International Science Index
Regional Low Gravity Anomalies Influencing High Concentrations of Heavy Minerals on Placer Deposits
Regions of low gravity and gravity anomalies both influence heavy mineral concentrations on placer deposits. Economically imported heavy minerals are likely to have higher levels of deposition in low gravity regions of placer deposits. This can be found in coastal regions of Southern Asia, particularly in Sri Lanka and Peninsula India and areas located in the lowest gravity region of the world. The area about 70 kilometers of the east coast of Sri Lanka is covered by a high percentage of ilmenite deposits, and the southwest coast of the island consists of Monazite placer deposit. These deposits are one of the largest placer deposits in the world. In India, the heavy mineral industry has a good market. On the other hand, based on the coastal placer deposits recorded, the high gravity region located around Papua New Guinea, has no such heavy mineral deposits. In low gravity regions, with the help of other depositional environmental factors, the grains have more time and space to float in the sea, this helps bring high concentrations of heavy mineral deposits to the coast. The effect of low and high gravity can be demonstrated by using heavy mineral separation devices. The Wilfley heavy mineral separating table is one of these; it is extensively used in industries and in laboratories for heavy mineral separation. The horizontally oscillating Wilfley table helps to separate heavy and light mineral grains in to deferent fractions, with the use of water. In this experiment, the low and high angle of the Wilfley table are representing low and high gravity respectively. A sample mixture of grain size <0.85 mm of heavy and light mineral grains has been used for this experiment. The high and low angle of the table was 60 and 20 respectively for this experiment. The separated fractions from the table are again separated into heavy and light minerals, with the use of heavy liquid, which consists of a specific gravity of 2.85. The fractions of separated heavy and light minerals have been used for drawing the two-dimensional graphs. The graphs show that the low gravity stage has a high percentage of heavy minerals collected in the upper area of the table than in the high gravity stage. The results of the experiment can be used for the comparison of regional low gravity and high gravity levels of heavy minerals. If there are any heavy mineral deposits in the high gravity regions, these deposits will take place far away from the coast, within the continental shelf.
Imposter Detection Based on Location in Vehicular Ad-Hoc Network
Vehicular Ad hoc Network is basically the solution of several problems associated while vehicles are plying on the road. In this paper, we have focused on the detection of imposter node while it has stolen the ID's of the authenticated vehicle in the network. The purpose is to harm the network through imposter messages. Here, we have proposed a protocol namely Imposter Detection based on Location (IDBL), which will store the location coordinate of the each vehicle as the key of the authenticity of the message so that imposter node can be detected. The imposter nodes send messages from a stolen ID and show that it is from an authentic node ID. So, to detect this anomaly, the first location is checked and observed different from original vehicle location. This node is known as imposter node. We have implemented the algorithm through JAVA and tested various types of node distribution and observed the detection probability of imposter node.
A Framework for SQL Learning: Linking Learning Taxonomy, Cognitive Model and Cross Cutting Factors
Databases comprise the foundation of most software systems. System developers inevitably write code to query these databases. The de facto language for querying is SQL and this, consequently, is the default language taught by higher education institutions. There is evidence that learners find it hard to master SQL, harder than mastering other programming languages such as Java. Educators do not agree about explanations for this seeming anomaly. Further investigation may well reveal the reasons. In this paper, we report on our investigations into how novices learn SQL, the actual problems they experience when writing SQL, as well as the differences between expert and novice SQL query writers. We conclude by presenting a model of SQL learning that should inform the instructional material design process better to support the SQL learning process.
