Zeal College of Engineering & Research, Pune

Department of Information Technology

Seminar Presentation on

“ Anomaly Detection :An integrated approach with multi-start metaheuristic

method ”

Presented By
Amit Patil

Guide
Amit Patil
 Contents
 Introduction
 LiteratureSurvey
 Motivation and Objectives
 Problem Statement
 Proposed Work
 Algorithms
 Mathematical Model
 Conclusion
 Future Scope
 References

2
 Introduction
 Write here introduction of your topic.

3
Introduction conti..
 Network Intrusion Detection System (NIDS)

 Types Of NIDS

 Metaheuristic Method

Fig. 1: Deployment of IDS on network [1]

4
 Literature Review
Name of the paper
Publisher Author Year objective Methodology Limitation

Science Direct Abadeh 2011 Design and analysis 1. To learn and Genetic Fuzzy 1.Need to improve
MS et al of design of genetic system is used. Genetic Fuzzy
[2] genetic fuzzy fuzzy system for System (GFS) for
systems for IDS. Highest quality rule.
intrusion detection
in computer
networks

IEEE Shingo 2011 An intrusion 1. Fuzzy set theory 1.fuzzy Class- 1. Need to extract
Mabu et Detection Model is used with GNP Association-Rule every time
al.[3 ] based on fuzzy to extract important Mining is used to important class
Class-Association- class association detect intrusions association rule.
Rule Mining Using rules in the network.
Genetic Network 2. DARPA98 and
Programming KDD Cup 99
(GNP) dataset is used
5
Publisher Author Year Name of the objective Methodology Limitation
paper

Science Shi-Jinn 2011 A novel intrusion 1.To study hierarchical 1. Support vector 1.Shows better
Direct Horng et detection system clustering. machine (SVM) performance in denial of
al .[4 ] based on 2. To study support based IDS is used. service, probe attack but
hierarchical vector machine. 2.hierarchical not best for U2R and R2L
clustering and 3. To study simple clustering method attack.
support vector feature selection is used
machines method. 3.KDD cup 99 data
set is used.

Science Gong M, 2012 An efficient 1.To study negative 1.Negative 1.Need optimization of
Direct Zhang J negative selection selection algorithm. selection algorithm generated detectors.
et al. [5] Algorithm with 2.To reduce self- is used to generate 2. Need to reduce detector
further training for samples to decrease self detectors to overlapping
anomaly detection. the computational cost cover self region.
in testing stage.

6
 Name of the
Publisher Author Year paper objective Methodology Limitation

Science direct Chung YY 2012 A hybrid network 1. To study 1. A hybrid intrusion 1. Rule pruning is used
et al [6] intrusion detection
traditional detection system with to remove non-relevant
System using
intrusion simplified swarm attribute.
simplified swarm detection optimization is used. 2. Need to find out
optimization (SSO).
methods like 2. Intelligent dynamic highest quality rule and
firewall, user swarm based rough set(IDS- keep improving quality
authentication RS) for feature selection is of rules.
and data used. 3.Focus on detection
encryption. 3. KDD cup 99 data set accuracy but not on
2.To study used. detector generation
simplified
swarm
optimization
techniques.
Academy Mario H. 2013 Anomaly Detection To study Digital 1.K-harmonic means 1.Focused on true
Publisher A.C. Using Signature of combined with Firefly positive (TP) and false
Adaniya et Metaheuristic Network algorithm ,called as Firefly positive rate (FPR).
al. [7 ] Firefly Harmonic Segment Harmonic Clustering 2. Need to combine
Clustering (DSNS) to (FHCA) FHCA with other
model traffic technique to improve TP
behavior pattern and FPR.
7
 Name of the paper
Publisher Author Year objective Methodology Limitation

Science Direct ShameliS 2012 Real 1.To study 1.Hidden markov model Need to know
endi A et time intrusion response system is used for interaction how to update
al [8] prediction based on 2. To study between attackers and Alert Severity
optimized alerts with hidden markov networks based on
hidden model. 2.Experimental results prediction
Markov model. are on Lincoln result.
Laboratory 2000
data set and DARPA
2000

Science Direct Tamer F. 2014 A Hybrid approach 1. To study Multi-start metaheuristic Need to select
Ghanem for efficient anomaly Network- method is used for parameters like
et al. [9 ] detection using based detector generation radius limit ,
metaheuristic anomaly along with negative multiple start
method detection selection algorithm and points
method using K-mean clustering automatically
metaheuristic in used training
method dataset to
increase 8
Motivation
 The existing research pays more attention towards detection accuracy and false positive rates

 But very few researcher pays attention for the number of generated detectors and its generation
time with different training data set

 The most of Intrusion Detection System works with KDD Cup 99 dataset. But in our proposed
system ,NSL-KDD dataset is used which is modified version of KDD Cup 99 dataset.

