SlideShare ist ein Scribd-Unternehmen logo

Application of machine learning and cognitive computing in intrusion detection systems

Als PPTX, PDF herunterladen
Mahdi Hosseini Moghaddam
Mahdi Hosseini Moghaddam

Application of machine learning in intrusion detection systems using Cognitive Processors

Ingenieurwesen
1 von 30
Application of Hardware-based Machine learning For Intrusion Detection using Cognitive Processors Mahdi Hosseini Moghaddam Purdue University Calumet
Table of Content • Introduction • Why new IDS • Significance of Problem • Definitions • Literature review • Architecture • Methodology • Analysis • Conclusion • Future work • Questions • Cost • Timeline • References
Introduction • New technologies come to market, and with them new vulnerabilities add to our systems. • Nowadays lots of devices connect to the internet not only computers but also devices like TV, refrigerator, cell phones, doors and even small sensors. • Our today’s markets are less tolerant to down time due to security issues or attacks. • Attacks likes Denial of Service can cause a big problem by make the service unavailable and increase the down time
Why New IDS • Intrusion detection systems use two approaches in order to detect the malicious traffic : • signature based which rely on the previously created list of known attacks • Anomaly detection • Signature-based approach can not detect Novell attack and zero-day attack. • Anomaly detection uses machine learning algorithm, however most of them are resource intensive. • Performance and response time is crucial, fast detection is a MUST
Significance of Problem • Signature based intrusion detection systems need to check the traffics with thousands or even millions of pattern gathered from previously executed attacks • novel attacks or previous attack with even a minor changes are almost impossible to detect in run time • In order to add the signature of an attack to the base system the attack first needs to detect and analyze and then its pattern should be created
Definitions • Machine learning: that we refer to this as ML, is a system that can learn from data • Embedded System: is a sort of computer system often with real-time computing constraints. • Cognitive Processor: it uses the idea of neural network to build a processing unit works like Human Brain. As the Brain it’s consist of small unit called neuron. Neurons in this computational model have its own memory and logic for operating on that memory. • IDS: intrusion detection system • RCE: Restricted Coulomb Energy is a Hyperspherical classifiers. • KNN: K-Nearest Neighbor is a non-parametric method for classification and regression
Definitions – KNN • An object is classified by a majority vote of its neighbors, with the object being assigned to the class most common among its k nearest neighbors • The neighbors are taken from a set of objects for which the class (for k-NN classification) is known. • If k = 1, then the object is simply assigned to the class of that single nearest neighbor.
Definitions – RCE • The architecture of the RCE network contains two layers: A hidden layer and an output layer. • The hidden layer is fully interconnected to all components of an input pattern • The output layer is sparsely connected to the hidden layer; each hidden unit projects its output to one and only one output unit.
Literature Review • A signature based IDS watches for network packets then compares that traffic to a database of known attacks, called signatures. However, there will be a time gap between the attack and the time the system can detect that attack (Barman 2012). • In 2010, Stuxnet, a computer worm, affected nuclear facility in a country. It was designed to harm PLC system (Falliere, 2011). • Baker and Prasanna in 2004, proposed a methodology for building an efficient IDS using FPGA. They showed that this methodology results in 8 times faster computing time in comparison with shift-and-compare architecture. Although they reached high throughput, the amount of false-positive errors was increased. • In 2013 Yoon et al, suggested a Multicore-based IDS. Shared resources in processors create a lot of problem and also add a lot complexity to development of system using those processors. They tried to detect malicious behavior using statistical analysis.
Architecture • Data Collector : Raspberry PI Board • Interface Board: Arduino Due • Cognitive Processor : CM1K – Cognimem
Architecture (2) – CM1K • It features 1024 neurons working in parallel implementing two non-linear classifiers. • Learn and recognize patterns up to 256 bytes ( 1 Byte for each) • Classify patterns up to 32,768 categories • Choice of Restricted Coulomb Energy (RCE) or K-Nearest Neighbor (KNN) classifiers • Low cost, small footprint, low power consumption (0.5w) • Recognition time independent of the number of neurons
Methodology – Data Collection • A small packet sniffer has been developed. The sniffer is based on libpcap library. • The developed packet sniffer is installed on an embedded device which is a Raspberry PI. • The sniffer is based on libpcap library. Once it reads the packet header, it stores it into CSV format.
Methodology – Data Collection (2) • In order to have required samples a small isolated LAN has been set up. • Normal packets like ping trace route and other TCP stream have been generated in this network. • Anomaly Packets were gathered by running some network attack using Netwox toolset. • The dataset has 10 features
Methodology – Data Collection (3) Features • src_ip • dst_ip • Tos • Len • Id • off • ttl • prt • src_p • dst_p
Methodology - Data Normalization • There is only 1 byte available for each feature. 1 byte cannot store numbers higher than 255. • CM1K chip only accepts integer values so the values were rounded. • Collected data should be normalized to fit in this range. This was achieved by using this formula: 𝑥 𝑛𝑒𝑤 = 𝑟𝑑𝑜𝑤𝑛 + 𝑥 − 𝑥 𝑚𝑖𝑛 𝑥 𝑚𝑎𝑥 − 𝑥 𝑚𝑖𝑛 × (𝑟𝑢𝑝−𝑟𝑑𝑜𝑤𝑛)