Effect of Weathering on the Mineralogy and Geochemistry of Sediments of the Hyper Saline Urmia Salt Lake, Iran
Urmia Salt Lake (USL) is a hypersaline lake in the northwest of Iran. It contains halite as main dissolved and precipitated mineral and the major mineral mixed with lake bed sediments. Other detrital minerals such as calcite, aragonite, dolomite, quartz, feldspars, augite are forming lake sediments. This study examined the impact of weathering of this sediments collected from 1.5 meters depth and augite placers. The study indicated that weathering of tephritic and adakite rocks of the Islamic Island at the immediate boundary of the lake play a main control of lake bed sediments and has produced a large volume of augite placer along the lake bank. Weathering increases from south to toward north with increasing distance from Islamic Island. Geochemistry of lake sediments demonstrated the enrichment of MgO, CaO, Sr with an elevated anomaly of Eu, possibly due to surface absorbance of Mn and Fe associated Sr elevation originating from adakite volcanic rocks in the vicinity of the lake basin. The study shows the local geology is the major factor in origin of lake sediments than chemical and biochemical produced mineral during diagenetic processes.
Application of Building Information Modeling in Energy Management of Individual Departments Occupying University Facilities
To assist individual departments within universities in their energy management tasks, this study explores the application of Building Information Modeling in establishing the ‘BIM based Energy Management Support System’ (BIM-EMSS). The BIM-EMSS consists of six components: (1) sensors installed for each occupant and each equipment, (2) electricity sub-meters (constantly logging lighting, HVAC, and socket electricity consumptions of each room), (3) BIM models of all rooms within individual departments’ facilities, (4) data warehouse (for storing occupancy status and logged electricity consumption data), (5) building energy management system that provides energy managers with various energy management functions, and (6) energy simulation tool (such as eQuest) that generates real time 'standard energy consumptions' data against which 'actual energy consumptions' data are compared and energy efficiency evaluated. Through the building energy management system, the energy manager is able to (a) have 3D visualization (BIM model) of each room, in which the occupancy and equipment status detected by the sensors and the electricity consumptions data logged are displayed constantly; (b) perform real time energy consumption analysis to compare the actual and standard energy consumption profiles of a space; (c) obtain energy consumption anomaly detection warnings on certain rooms so that energy management corrective actions can be further taken (data mining technique is employed to analyze the relation between space occupancy pattern with current space equipment setting to indicate an anomaly, such as when appliances turn on without occupancy); and (d) perform historical energy consumption analysis to review monthly and annually energy consumption profiles and compare them against historical energy profiles. The BIM-EMSS was further implemented in a research lab in the Department of Architecture of NTUST in Taiwan and implementation results presented to illustrate how it can be used to assist individual departments within universities in their energy management tasks.
Anomaly Detection with ANN and SVM for Telemedicine Networks
In recent years, a wide variety of applications are developed with Support Vector Machines -SVM- methods and Artificial Neural Networks -ANN-. In general, these methods depend on intrusion knowledge databases such as KDD99, ISCX, and CAIDA among others. New classes of detectors are generated by machine learning techniques, trained and tested over network databases. Thereafter, detectors are employed to detect anomalies in network communication scenarios according to user’s connections behavior. The first detector based on training dataset is deployed in different real-world networks with mobile and non-mobile devices to analyze the performance and accuracy over static detection. The vulnerabilities are based on previous work in telemedicine apps that were developed on the research group. This paper presents the differences on detections results between some network scenarios by applying traditional detectors deployed with artificial neural networks and support vector machines.
Outdoor Anomaly Detection with a Spectroscopic Line Detector
One of the tasks of optical surveillance is to detect
anomalies in large amounts of image data. However, if the size of the
anomaly is very small, limited information is available to distinguish
it from the surrounding environment. Spectral detection provides a
useful source of additional information and may help to detect
anomalies with a size of a few pixels or less. Unfortunately, spectral
cameras are expensive because of the difficulty of separating two
spatial in addition to one spectral dimension. We investigate the
possibility of modifying a simple spectral line detector for outdoor
detection. This may be especially useful if the area of interest forms a
line, such as the horizon. We use a monochrome CCD that also
enables detection into the near infrared. A simple camera is attached
to the setup to determine which part of the environment is spectrally
imaged. Our preliminary results indicate that sensitive detection of
very small targets is indeed possible. Spectra could be taken from the
various targets by averaging columns in the line image. By imaging a
set of lines of various widths we found narrow lines that could not be
seen in the color image but remained visible in the spectral line
image. A simultaneous analysis of the entire spectra can produce
better results than visual inspection of the line spectral image. We are
presently developing calibration targets for spatial and spectral
focusing and alignment with the spatial camera. This will present
improved results and more use in outdoor application.
