to estimate and track multiple targets behind a wall. The radar signal received through the wall experiences distortion, such as attenuation and delay, and the characteristics of the wall are estimated to compensate the distance error. In addition, unlike general cases, it is difficult to maintain a high detection rate and low false alarm rate in this through-wall radar application due to the attenuation and distortion caused by the wall. In particular, the generally used delay-and-sum algorithm is significantly affected by the motion of targets and distortion caused by the wall, rendering it difficult to obtain a good performance. Thus, we propose a novel method, which calculates the likelihood that a target exists in a certain location through a detection process. Unlike the delay-and-sum algorithm, this method does not use the radar signal directly. Simulations and experiments are conducted in different cases to show the validity of our through-wall radar system. The results obtained by using the proposed algorithm as well as delay-and-sum and trilateration are compared in terms of the detection rate, false alarm rate, and positioning error.

A Novel Network Traffic Anomaly Detection Based on Multi-Scale Fusion

2011 ◽  
Vol 48-49 ◽  
pp. 102-105
Author(s):  
Guo Zhen Cheng ◽  
Dong Nian Cheng ◽  
He Lei
Keyword(s):  
Anomaly Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Network Traffic ◽  
Self Similarity ◽  
Data Set ◽  
Multi Scale ◽  
Traffic Anomaly ◽  
Detection Evaluation ◽  
Better Than

Detecting network traffic anomaly is very important for network security. But it has high false alarm rate, low detect rate and that can’t perform real-time detection in the backbone very well due to its nonlinearity, nonstationarity and self-similarity. Therefore we propose a novel detection method—EMD-DS, and prove that it can reduce mean error rate of anomaly detection efficiently after EMD. On the KDD CUP 1999 intrusion detection evaluation data set, this detector detects 85.1% attacks at low false alarm rate which is better than some other systems.

Optimal Sensor Placement for Damage Detection in Complex Structures

2009 ◽  
Author(s):  
Sunilkumar Soni ◽  
Santanu Das ◽  
Aditi Chattopadhyay
Keyword(s):  
False Alarm ◽  
Damage Detection ◽  
False Alarm Rate ◽  
Structural Component ◽  
Detection Rate ◽  
Sensor Placement ◽  
False Alarms ◽  
Optimal Sensor Placement ◽  
Detection Scheme ◽  
Sensing Radius

An optimal sensor placement methodology is proposed based on detection theory framework to maximize the detection rate and minimize the false alarm rate. Minimizing the false alarm rate for a given detection rate plays an important role in improving the efficiency of a Structural Health Monitoring (SHM) system as it reduces the number of false alarms. The placement technique is such that the sensor features are as directly correlated and as sensitive to damage as possible. The technique accounts for a number of factors, like actuation frequency and strength, minimum damage size, damage detection scheme, material damping, signal to noise ratio (SNR) and sensing radius. These factors are not independent and affect each other. Optimal sensor placement is done in two steps. First, a sensing radius, which can capture any detectable change caused by a perturbation and above a certain threshold, is calculated. This threshold value is based on Neyman-Pearson detector that maximizes the detection rate for a fixed false alarm rate. To avoid sensor redundancy, a criterion to minimize sensing region overlaps of neighboring sensors is defined. Based on the sensing region and the minimum overlap concept, number of sensors needed on a structural component is calculated. In the second step, a damage distribution pattern, known as probability of failure distribute, is calculated for a structural component using finite element analysis. This failure distribution helps in selecting the most sensitive sensors, thereby removing those making remote contributions to the overall detection scheme.

An Intelligent Approach for Intrusion Detection using Convolutional Neural Network

2022 ◽  
Vol 8 (1) ◽  
Author(s):  
P. Manoj Kumar ◽  
M. Parvathy ◽  
C. Abinaya Devi
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
False Alarm ◽  
Convolutional Neural Network ◽  
False Alarm Rate ◽  
Real Time ◽  
Detection Rate ◽  
Performance Metrics ◽  
Classification Model ◽  
Real Time Traffic

Intrusion Detection Systems (IDS) is one of the important aspects of cyber security that can detect the anomalies in the network traffic. IDS are a part of Second defense line of a system that can be deployed along with other security measures such as access control, authentication mechanisms and encryption techniques to secure the systems against cyber-attacks. However, IDS suffers from the problem of handling large volume of data and in detecting zero-day attacks (new types of attacks) in a real-time traffic environment. To overcome this problem, an intelligent Deep Learning approach for Intrusion Detection is proposed based on Convolutional Neural Network (CNN-IDS). Initially, the model is trained and tested under a new real-time traffic dataset, CSE-CIC-IDS 2018 dataset. Then, the performance of CNN-IDS model is studied based on three important performance metrics namely, accuracy / training time, detection rate and false alarm rate. Finally, the experimental results are compared with those of various Deep Discriminative models including Recurrent Neural network (RNN), Deep Neural Network (DNN) etc., proposed for IDS under the same dataset. The Comparative results show that the proposed CNN-IDS model is very much suitable for modelling a classification model both in terms of binary and multi-class classification with higher detection rate, accuracy, and lower false alarm rate. The CNN-IDS model improves the accuracy of intrusion detection and provides a new research method for intrusion detection.

Sign in / Sign up

Export Citation Format

Share Document