Methodology - Classification and Training • Another column for class was added to dataset. For the normal data, the class is ‘1’ and for data gathered from anomaly traffic the class is ‘2’. • 10 pairs of Test/Train file were prepared. Each file contained 512 samples for normal traffic and 512 for anomaly traffic. • The data must sent form the Arduino board to the CM1K. • After the CM1K was trained The Arduino board loaded the test file into chip. • The chip sends back the distance between the test samples and the trained model starting from shortest distance.
Methodology - Classification and Training Using CM1K • The algorithm can be chosen before training part. RCE and KNN can be selected by changing a data register on the Arduino board.
Methodology - Classification and Training Using Software SDK • This SDK simulate the hardware algorithms and provide some report and testing functionality.
Methodology - Classification and Training Using NSL-KDD Dataset • The KDD Cup '99 dataset was created by processing the tcpdump portions of the 1998 DARPA Intrusion Detection System (IDS) Evaluation dataset • NSL-KDD suggested in order solving some problem of KDD’99 dataset. • NSL-KDD dataset has 41 features and provided thousands of data sample for both training and testing. • By using the same method used before, the CM1K was trained and then tested with both KNN and RCE algorithm. • From test and train samples 10 pairs of completely identical data were created. Each sample file has 1024 samples.
Methodology - Classification and Training Using NSL-KDD Dataset (2) • protocol_type • service • flag • src_bytes • dst_bytes • wrong_fragment • num_failed_logins • num_shells • srv_count • rerror_rate • dst_host_count • dst_host_same_srv_rate • dst_host_diff_srv_rate • su_attempted NSL-KDD Dataset features:
Analysis- CM1K Result • Simply by comparing the actual class with the determined class it is possible to calculate accuracy Sample # RCE RCE_N RCE_TIME KNN KNN_N KNN_TIME 1 76.76% 3 110249 71.68% 1024 110163 2 82.03% 3 110112 80.66% 1024 110261 3 83.59% 3 110207 85.35% 1024 110453 4 63.78% 5 110003 30.37% 1024 110446 5 85.44% 4 110075 87.21% 1024 110463 6 77.54% 3 110136 87.40% 1024 110240 7 61.82% 3 111890 87.79% 1024 110335 8 58.89% 3 111331 77.25% 1024 110322 9 66.31% 3 110177 32.91% 1024 110486 10 76.17% 3 110259 69.14% 1024 110256
Analysis- CM1K Result (2) • Although the accuracy for both RCE and KNN are somehow close but RCE showed less diversity and hence more consistency in the accuracy. RCE KNN Average 73.23% 70.98% Variance 0.00940922 0.04730602 Standard Deviation 0.09700113 0.21749947
Analysis- Software Result • The result for RCE algorithm obtained from hardware and software gathered in below table. As it is shown below from the accuracy points of view both are same however surprisingly software solution was much faster that hardware ones. Sample # Hardware Software Accuracy # of Neurons TIME Accuracy # of Neurons TIME 1 76.76% 3 110249 76.76% 3 1230 2 82.03% 3 110112 82.03% 3 910 3 83.59% 3 110207 83.59% 3 890 4 63.78% 5 110003 64.06% 5 1170 5 85.44% 4 110075 85.45% 4 880 6 77.54% 3 110136 77.54% 3 780 7 61.82% 3 111890 61.82% 3 800 8 58.89% 3 111331 58.89% 3 900 9 66.31% 3 110177 66.31% 3 820 10 76.17% 3 110259 76.17% 3 880
Analysis- CM1K Result NSL-KDD Dataset • Because the same amount of data was used, the result is in same structure with the dataset created as part of this project. Sample # RCE RCE_N RCE_TIME KNN KNN_N KNN_TIME 1 79.39% 2 123728 87.01% 1024 123195 2 58.40% 3 123522 59.67% 1024 123500 3 79.59% 2 123853 87.40% 1024 123146 4 50.88% 7 123188 84.86% 1024 123430 5 57.91% 2 123662 86.72% 1024 123505 6 80.57% 2 123824 84.47% 1024 123338 7 79.88% 5 123362 88.77% 1024 123691 8 80.66% 3 123611 81.05% 1024 123448 9 58.30% 2 123678 83.40% 1024 123426 10 78.81% 2 123974 87.30% 1024 123286
Conclusion • CM1K provides parallelism with low cost and energy consumption • CM1K provides classification algorithm in hardware level • Although KNN showed more accuracy but RCE used less Neuron. • Having good data is a big challenge • This project can be used for any classification problem • 𝐼2 𝐶 is not a good communication bus as it creates bottleneck
Future Work • Having more features regarding network packets • Using a chain of chips • Using USB instead of 𝐼2 𝐶 • Developing alarming method • Create a general classifier
Questions
Cost Cost for required equipment Item Price Arduino Due 40 $ Raspberry PI Model B 40$ Cognimem CM1K Chip 150$ Bread Board 20$ Memory SD 8 GB 12 $ Wire & resistor & oscillator 5 $ AC Adapter 5.0 V Out 20 $ USB Cable – A Male to B Male 7 $ Soldering Kit 90$
Time Line 120 Days dedicated for project accomplishment 0 20 40 60 80 100 120 140 Developing Packet Sniffer Get the components Design of the system Installing Packet Sniffer on Raspberry PI Soldering complete and approved by advisor Gathering Sample from Network Developing Classifier Code On Arduion Training the Chip Testing the IDS with random Data Post testing modification Timeline Start Days Completed
References • Cheng (2006). On-Time and Scalable Intrusion Detection in Embedded Systems. Albert Mo Kim Cheng, Real-Time Systems Laboratory Department of Computer Science University of Houston. • Axelsson (1999). Research in intrusion-detection systems: A survey. TR 98-17, Department of Computer Engineering, Chalmers University of Technology, G ¨ oteborg, Sweden, December 1998. Revised August 19, 1999. • Kerschbaum (2001) Florian Kerschbaum, Eugene H. Spafford, Diego Zamboni. Using internal sensors and embedded detectors for intrusion detection. Center for Education and Research in Information Assurance and Security 1315 Recitation Building Purdue University. • Tavallaee (2009) Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani. A Detailed Analysis of the KDD CUP 99 Data Set. • Hripcsak, G., & Rothschild, A. (2005). Agreement, the F-Measure, and the Reliability in Information Retrieval. Retrieved from http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1090460/pdf/296.pdf