Space Telemetry Anomaly Detection Based on Statistical PCA Algorithm
The critical concern of satellite operations is to ensure
the health and safety of satellites. The worst case in this perspective
is probably the loss of a mission, but the more common interruption
of satellite functionality can result in compromised mission
objectives. All the data acquiring from the spacecraft are known as
Telemetry (TM), which contains the wealth information related to the
health of all its subsystems. Each single item of information is
contained in a telemetry parameter, which represents a time-variant
property (i.e. a status or a measurement) to be checked. As a
consequence, there is a continuous improvement of TM monitoring
systems to reduce the time required to respond to changes in a
satellite's state of health. A fast conception of the current state of the
satellite is thus very important to respond to occurring failures.
Statistical multivariate latent techniques are one of the vital learning
tools that are used to tackle the problem above coherently.
Information extraction from such rich data sources using advanced
statistical methodologies is a challenging task due to the massive
volume of data. To solve this problem, in this paper, we present a
proposed unsupervised learning algorithm based on Principle
Component Analysis (PCA) technique. The algorithm is particularly
applied on an actual remote sensing spacecraft. Data from the
Attitude Determination and Control System (ADCS) was acquired
under two operation conditions: normal and faulty states. The models
were built and tested under these conditions, and the results show that
the algorithm could successfully differentiate between these
operations conditions. Furthermore, the algorithm provides
competent information in prediction as well as adding more insight
and physical interpretation to the ADCS operation.
Lithium Oxide Effect on the Thermal and Physical Properties of the Ternary System Glasses (Li2O3-B2O3-Al2O3)
The borate glasses are known by their structural
characterized by existence of unit’s structural composed by triangles
and tetrahedrons boron in different configurations depending on the
percentage of B2O3 in the glass chemical composition. In this paper,
effect of lithium oxide addition on the thermal and physical
properties of an alumina borate glass, was investigated. It was found
that the boron abnormality has a significant effect in the change of
glass properties according to the addition rate of lithium oxide.
EUDIS-An Encryption Scheme for User-Data Security in Public Networks
The method of introducing the proxy interpretation for
sending and receiving requests increase the capability of the server
and our approach UDIV (User-Data Identity Security) to solve the
data and user authentication without extending size of the data makes
better than hybrid IDS (Intrusion Detection System). And at the same
time all the security stages we have framed have to pass through less
through that minimize the response time of the request. Even though
an anomaly detected, before rejecting it the proxy extracts its identity
to prevent it to enter into system. In case of false anomalies, the
request will be reshaped and transformed into legitimate request for
further response. Finally we are holding the normal and abnormal
requests in two different queues with own priorities.
On Algebraic Structure of Improved Gauss-Seidel Iteration
Analysis of real life problems often results in linear
systems of equations for which solutions are sought. The method to
employ depends, to some extent, on the properties of the coefficient
matrix. It is not always feasible to solve linear systems of equations
by direct methods, as such the need to use an iterative method
becomes imperative. Before an iterative method can be employed
to solve a linear system of equations there must be a guaranty that
the process of solution will converge. This guaranty, which must
be determined apriori, involve the use of some criterion expressible
in terms of the entries of the coefficient matrix. It is, therefore,
logical that the convergence criterion should depend implicitly on the
algebraic structure of such a method. However, in deference to this
view is the practice of conducting convergence analysis for Gauss-
Seidel iteration on a criterion formulated based on the algebraic
structure of Jacobi iteration. To remedy this anomaly, the Gauss-
Seidel iteration was studied for its algebraic structure and contrary
to the usual assumption, it was discovered that some property of the
iteration matrix of Gauss-Seidel method is only diagonally dominant
in its first row while the other rows do not satisfy diagonal dominance.
