cyber intrusion detection algorithm based on bayes’ theorem
DESCRIPTION
Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem. Stephanie Steren-Ruta - West High School ‘12 Syeda Faiza Islam- Farragut High School ‘15 Young Scholars Program July 17, 2012 Knoxville, Tennessee. The problem. Securing the Smart Grid Effective ways. - PowerPoint PPT PresentationTRANSCRIPT
Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem
Stephanie Steren-Ruta- West High School ‘12Syeda Faiza Islam- Farragut High School ‘15
Young Scholars ProgramJuly 17, 2012
Knoxville, Tennessee
The problem
•Securing the Smart Grid
▫Effective ways
06-3
•http://www.youtube.com/watch?v=P0xfRhM1Jp8
Terms
•Intrusion Detection
•Pattern recognition
•Bayes Theorem
•Maximum a-posterior probability (MAP)
Intrusion Detection
•identify unauthorized use, misuse and
abuse of computer systems by both
system insiders and external predators.
Types of Intrusions
•Denial of Service (DOS)
•Remote to Local (R2L)
•User to Root (U2R)
•Probing
Pattern Recognition
•identifying the patterns in a set of data
and classifying and categorizing it
06-7
Bayes' Theorem
•is a mathematical formula used for
calculating conditional probabilities
Maximum a-posterior probability (MAP)
•Assigning to the sample of interest the
membership based on which the sample
has the highest a-posterior probability.
Bayes' Theorem
Multivariate Gaussian Distribution
𝑃 (�⃑� )= 1
(2𝜋 ) 𝑑2|Σ|
12
𝑒𝑥𝑝(−12
( �⃑�−�⃑�)𝑡 Σ−1 ( �⃑�− �⃑�))
Discriminant Function
=ln
+ln[P(B)]
Analysis of Data
• Have a training data and testing data that have results.
• Take the training and separate into the different categories
• Acquire the covariance and mean
• Make a loop that tests all categories with the discriminant
function
• Check for accuracy
• Change prior-probability until acquiring most accurate result
Data Set
06-14
Code• for i=1:length(test_data);• current_entry = test_data(i,:);
• Function_1 = (-.5*((current_entry-mean_1)*inv(cov_1)*(current_entry-mean_1)'))-(.5*(log(det(cov_1))))+(log(.7));%Table_0 discriminant function
• Function_2 = (-.5*(current_entry-mean_2)*inv(cov_2)*(current_entry-mean_2)')-(.5*(log(det(cov_2))))+(log(.0025));%Table_1 discriminant function
• Function_3 = (-.5*((current_entry-mean_3)*inv(cov_3)*(current_entry-mean_3)'))-(.5*(log(det(cov_3))))+(log(.0025));%Table_0 discriminant function
• Function_4 = (-.5*(current_entry-mean_4)*inv(cov_4)*(current_entry-mean_4)')-(.5*(log(det(cov_4))))+(log(.05));%Table_1 discriminant function
• Function_5 = (-.5*((current_entry-mean_5)*inv(cov_5)*(current_entry-mean_5)'))-(.5*(log(det(cov_5))))+(log(.2));%Table_0 discriminant function
• [C,I] = max([Function_1,Function_2,Function_3,Function_4,Function_5]);• Decision(i,1)= I;• end
Results
•Accuracy
•Prior Probability
Confusion Matrix
12345
1 2 3 4 5
1-DOS2- R2L3- U2R4- Probing5- Normal Connection
12345
1 2 3 4 5
•Error
•Future Improvements
References• [1]Mukherjee, B.; Heberlein, L.T.; Levitt, K.N.; , "Network intrusion detection," Network,
IEEE , vol.8, no.3, pp.26-41, May-June 1994doi: 10.1109/65.283931URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=283931&isnumber=7023
• [2]Jain, A.K.; Duin, R.P.W.; Jianchang Mao; , "Statistical pattern recognition: a review," Pattern Analysis and Machine Intelligence, IEEE Transactions on , vol.22, no.1, pp.4-37, Jan 2000doi: 10.1109/34.824819URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=824819&isnumber=17859
• [3]Anonymous. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Chapter 15, pp. 359-362. Sams.net , 201 West 103rd Street, Indianapolis, IN, 46290. 1997.
• [4] Simson Garfinkel and Gene Spafford. Practical Unix & Internet Security. O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol CA, 95472, 2nd edition, April 1996.
• [5]. N.p., n.d. Web. 10 Jul 2012. <http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/docs/attackDB.html
• [6]Joyce, James, "Bayes' Theorem", The Stanford Encyclopedia of Philosophy (Fall 2008 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/fall2008/entries/bayes-theorem/>.