Empfohlen

Machine Learning
Machine LearningMachine Learning
Machine Learning
Mahdi Hosseini Moghaddam
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 
Yolinda chiramba Survey Paper
Yolinda chiramba Survey PaperYolinda chiramba Survey Paper
Yolinda chiramba Survey Paper
Yolinda Chiramba
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
Likan Patra
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine Learning
Kuppusamy P
 
06558266
0655826606558266
06558266
Vidya Sagar
 
A survey of Network Intrusion Detection using soft computing Technique
A survey of Network Intrusion Detection using soft computing TechniqueA survey of Network Intrusion Detection using soft computing Technique
A survey of Network Intrusion Detection using soft computing Technique
ijsrd.com
 

Empfohlen

Machine Learning
Machine LearningMachine Learning
Machine Learning
Mahdi Hosseini Moghaddam
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
ijtsrd
 
Yolinda chiramba Survey Paper
Yolinda chiramba Survey PaperYolinda chiramba Survey Paper
Yolinda chiramba Survey Paper
Yolinda Chiramba
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
Likan Patra
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine Learning
Kuppusamy P
 
06558266
0655826606558266
06558266
Vidya Sagar
 
A survey of Network Intrusion Detection using soft computing Technique
A survey of Network Intrusion Detection using soft computing TechniqueA survey of Network Intrusion Detection using soft computing Technique
A survey of Network Intrusion Detection using soft computing Technique
ijsrd.com
 
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
IJCNCJournal
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
IRJET Journal
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
Sujeet Suryawanshi
 
A45010107
A45010107A45010107
A45010107
IJERA Editor
 
Evaluation of network intrusion detection using markov chain
Evaluation of network intrusion detection using markov chainEvaluation of network intrusion detection using markov chain
Evaluation of network intrusion detection using markov chain
IJCI JOURNAL
 
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKNOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
IJNSA Journal
 
IDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision treesIDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision trees
Vahid Farrahi
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
Akshay Bansal
 