With the aid of this structure we herein fashion out an improved
version of Gauss-Seidel iteration with the prospect of enhancing
convergence and robustness of the method. A numerical section is
included to demonstrate the validity of the theoretical results obtained
for the improved Gauss-Seidel method.
Relay Node Selection Algorithm for Cooperative Communications in Wireless Networks
IEEE 802.11a/b/g standards support multiple transmission rates. Even though the use of multiple transmission rates increase the WLAN capacity, this feature leads to the performance anomaly problem. Cooperative communication was introduced to relieve the performance anomaly problem. Data packets are delivered to the destination much faster through a relay node with high rate than through direct transmission to the destination at low rate. In the legacy cooperative protocols, a source node chooses a relay node only based on the transmission rate. Therefore, they are not so feasible in multi-flow environments since they do not consider the effect of other flows. To alleviate the effect, we propose a new relay node selection algorithm based on the transmission rate and channel contention level. Performance evaluation is conducted using simulation, and shows that the proposed protocol significantly outperforms the previous protocol in terms of throughput and delay.
A Study on Abnormal Behavior Detection in BYOD Environment
Advancement of communication technologies and smart devices in the recent times is leading to changes into the integrated wired and wireless communication environments. Since early days, businesses had started introducing environments for mobile device application to their operations in order to improve productivity (efficiency) and the closed corporate environment gradually shifted to an open structure. Recently, individual user's interest in working environment using mobile devices has increased and a new corporate working environment under the concept of BYOD is drawing attention. BYOD (bring your own device) is a concept where individuals bring in and use their own devices in business activities. Through BYOD, businesses can anticipate improved productivity (efficiency) and also a reduction in the cost of purchasing devices. However, as a result of security threats caused by frequent loss and theft of personal devices and corporate data leaks due to low security, companies are reluctant about adopting BYOD system. In addition, without considerations to diverse devices and connection environments, there are limitations in detecting abnormal behaviors, such as information leaks, using the existing network-based security equipment. This study suggests a method to detect abnormal behaviors according to individual behavioral patterns, rather than the existing signature-based malicious behavior detection, and discusses applications of this method in BYOD environment.
Evaluating Performance of an Anomaly Detection Module with Artificial Neural Network Implementation
Anomaly detection techniques have been focused on two main components: data extraction and selection and the second one is the analysis performed over the obtained data. The goal of this paper is to analyze the influence that each of these components has over the system performance by evaluating detection over network scenarios with different setups. The independent variables are as follows: the number of system inputs, the way the inputs are codified and the complexity of the analysis techniques. For the analysis, some approaches of artificial neural networks are implemented with different number of layers. The obtained results show the influence that each of these variables has in the system performance.
Autonomously Determining the Parameters for SVDD with RBF Kernel from a One-Class Training Set
The one-class support vector machine “support vector
data description” (SVDD) is an ideal approach for anomaly or outlier
detection. However, for the applicability of SVDD in real-world
applications, the ease of use is crucial. The results of SVDD are
massively determined by the choice of the regularisation parameter C
and the kernel parameter of the widely used RBF kernel. While for
two-class SVMs the parameters can be tuned using cross-validation
based on the confusion matrix, for a one-class SVM this is not
possible, because only true positives and false negatives can occur
during training. This paper proposes an approach to find the optimal
set of parameters for SVDD solely based on a training set from
one class and without any user parameterisation. Results on artificial
and real data sets are presented, underpinning the usefulness of the
An Anomaly Detection Approach to Detect Unexpected Faults in Recordings from Test Drives
In the automotive industry test drives are being conducted
during the development of new vehicle models or as a part of
quality assurance of series-production vehicles. The communication
on the in-vehicle network, data from external sensors, or internal
data from the electronic control units is recorded by automotive
data loggers during the test drives. The recordings are used for fault
analysis. Since the resulting data volume is tremendous, manually
analysing each recording in great detail is not feasible.
This paper proposes to use machine learning to support domainexperts
by preventing them from contemplating irrelevant data and
rather pointing them to the relevant parts in the recordings. The
underlying idea is to learn the normal behaviour from available
recordings, i.e. a training set, and then to autonomously detect
unexpected deviations and report them as anomalies.
