Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem
description
Transcript of Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem
![Page 1: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/1.jpg)
Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem
Stephanie Steren-Ruta- West High School ‘12Syeda Faiza Islam- Farragut High School ‘15
Young Scholars ProgramJuly 17, 2012
Knoxville, Tennessee
![Page 2: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/2.jpg)
The problem
•Securing the Smart Grid
▫Effective ways
![Page 3: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/3.jpg)
06-3
•http://www.youtube.com/watch?v=P0xfRhM1Jp8
![Page 4: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/4.jpg)
Terms
•Intrusion Detection
•Pattern recognition
•Bayes Theorem
•Maximum a-posterior probability (MAP)
![Page 5: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/5.jpg)
Intrusion Detection
•identify unauthorized use, misuse and
abuse of computer systems by both
system insiders and external predators.
![Page 6: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/6.jpg)
Types of Intrusions
•Denial of Service (DOS)
•Remote to Local (R2L)
•User to Root (U2R)
•Probing
![Page 7: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/7.jpg)
Pattern Recognition
•identifying the patterns in a set of data
and classifying and categorizing it
06-7
![Page 8: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/8.jpg)
Bayes' Theorem
•is a mathematical formula used for
calculating conditional probabilities
![Page 9: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/9.jpg)
Maximum a-posterior probability (MAP)
•Assigning to the sample of interest the
membership based on which the sample
has the highest a-posterior probability.
![Page 10: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/10.jpg)
Bayes' Theorem
![Page 11: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/11.jpg)
Multivariate Gaussian Distribution
𝑃 (�⃑� )= 1
(2𝜋 ) 𝑑2|Σ|
12
𝑒𝑥𝑝(−12
( �⃑�−�⃑�)𝑡 Σ−1 ( �⃑�− �⃑�))
![Page 12: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/12.jpg)
Discriminant Function
=ln
+ln[P(B)]
![Page 13: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/13.jpg)
Analysis of Data
• Have a training data and testing data that have results.
• Take the training and separate into the different categories
• Acquire the covariance and mean
• Make a loop that tests all categories with the discriminant
function
• Check for accuracy
• Change prior-probability until acquiring most accurate result
![Page 14: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/14.jpg)
Data Set
06-14
![Page 15: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/15.jpg)
Code• for i=1:length(test_data);• current_entry = test_data(i,:);
• Function_1 = (-.5*((current_entry-mean_1)*inv(cov_1)*(current_entry-mean_1)'))-(.5*(log(det(cov_1))))+(log(.7));%Table_0 discriminant function
• Function_2 = (-.5*(current_entry-mean_2)*inv(cov_2)*(current_entry-mean_2)')-(.5*(log(det(cov_2))))+(log(.0025));%Table_1 discriminant function
• Function_3 = (-.5*((current_entry-mean_3)*inv(cov_3)*(current_entry-mean_3)'))-(.5*(log(det(cov_3))))+(log(.0025));%Table_0 discriminant function
• Function_4 = (-.5*(current_entry-mean_4)*inv(cov_4)*(current_entry-mean_4)')-(.5*(log(det(cov_4))))+(log(.05));%Table_1 discriminant function
• Function_5 = (-.5*((current_entry-mean_5)*inv(cov_5)*(current_entry-mean_5)'))-(.5*(log(det(cov_5))))+(log(.2));%Table_0 discriminant function
• [C,I] = max([Function_1,Function_2,Function_3,Function_4,Function_5]);• Decision(i,1)= I;• end
![Page 16: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/16.jpg)
Results
•Accuracy
•Prior Probability
![Page 17: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/17.jpg)
Confusion Matrix
12345
1 2 3 4 5
1-DOS2- R2L3- U2R4- Probing5- Normal Connection
![Page 18: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/18.jpg)
12345
1 2 3 4 5
![Page 19: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/19.jpg)
•Error
•Future Improvements
![Page 20: Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem](https://reader035.fdocuments.net/reader035/viewer/2022062321/568132d3550346895d9997a3/html5/thumbnails/20.jpg)
References• [1]Mukherjee, B.; Heberlein, L.T.; Levitt, K.N.; , "Network intrusion detection," Network,
IEEE , vol.8, no.3, pp.26-41, May-June 1994doi: 10.1109/65.283931URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=283931&isnumber=7023
• [2]Jain, A.K.; Duin, R.P.W.; Jianchang Mao; , "Statistical pattern recognition: a review," Pattern Analysis and Machine Intelligence, IEEE Transactions on , vol.22, no.1, pp.4-37, Jan 2000doi: 10.1109/34.824819URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=824819&isnumber=17859
• [3]Anonymous. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Chapter 15, pp. 359-362. Sams.net , 201 West 103rd Street, Indianapolis, IN, 46290. 1997.
• [4] Simson Garfinkel and Gene Spafford. Practical Unix & Internet Security. O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol CA, 95472, 2nd edition, April 1996.
• [5]. N.p., n.d. Web. 10 Jul 2012. <http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/docs/attackDB.html
• [6]Joyce, James, "Bayes' Theorem", The Stanford Encyclopedia of Philosophy (Fall 2008 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/fall2008/entries/bayes-theorem/>.