Misfeasors Classification and Detection Models Using Machine Learning Techniques/ (Record no. 9186)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 04072nam a22002537a 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 211216b2010 |||a|||f mb|| 00| 0 eng d |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | EG-CaNU |
| Transcribing agency | EG-CaNU |
| 041 0# - Language Code | |
| Language code of text | eng |
| Language code of abstract | eng |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 658 |
| 100 0# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Nesrine Sameh Said |
| 245 1# - TITLE STATEMENT | |
| Title | Misfeasors Classification and Detection Models Using Machine Learning Techniques/ |
| Statement of responsibility, etc. | Nesrine Sameh Said |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Date of publication, distribution, etc. | 2010 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 94 p. |
| Other physical details | ill. |
| Dimensions | 21 cm. |
| 500 ## - GENERAL NOTE | |
| Materials specified | Supervisor: Neamat El-Gayyar |
| 502 ## - Dissertation Note | |
| Dissertation type | Thesis (M.A.)—Nile University, Egypt, 2010 . |
| 504 ## - Bibliography | |
| Bibliography | "Includes bibliographical references" |
| 505 0# - Contents | |
| Formatted contents note | Contents:CONTENT PAGE<br/> <br/>Acknowledgments i<br/>List of Tables iv<br/>List of Figures vi<br/>List of Abbreviations vii<br/>Abstract viii<br/><br/>CHAPTER 1: INTRODUCTION 1<br/>1.1 BACKGROUND 3<br/>1.2 MOTIVATION 7<br/>1.3 PROBLEM FORMULATION 9<br/>1.4 OBJECTIVES AND CONTRIBUTIONS 10<br/>1.5 THESIS OUTLINE 11<br/>CHAPTER 2: MISFEASORS AND MACHINE LEARNING: STATE OF THE ART 12<br/>2.1 MISFEASORS 12<br/>2.2 MISFEASORS AND MACHINE LEARNING 14<br/>2.3 IP SPOOFING DETECTION 16<br/>2.3.1 Arpwatch 16<br/>2.3.3 ARPDefender 18<br/>2.3.4 XArp 18<br/>2.3.5 ArpON 2.0 20<br/>2.3.6 Cisco ASA 5500 Firewall 20<br/>2.3.7 Sygate Personal Firewall 5.0 21<br/>2.3.8 NetScreen 21<br/>CHAPTER 3: MISFEASORS 23<br/>3.1. TYPES 23<br/>3.2. MOTIVES 25<br/>3.3. FEATURES AND ATTACKS 27<br/>3.4. DEFENSIVE MEASURES AGAINST MISFEASORS 31<br/>CHAPTER 4: MACHINE LEARNING 33<br/>4.1. DEFINITION 33<br/>4.2. ADVANTAGES 35<br/>4.3. CLASSIFIERS 37<br/>4.3.1. Naive Bayes Classifier 37<br/>4.3.2. Decision Trees Classifiers 38<br/>4.4. PERFORMANCE MEASURES 40<br/>CHAPTER 5: PROPOSED CLASSIFICATION MODELS 42<br/>5.1. ENHANCING FEATURES USING THE MAC ADDRESS 42<br/>5.2. PROPOSED CLASSIFICATION MODELS 50<br/>5.2.1. The Rule Based Model (Model A) 50<br/>5.2.2. The Hierarchical Classification Model (Model B) 52<br/>5.2.3. The Composite Feature Model (Model C) 54<br/>5.3. EVALUATING CLASSIFIERS PERFORMANCE 55<br/>CHAPTER 6: DATA, EXPERIMENTS AND RESULTS 59<br/>6.1. DATA 59<br/>6.1.1. DARPA1998 Dataset 59<br/>6.1.2. DARPA1999 Dataset 61<br/>6.2. EXPERIMENTS 64<br/>6.2.1. Evaluation Measures 64<br/>6.2.2. Training Data 65<br/>6.3. Results 81<br/>CHAPTER 7: SUMMARY AND FUTURE WORK 89<br/>REFERENCES 92<br/> |
| 520 3# - Abstract | |
| Abstract | Abstract:<br/>Misfeasors (or insiders) are considered among the most difficult intruders to detect due to their knowledge and authorization within the organization. Machine learning techniques have been widely used for intrusion detection but only little work has addressed the use of machine learning for detecting and classifying different types of insiders. The aim of this study is to exploit different recognition models for misfeasors detection by adding the Mac address as a feature in classification. Three different recognition models (a Rule Based Model, a Hierarchical Classification Model and a Composite Feature Model) are proposed. The models differ mainly in the amount of prior knowledge required for the problem and hence how training data is used to construct the models. The Rule Based Model uses explicit domain classification rules given by expert to detect insiders. The Hierarchical Classification Model uses some domain specific knowledge to manufacture the training data in order to construct the hierarchy in the recognition model. The Composite Feature Model on the other hand attempts to discover classification rules directly from the training data without any prior knowledge. All three proposed classification models are tested on two benchmark data sets and are evaluated using different performance measures. Results for the different models are presented and compared for several classification techniques. Experiments reveal that using machine learning at different levels in the proposed models yields a good approximation for the classification rules for the problem of misfeasor detection. |
| 546 ## - Language Note | |
| Language Note | Text in English, abstracts in English. |
| 650 #4 - Subject | |
| Subject | Information Security |
| 655 #7 - Index Term-Genre/Form | |
| Source of term | NULIB |
| focus term | Dissertation, Academic |
| 690 ## - Subject | |
| School | Information Security |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Dewey Decimal Classification |
| Koha item type | Thesis |
| 650 #4 - Subject | |
| -- | 294 |
| 655 #7 - Index Term-Genre/Form | |
| -- | 187 |
| 690 ## - Subject | |
| -- | 294 |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Home library | Current library | Date acquired | Total Checkouts | Full call number | Date last seen | Price effective from | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dewey Decimal Classification | Main library | Main library | 12/16/2021 | 658/ N.S.M 2010 | 12/16/2021 | 12/16/2021 | Thesis |