The one-class support vector machine “support vector data description”
is utilised to calculate distances of feature vectors. SVDDSUBSEQ
is proposed as a novel approach, allowing to classify subsequences
in multivariate time series data. The approach allows to
detect unexpected faults without modelling effort as is shown with
experimental results on recordings from test drives.
Underpricing of IPOs during Hot and Cold Market Periods on the South African Stock Exchange (JSE)
Underpricing is one anomaly in initial public offerings
(IPO) literature that has been widely observed across different stock
markets with different trends emerging over different time periods.
This study seeks to determine how IPOs on the JSE performed on the
first day, first week and first month over the period of 1996-2011.
Underpricing trends are documented for both hot and cold market
periods in terms of four main sectors (cyclical, defensive, growth
stock and interest rate sensitive stocks). Using a sample of 360 listed
companies on the JSE, the empirical findings established that IPOs
on the JSE are significantly underpriced with an average market
adjusted first day return of 62.9%. It is also established that hot
market IPOs on the JSE are more underpriced than the cold market
IPOs. Also observed is the fact that as the offer price per share
increases above the median price for any given period, the level of
underpricing decreases substantially. While significant differences
exist in the level of underpricing of IPOs in the four different sectors
in the hot and cold market periods, interest rates sensitive stocks
showed a different trend from the other sectors and thus require
further investigation to uncover this pattern.
Intrusion Detection Using a New Particle Swarm Method and Support Vector Machines
Intrusion detection is a mechanism used to protect a
system and analyse and predict the behaviours of system users. An
ideal intrusion detection system is hard to achieve due to
nonlinearity, and irrelevant or redundant features. This study
introduces a new anomaly-based intrusion detection model. The
suggested model is based on particle swarm optimisation and
nonlinear, multi-class and multi-kernel support vector machines.
Particle swarm optimisation is used for feature selection by applying
a new formula to update the position and the velocity of a particle;
the support vector machine is used as a classifier. The proposed
model is tested and compared with the other methods using the KDD
CUP 1999 dataset. The results indicate that this new method achieves
better accuracy rates than previous methods.
Research on Hybrid Neural Network in Intrusion Detection System
This paper presents an intrusion detection system of hybrid neural network model based on RBF and Elman. It is used for anomaly detection and misuse detection. This model has the memory function .It can detect discrete and related aggressive behavior effectively. RBF network is a real-time pattern classifier, and Elman network achieves the memory ability for former event. Based on the hybrid model intrusion detection system uses DARPA data set to do test evaluation. It uses ROC curve to display the test result intuitively. After the experiment it proves this hybrid model intrusion detection system can effectively improve the detection rate, and reduce the rate of false alarm and fail.
Anomaly Based On Frequent-Outlier for Outbreak Detection in Public Health Surveillance
Public health surveillance system focuses on outbreak detection and data sources used. Variation or aberration in the frequency distribution of health data, compared to historical data is often used to detect outbreaks. It is important that new techniques be developed to improve the detection rate, thereby reducing wastage of resources in public health. Thus, the objective is to developed technique by applying frequent mining and outlier mining techniques in outbreak detection. 14 datasets from the UCI were tested on the proposed technique. The performance of the effectiveness for each technique was measured by t-test. The overall performance shows that DTK can be used to detect outlier within frequent dataset. In conclusion the outbreak detection technique using anomaly-based on frequent-outlier technique can be used to identify the outlier within frequent dataset.
Anomalous Thermal Behavior of CuxMg1-xNb2O6 (x=0,0.4,0.6,1) for LTCC Substrate
LTCC (Low Temperature Co-fired Ceramics) being the most advantageous technology towards the multilayer substrates for various applications, demands an extensive study of its raw materials. In the present work, a series of CuxMg1-xNb2O6 (x=0,0.4,0.6,1) has been prepared using sol-gel synthesis route and sintered at a temperature of 900°C to study its applicability for LTCC technology as the firing temperature is 900°C in this technology. The phase formation has been confirmed using X-ray Diffraction. Thermal properties like thermal conductivity and thermal expansion being very important aspect as the former defines the heat flow to avoid thermal instability in layers and the later provides the dimensional congruency of the dielectric material and the conductors, are studied here over high temperature up to the firing temperature. Although the values are quite satisfactory from substrate requirement point view, results have shown anomaly over temperature. The anomalous thermal behavior has been further analyzed using TG-DTA.
