1 / 20

Cyber Intrusion Detection Algorithm Using Bayes’ Theorem

Learn about a cyber intrusion detection algorithm based on Bayes' Theorem. This method helps secure the Smart Grid by identifying unauthorized use and misuse of computer systems. Discover the process of pattern recognition and the application of the Maximum a-posterior probability (MAP) in intrusion detection. Detailed steps, code, and results are provided. Explore references for further insights.

ora-kerr
Télécharger la présentation

Cyber Intrusion Detection Algorithm Using Bayes’ Theorem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem Stephanie Steren-Ruta- West High School ‘12 SyedaFaizaIslam- Farragut High School ‘15 Young Scholars Program July 17, 2012 Knoxville, Tennessee

  2. The problem • Securing the Smart Grid • Effective ways

  3. http://www.youtube.com/watch?v=P0xfRhM1Jp8

  4. Terms • Intrusion Detection • Pattern recognition • Bayes Theorem • Maximum a-posterior probability (MAP)

  5. Intrusion Detection • identify unauthorized use, misuse and abuse of computer systems by both system insiders and external predators.

  6. Types of Intrusions • Denial of Service (DOS) • Remote to Local (R2L) • User to Root (U2R) • Probing

  7. Pattern Recognition • identifying the patterns in a set of data and classifying and categorizing it

  8. Bayes' Theorem • is a mathematical formula used for calculating conditional probabilities

  9. Maximum a-posterior probability (MAP) • Assigning to the sample of interest the membership based on which the sample has the highest a-posterior probability.

  10. Bayes' Theorem

  11. Multivariate Gaussian Distribution

  12. Discriminant Function =ln +ln[P(B)]

  13. Analysis of Data • Have a training data and testing data that have results. • Take the training and separate into the different categories • Acquire the covariance and mean • Make a loop that tests all categories with the discriminant function • Check for accuracy • Change prior-probability until acquiring most accurate result

  14. Data Set

  15. Code • for i=1:length(test_data); • current_entry = test_data(i,:); • Function_1 = (-.5*((current_entry-mean_1)*inv(cov_1)*(current_entry-mean_1)'))-(.5*(log(det(cov_1))))+(log(.7));%Table_0 discriminant function • Function_2 = (-.5*(current_entry-mean_2)*inv(cov_2)*(current_entry-mean_2)')-(.5*(log(det(cov_2))))+(log(.0025));%Table_1 discriminant function • Function_3 = (-.5*((current_entry-mean_3)*inv(cov_3)*(current_entry-mean_3)'))-(.5*(log(det(cov_3))))+(log(.0025));%Table_0 discriminant function • Function_4 = (-.5*(current_entry-mean_4)*inv(cov_4)*(current_entry-mean_4)')-(.5*(log(det(cov_4))))+(log(.05));%Table_1 discriminant function • Function_5 = (-.5*((current_entry-mean_5)*inv(cov_5)*(current_entry-mean_5)'))-(.5*(log(det(cov_5))))+(log(.2));%Table_0 discriminant function • [C,I] = max([Function_1,Function_2,Function_3,Function_4,Function_5]); • Decision(i,1)= I; • end

  16. Results • Accuracy • Prior Probability

  17. Confusion Matrix 1-DOS 2- R2L 3- U2R 4- Probing 5- Normal Connection 1 2 3 4 5 1 2 3 4 5

  18. 1 2 3 4 5 1 2 3 4 5

  19. Error • Future Improvements

  20. References • [1]Mukherjee, B.; Heberlein, L.T.; Levitt, K.N.; , "Network intrusion detection," Network, IEEE , vol.8, no.3, pp.26-41, May-June 1994doi: 10.1109/65.283931URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=283931&isnumber=7023 • [2]Jain, A.K.; Duin, R.P.W.; Jianchang Mao; , "Statistical pattern recognition: a review," Pattern Analysis and Machine Intelligence, IEEE Transactions on , vol.22, no.1, pp.4-37, Jan 2000doi: 10.1109/34.824819URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=824819&isnumber=17859 • [3]Anonymous. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Chapter 15, pp. 359-362. Sams.net , 201 West 103rd Street, Indianapolis, IN, 46290. 1997. • [4] SimsonGarfinkel and Gene Spafford. Practical Unix & Internet Security. O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol CA, 95472, 2nd edition, April 1996. • [5]. N.p., n.d. Web. 10 Jul 2012. <http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/docs/attackDB.html • [6]Joyce, James, "Bayes' Theorem", The Stanford Encyclopedia of Philosophy (Fall 2008 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/fall2008/entries/bayes-theorem/>.

More Related