IRJET- Improving Cyber Security using Artificial Intelligence
IRJET- Improving Cyber Security using Artificial IntelligenceIRJET- Improving Cyber Security using Artificial Intelligence
IRJET- Improving Cyber Security using Artificial Intelligence
IRJET Journal
 
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET Journal
 
Artificial neural networks
Artificial neural networks Artificial neural networks
Artificial neural networks
Tharushi Ruwandika
 
A Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANETA Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANET
IRJET Journal
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
Sajan Sahu
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algo
eSAT Journals
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 
An approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithmAn approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithm
eSAT Publishing House
 
An approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithmAn approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithm
eSAT Journals
 
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionMulti Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
IJNSA Journal
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
IOSR Journals
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
Lior Rokach
 
Smart Attacks on the integrity of the Internet of Things Avoiding detection b...
Smart Attacks on the integrity of the Internet of Things Avoiding detection b...Smart Attacks on the integrity of the Internet of Things Avoiding detection b...
Smart Attacks on the integrity of the Internet of Things Avoiding detection b...
Communication Systems & Networks
 

Weitere ähnliche Inhalte

Was ist angesagt?

AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
IJCNCJournal
 
Evaluation of network intrusion detection using markov chain
Evaluation of network intrusion detection using markov chainEvaluation of network intrusion detection using markov chain
Evaluation of network intrusion detection using markov chain
IJCI JOURNAL
 
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKNOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
IJNSA Journal
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
Akshay Bansal
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algo
eSAT Journals
 
An approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithmAn approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithm
eSAT Journals
 
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionMulti Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
IJNSA Journal
 

Was ist angesagt? (19)

AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
 
Intrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning AlgorithmIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm
 
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
NSL KDD Cup 99 dataset Anomaly Detection using Machine Learning Technique
 
A45010107
A45010107A45010107
A45010107
 
Evaluation of network intrusion detection using markov chain
Evaluation of network intrusion detection using markov chainEvaluation of network intrusion detection using markov chain
Evaluation of network intrusion detection using markov chain
 
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKNOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
 
IDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision treesIDS - Analysis of SVM and decision trees
IDS - Analysis of SVM and decision trees
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
IRJET- Improving Cyber Security using Artificial Intelligence
IRJET- Improving Cyber Security using Artificial IntelligenceIRJET- Improving Cyber Security using Artificial Intelligence
IRJET- Improving Cyber Security using Artificial Intelligence
 
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...
 
Artificial neural networks
Artificial neural networks Artificial neural networks
Artificial neural networks
 
A Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANETA Survey on Data Intrusion schemes used in MANET
A Survey on Data Intrusion schemes used in MANET
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
 
False positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algoFalse positive reduction by combining svm and knn algo
False positive reduction by combining svm and knn algo
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
 
An approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithmAn approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithm
 
An approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithmAn approach for ids by combining svm and ant colony algorithm
An approach for ids by combining svm and ant colony algorithm
 
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion DetectionMulti Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
 
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...
 

Andere mochten auch

Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
Omar Shaya
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
Lior Rokach
 
Query Linguistic Intent Detection
Query Linguistic Intent DetectionQuery Linguistic Intent Detection
Query Linguistic Intent Detection
butest
 
Cognitive Modeling & Intelligent Tutors
Cognitive Modeling & Intelligent TutorsCognitive Modeling & Intelligent Tutors
Cognitive Modeling & Intelligent Tutors
Cody Ray
 
Neural Network Classification and its Applications in Insurance Industry
Neural Network Classification and its Applications in Insurance IndustryNeural Network Classification and its Applications in Insurance Industry
Neural Network Classification and its Applications in Insurance Industry
Inderjeet Singh
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 
Application of machine learning in industrial applications
Application of machine learning in industrial applicationsApplication of machine learning in industrial applications
Application of machine learning in industrial applications
Anish Das
 
Soft computing (ANN and Fuzzy Logic) : Dr. Purnima Pandit
Soft computing (ANN and Fuzzy Logic) : Dr. Purnima PanditSoft computing (ANN and Fuzzy Logic) : Dr. Purnima Pandit
Soft computing (ANN and Fuzzy Logic) : Dr. Purnima Pandit
Purnima Pandit
 

Andere mochten auch (20)

Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
 
Smart Attacks on the integrity of the Internet of Things Avoiding detection b...
Smart Attacks on the integrity of the Internet of Things Avoiding detection b...Smart Attacks on the integrity of the Internet of Things Avoiding detection b...
Smart Attacks on the integrity of the Internet of Things Avoiding detection b...
 