Influenza Pattern Analysis System through Mining Weblogs
Weblogs are resource of social structure to discover and track the various type of information written by blogger. In this paper, we proposed to use mining weblogs technique for identifying the trends of influenza where blogger had disseminated their opinion for the anomaly disease. In order to identify the trends, web crawler is applied to perform a search and generated a list of visited links based on a set of influenza keywords. This information is used to implement the analytics report system for monitoring and analyzing the pattern and trends of influenza (H1N1). Statistical and graphical analysis reports are generated. Both types of the report have shown satisfactory reports that reflect the awareness of Malaysian on the issue of influenza outbreak through blogs.
Behavioral Signature Generation using Shadow Honeypot
A novel behavioral detection framework is proposed
to detect zero day buffer overflow vulnerabilities (based on network
behavioral signatures) using zero-day exploits, instead of the
signature-based or anomaly-based detection solutions currently
available for IDPS techniques. At first we present the detection
model that uses shadow honeypot. Our system is used for the online
processing of network attacks and generating a behavior detection
profile. The detection profile represents the dataset of 112 types of
metrics describing the exact behavior of malware in the network. In
this paper we present the examples of generating behavioral
signatures for two attacks – a buffer overflow exploit on FTP server
and well known Conficker worm. We demonstrated the visualization
of important aspects by showing the differences between valid
behavior and the attacks. Based on these metrics we can detect
attacks with a very high probability of success, the process of
detection is however very expensive.
Biological Diagnosis and Physiopathology of von Willebrand-s Disease in a Part of the Algerian Population in the East and the South
Von Willebrand-s disease is the most common
inherited bleeding disorder in humans, it
caused by qualitative abnormalities of the von Willebrand factor
(vWF). Our objective is to determine the prevalence of this disease at
part of the Algerian population in the East and the South by a
biological diagnosis based on specific biological tests (automated
platelet count, the bleeding time (TS), the time of cephalin + activator
(TCA), measure of the prothrombin rate (TP), vWF rate and factor
VIII rate, Molecular electrophoresis of vWF multimers in agarose gel
in the presence of SDS). Four patients of type III or severe
Willebrand-s disease were found on 200 suspect cases. All cases are
showed a deficit in vWF rate (< 5%), and factor VIII (P
Petrology and Geochemistry of Granitic Rocks in South Sulawesi, Indonesia: Implication for Origin of Magma and Geodynamic Setting
Petrology and geochemical characteristics of granitic
rocks from South Sulawesi, especially from Polewaliand Masamba
area are presented in order to elucidate their origin of magma and
geodynamic setting. The granitic rocks in these areas are dominated by
granodiorite and granite in composition. Quartz, K-feldspar and
plagioclase occur as major phases with hornblende and biotite as
major ferromagnesian minerals. All of the samples were plotted in
calc-alkaline field, show metaluminous affinity and typical of I-type
granitic rock. Harker diagram indicates that granitic rocks experienced
fractional crystallization during magmatic evolution. Both groups
displayed an extreme enrichment of LILE, LREE and a slight negative
Eu anomaly which resemble upper continental crust affinity. They
were produced from partial melting of upper continental crust and
have close relationship of sources composition within a suite. The
geochemical characteristics explained the arc related subduction
environment which later give an evidence of continent-continent
collision between Australia-derived microcontinent and Sundalandto
form continental arc environment.
Increase of Heat Index over Bangladesh: Impact of Climate Change
Heat Index describes the combined effect of
temperature and humidity on human body. This combined effect is
causing a serious threat to the health of people because of the
changing climate. With climate change, climate variability and thus
the occurrence of heat waves is likely to increase. Evidence is
emerging from the analysis of long-term climate records of an
increase in the frequency and duration of extreme temperature events
in all over Bangladesh particularly during summer. Summer season
has prolonged while winters have become short in Bangladesh.