 The proposed Anomaly Network Intrusion Detection System (ANIDS) gives detection accuracy,
false alarms and also detector generation time using metaheuristic method

9
Objectives
• To study existing Network Intrusion Detection Systems(NIDSs) and types of NIDSs.

• To study current metaheuristic systems i.e. multi-start metaheuristic method for detector generation,
Genetic algorithm for solution space optimization and negative selection algorithm.

 To analyse the experimental results of current multi-start metaheuristic anomaly detection system.
 To propose systems for network anomaly detection using metaheuristic, genetic algorithm, negative
selection algorithm and enhancement in clustering technique to reduce detector generation time and
also to increase its adaptability and flexibility with studied parameter value selected automatically
according to the used training dataset.
 To compare the experimental results of existing methodology with proposed systems for network
anomaly detection.

10
 Problem Statement
 The IDS has been studied extensively in last two decades. However, most existing IDS detects
limited number of attack types and gives a huge number of false alarms. The big challenge for
IDS is that minimization of false alerts and maximize detection accuracy. Thus to address these
issues, Proposed a novel integrated approach for network anomaly detection using metaheuristic,
genetic algorithm, negative selection algorithm and enhancement in clustering technique in order
to minimize false positive rate and detector generation time and maximize anomaly detection
accuracy.

11
Proposed System

12
Algorithms

13
Design

14
Mathematical Model

15
Conclusion

16
References
1. D. Radev, H. Jing, M. Sty, and D. Tam, “Centroid-based summarization of multiple documents,” Inf. Process.
Manage., vol. 40, no. 6, , 2004, pp. 919-938.
2. Li Zheng, Lei Li, Wenxing Hong, Tao Li, “PENETRATE: Personalized news recommendation using ensemble
hierarchical clustering,” in Proc. Elsevier, 2013, pp.2127-2136.
3. Jiwei Li, Sujian Li, “A Novel Feature-based Bayesian Model for Query Focused Multi-document Summarization,” in
Proc. ACL, 2013, pp. 89-98.
4. Jingxuan Li · Lei Li · Tao Li, “Multi-document summarization via submodularity” ,Springer,2012.
5. Yulong Pei, Wenpeng Yin, and Lian’en Huang, “Generic Multi-Document Summarization Using Topic-Oriented
Information ” ,SPRINGER ,2012,pp.435-446.
6. Y. Gong and X. Liu, “Generic text summarization using relevance measure and latent semantic analysis,” in Proc.
SIGIR, 2011, pp. 19–25.
7. L. Li, D. Wang, C. Shen, and T. Li, “Ontology-enriched multi-document summarization in disaster management,” in
Proc. SIGIR, 2011, pp. 819–820.
8. H. Saggion, K. Bontcheva, and H. Cunningham, “Robust generic and query-based summarization,” in Proc. ECAL,
2003, pp. 235–238. 08, pp. 763-772.
9. J. Tang, L. Yao, and D. Chen, “Multi-topic based query-oriented summarization,” in Proc. SDM, 2009

17
References
10. D. Radev, H. Jing, M. Sty, and D. Tam, “Centroid-based summarization of multiple documents,” Inf. Process.
Manage., vol. 40, no. 6, ,2004, pp. 919-938.
11. Li Zheng, Lei Li, Wenxing Hong, Tao Li, “PENETRATE: Personalized news recommendation using ensemble
hierarchical clustering,” in Proc. Elsevier, 2013, pp.2127-2136.
12. Jiwei Li, Sujian Li, “A Novel Feature-based Bayesian Model for Query Focused Multi-document Summarization,” in
Proc. ACL, 2013, pp. 89-98.
13. Jingxuan Li · Lei Li · Tao Li, “Multi-document summarization via submodularity” ,SPRINGER ,2012.
14. Yulong Pei, Wenpeng Yin, and Lian’en Huang, “Generic Multi-Document Summarization Using Topic-Oriented
Information ” ,SPRINGER ,2012,pp.435-446.
15. Y. Gong and X. Liu, “Generic text summarization using relevance measure and latent semantic analysis,” in Proc.
SIGIR, 2011, pp. 19–25.
16. L. Li, D. Wang, C. Shen, and T. Li, “Ontology-enriched multi-document summarization in disaster management,” in
Proc. SIGIR, 2011, pp. 819–820.
17. H. Saggion, K. Bontcheva, and H. Cunningham, “Robust generic and query-based summarization,” in Proc. ECAL,
2003, pp. 235–238. 08, pp. 763-772.
18. J. Tang, L. Yao, and D. Chen, “Multi-topic based query-oriented summarization,” in Proc. SDM, 2009

18
THANK YOU!

19