Query Linguistic Intent Detection
Query Linguistic Intent DetectionQuery Linguistic Intent Detection
Query Linguistic Intent Detection
 
Neural Network Applications In Machining: A Review
Neural Network Applications In Machining: A ReviewNeural Network Applications In Machining: A Review
Neural Network Applications In Machining: A Review
 
Logica | Intelligent Self learning - a helping hand in financial crime
Logica | Intelligent Self learning - a helping hand in financial crimeLogica | Intelligent Self learning - a helping hand in financial crime
Logica | Intelligent Self learning - a helping hand in financial crime
 
Deep Learning for NLP Applications
Deep Learning for NLP ApplicationsDeep Learning for NLP Applications
Deep Learning for NLP Applications
 
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
 
Black Box Methods for Inferring Parallel Applications' Properties in Virtual ...
Black Box Methods for Inferring Parallel Applications' Properties in Virtual ...Black Box Methods for Inferring Parallel Applications' Properties in Virtual ...
Black Box Methods for Inferring Parallel Applications' Properties in Virtual ...
 
Cognitive Modeling & Intelligent Tutors
Cognitive Modeling & Intelligent TutorsCognitive Modeling & Intelligent Tutors
Cognitive Modeling & Intelligent Tutors
 
Project based learning methodologies for Embedded Systems and Intelligent Sys...
Project based learning methodologies for Embedded Systems and Intelligent Sys...Project based learning methodologies for Embedded Systems and Intelligent Sys...
Project based learning methodologies for Embedded Systems and Intelligent Sys...
 
Ai and neural networks
Ai and neural networksAi and neural networks
Ai and neural networks
 
Neural
NeuralNeural
Neural
 
Home Automation: Design and Construction of an intelligent design for Cooling...
Home Automation: Design and Construction of an intelligent design for Cooling...Home Automation: Design and Construction of an intelligent design for Cooling...
Home Automation: Design and Construction of an intelligent design for Cooling...
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Neural Network Classification and its Applications in Insurance Industry
Neural Network Classification and its Applications in Insurance IndustryNeural Network Classification and its Applications in Insurance Industry
Neural Network Classification and its Applications in Insurance Industry
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Application of machine learning in industrial applications
Application of machine learning in industrial applicationsApplication of machine learning in industrial applications
Application of machine learning in industrial applications
 
Soft computing (ANN and Fuzzy Logic) : Dr. Purnima Pandit
Soft computing (ANN and Fuzzy Logic) : Dr. Purnima PanditSoft computing (ANN and Fuzzy Logic) : Dr. Purnima Pandit
Soft computing (ANN and Fuzzy Logic) : Dr. Purnima Pandit
 

Ähnlich wie Application of machine learning and cognitive computing in intrusion detection systems

Table of Contents
Table of ContentsTable of Contents
Table of Contents
butest
 
Computer Design Concepts for Machine Learning
Computer Design Concepts for Machine LearningComputer Design Concepts for Machine Learning
Computer Design Concepts for Machine Learning
Facultad de Informática UCM
 
Computer Vision for Beginners
Computer Vision for BeginnersComputer Vision for Beginners
Computer Vision for Beginners
Sanghamitra Deb
 
Modern Computing: Cloud, Distributed, & High Performance
Modern Computing: Cloud, Distributed, & High PerformanceModern Computing: Cloud, Distributed, & High Performance
Modern Computing: Cloud, Distributed, & High Performance
inside-BigData.com
 
Tsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaTsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in China
DataStax Academy
 
Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...
Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...
Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...
Databricks
 
#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...
#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...
#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...
epamspb
 

Ähnlich wie Application of machine learning and cognitive computing in intrusion detection systems (20)

Cvpr 2018 papers review (efficient computing)
Cvpr 2018 papers review (efficient computing)Cvpr 2018 papers review (efficient computing)
Cvpr 2018 papers review (efficient computing)
 
Table of Contents
Table of ContentsTable of Contents
Table of Contents
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
 
Introduction to computer vision with Convoluted Neural Networks
Introduction to computer vision with Convoluted Neural NetworksIntroduction to computer vision with Convoluted Neural Networks
Introduction to computer vision with Convoluted Neural Networks
 
Introduction to computer vision
Introduction to computer visionIntroduction to computer vision
Introduction to computer vision
 
Computer Design Concepts for Machine Learning
Computer Design Concepts for Machine LearningComputer Design Concepts for Machine Learning
Computer Design Concepts for Machine Learning
 
Computer Vision for Beginners
Computer Vision for BeginnersComputer Vision for Beginners
Computer Vision for Beginners
 