Summers have become hotter and thus affecting the lives of the
people engaged in outdoor activities during scorching sun hours. In
2003 around 62 people died due to heat wave across the country. In
this paper Bangladesh is divided in four regions and heat index has
been calculated from 1960 to 2010 in these regions of the country.
The aim of this paper is to identify the spots most vulnerable to heat
strokes and heat waves due to high heat index. The results show
upward trend of heat index in almost all the regions of Bangladesh.
The highest increase in heat index value has been observed in areas
of South-west region and North-west Region. The highest change in
average heat index has been found in Jessore by almost 5.50C.
Soft Computing based Retrieval System for Medical Applications
With increasing data in medical databases, medical
data retrieval is growing in popularity. Some of this analysis
including inducing propositional rules from databases using many
soft techniques, and then using these rules in an expert system.
Diagnostic rules and information on features are extracted from
clinical databases on diseases of congenital anomaly. This paper
explain the latest soft computing techniques and some of the
adaptive techniques encompasses an extensive group of methods
that have been applied in the medical domain and that are used for
the discovery of data dependencies, importance of features,
patterns in sample data, and feature space dimensionality
reduction. These approaches pave the way for new and interesting
avenues of research in medical imaging and represent an important
challenge for researchers.
Scaling up Detection Rates and Reducing False Positives in Intrusion Detection using NBTree
In this paper, we present a new learning algorithm for
anomaly based network intrusion detection using improved self
adaptive naïve Bayesian tree (NBTree), which induces a hybrid of
decision tree and naïve Bayesian classifier. The proposed approach
scales up the balance detections for different attack types and keeps
the false positives at acceptable level in intrusion detection. In
complex and dynamic large intrusion detection dataset, the detection
accuracy of naïve Bayesian classifier does not scale up as well as
decision tree. It has been successfully tested in other problem
domains that naïve Bayesian tree improves the classification rates in
large dataset. In naïve Bayesian tree nodes contain and split as
regular decision-trees, but the leaves contain naïve Bayesian
classifiers. The experimental results on KDD99 benchmark network
intrusion detection dataset demonstrate that this new approach scales
up the detection rates for different attack types and reduces false
positives in network intrusion detection.
Genetic-based Anomaly Detection in Logs of Process Aware Systems
Nowaday-s, many organizations use systems that
support business process as a whole or partially. However, in some
application domains, like software development and health care
processes, a normative Process Aware System (PAS) is not suitable,
because a flexible support is needed to respond rapidly to new
process models. On the other hand, a flexible Process Aware System
may be vulnerable to undesirable and fraudulent executions, which
imposes a tradeoff between flexibility and security. In order to make
this tradeoff available, a genetic-based anomaly detection model for
logs of Process Aware Systems is presented in this paper. The
detection of an anomalous trace is based on discovering an
appropriate process model by using genetic process mining and
detecting traces that do not fit the appropriate model as anomalous
trace; therefore, when used in PAS, this model is an automated
solution that can support coexistence of flexibility and security.
Attacks Classification in Adaptive Intrusion Detection using Decision Tree
Recently, information security has become a key issue
in information technology as the number of computer security
breaches are exposed to an increasing number of security threats. A
variety of intrusion detection systems (IDS) have been employed for
protecting computers and networks from malicious network-based or
host-based attacks by using traditional statistical methods to new data
mining approaches in last decades. However, today's commercially
available intrusion detection systems are signature-based that are not
capable of detecting unknown attacks. In this paper, we present a
new learning algorithm for anomaly based network intrusion
detection system using decision tree algorithm that distinguishes
attacks from normal behaviors and identifies different types of
intrusions. Experimental results on the KDD99 benchmark network
intrusion detection dataset demonstrate that the proposed learning
algorithm achieved 98% detection rate (DR) in comparison with
other existing methods.