cyber intrusion detection algorithm based on bayes’ theorem stephanie steren-ruta- west high...
TRANSCRIPT
Cyber Intrusion Detection Algorithm Based on Bayes’ Theorem
Stephanie Steren-Ruta- West High School ‘12Syeda Faiza Islam- Farragut High School ‘15
Young Scholars ProgramJuly 17, 2012
Knoxville, Tennessee
06-3
•http://www.youtube.com/watch?v=P0xfRhM1Jp8
Terms
•Intrusion Detection
•Pattern recognition
•Bayes Theorem
•Maximum a-posterior probability (MAP)
Intrusion Detection
•identify unauthorized use, misuse and
abuse of computer systems by both
system insiders and external predators.
Pattern Recognition
•identifying the patterns in a set of data
and classifying and categorizing it
06-7
Maximum a-posterior probability (MAP)
•Assigning to the sample of interest the
membership based on which the sample
has the highest a-posterior probability.
Analysis of Data
• Have a training data and testing data that have results.
• Take the training and separate into the different categories
• Acquire the covariance and mean
• Make a loop that tests all categories with the discriminant
function
• Check for accuracy
• Change prior-probability until acquiring most accurate result
Code• for i=1:length(test_data);• current_entry = test_data(i,:);
• Function_1 = (-.5*((current_entry-mean_1)*inv(cov_1)*(current_entry-mean_1)'))-(.5*(log(det(cov_1))))+(log(.7));%Table_0 discriminant function
• Function_2 = (-.5*(current_entry-mean_2)*inv(cov_2)*(current_entry-mean_2)')-(.5*(log(det(cov_2))))+(log(.0025));%Table_1 discriminant function
• Function_3 = (-.5*((current_entry-mean_3)*inv(cov_3)*(current_entry-mean_3)'))-(.5*(log(det(cov_3))))+(log(.0025));%Table_0 discriminant function
• Function_4 = (-.5*(current_entry-mean_4)*inv(cov_4)*(current_entry-mean_4)')-(.5*(log(det(cov_4))))+(log(.05));%Table_1 discriminant function
• Function_5 = (-.5*((current_entry-mean_5)*inv(cov_5)*(current_entry-mean_5)'))-(.5*(log(det(cov_5))))+(log(.2));%Table_0 discriminant function
• [C,I] = max([Function_1,Function_2,Function_3,Function_4,Function_5]);• Decision(i,1)= I;• end
References• [1]Mukherjee, B.; Heberlein, L.T.; Levitt, K.N.; , "Network intrusion detection," Network,
IEEE , vol.8, no.3, pp.26-41, May-June 1994doi: 10.1109/65.283931URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=283931&isnumber=7023
• [2]Jain, A.K.; Duin, R.P.W.; Jianchang Mao; , "Statistical pattern recognition: a review," Pattern Analysis and Machine Intelligence, IEEE Transactions on , vol.22, no.1, pp.4-37, Jan 2000doi: 10.1109/34.824819URL: http://ieeexplore.ieee.org.proxy.lib.utk.edu:90/stamp/stamp.jsp?tp=&arnumber=824819&isnumber=17859
• [3]Anonymous. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Chapter 15, pp. 359-362. Sams.net , 201 West 103rd Street, Indianapolis, IN, 46290. 1997.
• [4] Simson Garfinkel and Gene Spafford. Practical Unix & Internet Security. O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol CA, 95472, 2nd edition, April 1996.
• [5]. N.p., n.d. Web. 10 Jul 2012. <http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/docs/attackDB.html
• [6]Joyce, James, "Bayes' Theorem", The Stanford Encyclopedia of Philosophy (Fall 2008 Edition), Edward N. Zalta (ed.), URL = <http://plato.stanford.edu/archives/fall2008/entries/bayes-theorem/>.