Neural Networks in Data Mining - “An Overview”
Neural Networks in Data Mining - “An Overview”Neural Networks in Data Mining - “An Overview”
Neural Networks in Data Mining - “An Overview”
 
Modern Computing: Cloud, Distributed, & High Performance
Modern Computing: Cloud, Distributed, & High PerformanceModern Computing: Cloud, Distributed, & High Performance
Modern Computing: Cloud, Distributed, & High Performance
 
FPGA Hardware Accelerator for Machine Learning
FPGA Hardware Accelerator for Machine Learning FPGA Hardware Accelerator for Machine Learning
FPGA Hardware Accelerator for Machine Learning
 
INSECS: Intelligent networks security system
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
 
Tsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in ChinaTsinghua University: Two Exemplary Applications in China
Tsinghua University: Two Exemplary Applications in China
 
Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...
Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...
Using Deep Learning on Apache Spark to Diagnose Thoracic Pathology from Chest...
 
Combining out - of - band monitoring with AI and big data for datacenter aut...
Combining out - of - band monitoring with AI and big data for datacenter aut...Combining out - of - band monitoring with AI and big data for datacenter aut...
Combining out - of - band monitoring with AI and big data for datacenter aut...
 
Grid computing
Grid computingGrid computing
Grid computing
 
#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...
#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...
#ITsubbotnik Spring 2017: Dmitrii Nikitko "Deep learning for understanding of...
 
Overview of DuraMat software tool development
Overview of DuraMat software tool developmentOverview of DuraMat software tool development
Overview of DuraMat software tool development
 
Real Time Object Dectection using machine learning
Real Time Object Dectection using machine learningReal Time Object Dectection using machine learning
Real Time Object Dectection using machine learning
 
DigitRecognition.pptx
DigitRecognition.pptxDigitRecognition.pptx
DigitRecognition.pptx
 

Kürzlich hochgeladen

Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 

Kürzlich hochgeladen (20)

Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 

Application of machine learning and cognitive computing in intrusion detection systems

  • 1. Application of Hardware-based Machine learning For Intrusion Detection using Cognitive Processors Mahdi Hosseini Moghaddam Purdue University Calumet
  • 2. Table of Content • Introduction • Why new IDS • Significance of Problem • Definitions • Literature review • Architecture • Methodology • Analysis • Conclusion • Future work • Questions • Cost • Timeline • References
  • 3. Introduction • New technologies come to market, and with them new vulnerabilities add to our systems. • Nowadays lots of devices connect to the internet not only computers but also devices like TV, refrigerator, cell phones, doors and even small sensors. • Our today’s markets are less tolerant to down time due to security issues or attacks. • Attacks likes Denial of Service can cause a big problem by make the service unavailable and increase the down time
  • 4. Why New IDS • Intrusion detection systems use two approaches in order to detect the malicious traffic : • signature based which rely on the previously created list of known attacks • Anomaly detection • Signature-based approach can not detect Novell attack and zero-day attack. • Anomaly detection uses machine learning algorithm, however most of them are resource intensive. • Performance and response time is crucial, fast detection is a MUST
  • 5. Significance of Problem • Signature based intrusion detection systems need to check the traffics with thousands or even millions of pattern gathered from previously executed attacks • novel attacks or previous attack with even a minor changes are almost impossible to detect in run time • In order to add the signature of an attack to the base system the attack first needs to detect and analyze and then its pattern should be created
  • 6. Definitions • Machine learning: that we refer to this as ML, is a system that can learn from data • Embedded System: is a sort of computer system often with real-time computing constraints. • Cognitive Processor: it uses the idea of neural network to build a processing unit works like Human Brain. As the Brain it’s consist of small unit called neuron. Neurons in this computational model have its own memory and logic for operating on that memory. • IDS: intrusion detection system • RCE: Restricted Coulomb Energy is a Hyperspherical classifiers. • KNN: K-Nearest Neighbor is a non-parametric method for classification and regression
  • 7. Definitions – KNN • An object is classified by a majority vote of its neighbors, with the object being assigned to the class most common among its k nearest neighbors • The neighbors are taken from a set of objects for which the class (for k-NN classification) is known. • If k = 1, then the object is simply assigned to the class of that single nearest neighbor.
  • 8. Definitions – RCE • The architecture of the RCE network contains two layers: A hidden layer and an output layer. • The hidden layer is fully interconnected to all components of an input pattern • The output layer is sparsely connected to the hidden layer; each hidden unit projects its output to one and only one output unit.
  • 9. Literature Review • A signature based IDS watches for network packets then compares that traffic to a database of known attacks, called signatures. However, there will be a time gap between the attack and the time the system can detect that attack (Barman 2012). • In 2010, Stuxnet, a computer worm, affected nuclear facility in a country. It was designed to harm PLC system (Falliere, 2011). • Baker and Prasanna in 2004, proposed a methodology for building an efficient IDS using FPGA. They showed that this methodology results in 8 times faster computing time in comparison with shift-and-compare architecture. Although they reached high throughput, the amount of false-positive errors was increased. • In 2013 Yoon et al, suggested a Multicore-based IDS. Shared resources in processors create a lot of problem and also add a lot complexity to development of system using those processors. They tried to detect malicious behavior using statistical analysis.
  • 10. Architecture • Data Collector : Raspberry PI Board • Interface Board: Arduino Due • Cognitive Processor : CM1K – Cognimem
  • 11. Architecture (2) – CM1K • It features 1024 neurons working in parallel implementing two non-linear classifiers. • Learn and recognize patterns up to 256 bytes ( 1 Byte for each) • Classify patterns up to 32,768 categories • Choice of Restricted Coulomb Energy (RCE) or K-Nearest Neighbor (KNN) classifiers • Low cost, small footprint, low power consumption (0.5w) • Recognition time independent of the number of neurons
  • 12. Methodology – Data Collection • A small packet sniffer has been developed. The sniffer is based on libpcap library. • The developed packet sniffer is installed on an embedded device which is a Raspberry PI. • The sniffer is based on libpcap library. Once it reads the packet header, it stores it into CSV format.
  • 13. Methodology – Data Collection (2) • In order to have required samples a small isolated LAN has been set up. • Normal packets like ping trace route and other TCP stream have been generated in this network. • Anomaly Packets were gathered by running some network attack using Netwox toolset. • The dataset has 10 features
  • 14. Methodology – Data Collection (3) Features • src_ip • dst_ip • Tos • Len • Id • off • ttl • prt • src_p • dst_p
  • 15. Methodology - Data Normalization • There is only 1 byte available for each feature. 1 byte cannot store numbers higher than 255. • CM1K chip only accepts integer values so the values were rounded. • Collected data should be normalized to fit in this range. This was achieved by using this formula: 𝑥 𝑛𝑒𝑤 = 𝑟𝑑𝑜𝑤𝑛 + 𝑥 − 𝑥 𝑚𝑖𝑛 𝑥 𝑚𝑎𝑥 − 𝑥 𝑚𝑖𝑛 × (𝑟𝑢𝑝−𝑟𝑑𝑜𝑤𝑛)
  • 16. Methodology - Classification and Training • Another column for class was added to dataset. For the normal data, the class is ‘1’ and for data gathered from anomaly traffic the class is ‘2’. • 10 pairs of Test/Train file were prepared. Each file contained 512 samples for normal traffic and 512 for anomaly traffic. • The data must sent form the Arduino board to the CM1K. • After the CM1K was trained The Arduino board loaded the test file into chip. • The chip sends back the distance between the test samples and the trained model starting from shortest distance.
  • 17. Methodology - Classification and Training Using CM1K • The algorithm can be chosen before training part. RCE and KNN can be selected by changing a data register on the Arduino board.
  • 18. Methodology - Classification and Training Using Software SDK • This SDK simulate the hardware algorithms and provide some report and testing functionality.
  • 19. Methodology - Classification and Training Using NSL-KDD Dataset • The KDD Cup '99 dataset was created by processing the tcpdump portions of the 1998 DARPA Intrusion Detection System (IDS) Evaluation dataset • NSL-KDD suggested in order solving some problem of KDD’99 dataset. • NSL-KDD dataset has 41 features and provided thousands of data sample for both training and testing. • By using the same method used before, the CM1K was trained and then tested with both KNN and RCE algorithm. • From test and train samples 10 pairs of completely identical data were created. Each sample file has 1024 samples.
  • 20. Methodology - Classification and Training Using NSL-KDD Dataset (2) • protocol_type • service • flag • src_bytes • dst_bytes • wrong_fragment • num_failed_logins • num_shells • srv_count • rerror_rate • dst_host_count • dst_host_same_srv_rate • dst_host_diff_srv_rate • su_attempted NSL-KDD Dataset features:
  • 21. Analysis- CM1K Result • Simply by comparing the actual class with the determined class it is possible to calculate accuracy Sample # RCE RCE_N RCE_TIME KNN KNN_N KNN_TIME 1 76.76% 3 110249 71.68% 1024 110163 2 82.03% 3 110112 80.66% 1024 110261 3 83.59% 3 110207 85.35% 1024 110453 4 63.78% 5 110003 30.37% 1024 110446 5 85.44% 4 110075 87.21% 1024 110463 6 77.54% 3 110136 87.40% 1024 110240 7 61.82% 3 111890 87.79% 1024 110335 8 58.89% 3 111331 77.25% 1024 110322 9 66.31% 3 110177 32.91% 1024 110486 10 76.17% 3 110259 69.14% 1024 110256
  • 22. Analysis- CM1K Result (2) • Although the accuracy for both RCE and KNN are somehow close but RCE showed less diversity and hence more consistency in the accuracy. RCE KNN Average 73.23% 70.98% Variance 0.00940922 0.04730602 Standard Deviation 0.09700113 0.21749947
  • 23. Analysis- Software Result • The result for RCE algorithm obtained from hardware and software gathered in below table. As it is shown below from the accuracy points of view both are same however surprisingly software solution was much faster that hardware ones. Sample # Hardware Software Accuracy # of Neurons TIME Accuracy # of Neurons TIME 1 76.76% 3 110249 76.76% 3 1230 2 82.03% 3 110112 82.03% 3 910 3 83.59% 3 110207 83.59% 3 890 4 63.78% 5 110003 64.06% 5 1170 5 85.44% 4 110075 85.45% 4 880 6 77.54% 3 110136 77.54% 3 780 7 61.82% 3 111890 61.82% 3 800 8 58.89% 3 111331 58.89% 3 900 9 66.31% 3 110177 66.31% 3 820 10 76.17% 3 110259 76.17% 3 880
  • 24. Analysis- CM1K Result NSL-KDD Dataset • Because the same amount of data was used, the result is in same structure with the dataset created as part of this project. Sample # RCE RCE_N RCE_TIME KNN KNN_N KNN_TIME 1 79.39% 2 123728 87.01% 1024 123195 2 58.40% 3 123522 59.67% 1024 123500 3 79.59% 2 123853 87.40% 1024 123146 4 50.88% 7 123188 84.86% 1024 123430 5 57.91% 2 123662 86.72% 1024 123505 6 80.57% 2 123824 84.47% 1024 123338 7 79.88% 5 123362 88.77% 1024 123691 8 80.66% 3 123611 81.05% 1024 123448 9 58.30% 2 123678 83.40% 1024 123426 10 78.81% 2 123974 87.30% 1024 123286
  • 25. Conclusion • CM1K provides parallelism with low cost and energy consumption • CM1K provides classification algorithm in hardware level • Although KNN showed more accuracy but RCE used less Neuron. • Having good data is a big challenge • This project can be used for any classification problem • 𝐼2 𝐶 is not a good communication bus as it creates bottleneck
  • 26. Future Work • Having more features regarding network packets • Using a chain of chips • Using USB instead of 𝐼2 𝐶 • Developing alarming method • Create a general classifier
  • 28. Cost Cost for required equipment Item Price Arduino Due 40 $ Raspberry PI Model B 40$ Cognimem CM1K Chip 150$ Bread Board 20$ Memory SD 8 GB 12 $ Wire & resistor & oscillator 5 $ AC Adapter 5.0 V Out 20 $ USB Cable – A Male to B Male 7 $ Soldering Kit 90$
  • 29. Time Line 120 Days dedicated for project accomplishment 0 20 40 60 80 100 120 140 Developing Packet Sniffer Get the components Design of the system Installing Packet Sniffer on Raspberry PI Soldering complete and approved by advisor Gathering Sample from Network Developing Classifier Code On Arduion Training the Chip Testing the IDS with random Data Post testing modification Timeline Start Days Completed
  • 30. References • Cheng (2006). On-Time and Scalable Intrusion Detection in Embedded Systems. Albert Mo Kim Cheng, Real-Time Systems Laboratory Department of Computer Science University of Houston. • Axelsson (1999). Research in intrusion-detection systems: A survey. TR 98-17, Department of Computer Engineering, Chalmers University of Technology, G ¨ oteborg, Sweden, December 1998. Revised August 19, 1999. • Kerschbaum (2001) Florian Kerschbaum, Eugene H. Spafford, Diego Zamboni. Using internal sensors and embedded detectors for intrusion detection. Center for Education and Research in Information Assurance and Security 1315 Recitation Building Purdue University. • Tavallaee (2009) Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani. A Detailed Analysis of the KDD CUP 99 Data Set. • Hripcsak, G., & Rothschild, A. (2005). Agreement, the F-Measure, and the Reliability in Information Retrieval. Retrieved from http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1090460/pdf/296.pdf