• Title/Summary/Keyword: False Positive data

Search Result 241, Processing Time 0.02 seconds

Behavior based Routing Misbehavior Detection in Wireless Sensor Networks

  • Terence, Sebastian;Purushothaman, Geethanjali
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.11
    • /
    • pp.5354-5369
    • /
    • 2019
  • Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

Interval Estimation of Population Proportion in a Double Sampling Scheme (이중표본에서 모비율의 구간추정)

  • Lee, Seung-Chun;Choi, Byong-Su
    • The Korean Journal of Applied Statistics
    • /
    • v.22 no.6
    • /
    • pp.1289-1300
    • /
    • 2009
  • The double sampling scheme is effective in reducing the sampling cost. However, the doubly sampled data is contaminated by two types of error, namely false-positive and false-negative errors. These would make the statistical analysis more difficult, and it would require more sophisticate analysis tools. For instance, the Wald method for the interval estimation of a proportion would not work well. In fact, it is well known that the Wald confidence interval behaves very poorly in many sampling schemes. In this note, the property of the Wald interval is investigated in terms of the coverage probability and the expected width. An alternative confidence interval based on the Agresti-Coull's approach is recommended.

Coward Analysis based Spam SMS Detection Scheme (동시출현 단어분석 기반 스팸 문자 탐지 기법)

  • Oh, Hayoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.693-700
    • /
    • 2016
  • Analyzing characteristics of spam text messages had limitations since spam datasets are typically difficult to obtain publicly and previous studies focused on spam email. Although existing studies, such as through the use of spam e-mail characterization and utilization of data mining techniques, there are limitations that influence is limited to high spam detection techniques using a single word character. In this paper, we reveal the characteristics of the spam SMS based on experiment and analysis from different perspectives and propose coward analysis based spam SMS detection scheme with a publicly disclosed spam SMS from the University of Singapore. With the extensive performance evaluations, we show false positive and false negative of the proposed method is less than 2%.

Intrusion Detection System for In-Vehicle Network to Improve Detection Performance Considering Attack Counts and Attack Types (공격 횟수와 공격 유형을 고려하여 탐지 성능을 개선한 차량 내 네트워크의 침입 탐지 시스템)

  • Hyunchul, Im;Donghyeon, Lee;Seongsoo, Lee
    • Journal of IKEEE
    • /
    • v.26 no.4
    • /
    • pp.622-627
    • /
    • 2022
  • This paper proposes an intrusion detection system for in-vehicle network to improve detection performance considering attack counts and attack types. In intrusion detection system, both FNR (False Negative Rate), where intrusion frame is misjudged as normal frame, and FPR (False Positive Rate), where normal frame is misjudged as intrusion frame, seriously affect vechicle safety. This paper proposes a novel intrusion detection algorithm to improve both FNR and FPR, where data frame previously detected as intrusion above certain attack counts is automatically detected as intrusion and the automatic intrusion detection method is adaptively applied according to attack types. From the simulation results, the propsoed method effectively improve both FNR and FPR in DoS(Denial of Service) attack and spoofing attack.

Design of Hybrid Network Probe Intrusion Detector using FCM

  • Kim, Chang-Su;Lee, Se-Yul
    • Journal of information and communication convergence engineering
    • /
    • v.7 no.1
    • /
    • pp.7-12
    • /
    • 2009
  • The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

Techniques for Improving Host-based Anomaly Detection Performance using Attack Event Types and Occurrence Frequencies

  • Juyeon Lee;Daeseon Choi;Seung-Hyun Kim
    • Journal of the Korea Society of Computer and Information
    • /
    • v.28 no.11
    • /
    • pp.89-101
    • /
    • 2023
  • In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

Data Mining based Classification Model for False Alarm rate reducing of IDS (IDS의 False Alarm 발생율 감소를 위한 데이터 마이닝 기반의 분류모델)

  • 전원용;신문선;김은희;류근호
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2004.04a
    • /
    • pp.247-249
    • /
    • 2004
  • IDS에서 발생되는 경보의 수는 최근 인터넷 애플리케이션의 발달로 인하여 급격히 증가하고 있으며. 그로 인해 오 경보의 수도 함께 증가하고 있다. 발생된 경보들은 침입탐지 시스템의 성능저하와 alert flooding 의 원인이 된다. 따라서 이 논문에서는 다량의 경보 중에서 오 경보(False Alarm)의 발생을 감소시킬 수 있는 오 경보 분류 모델을 제안한다. 제안된 오 경보 분류 모델은 데이터 마이닝 기법들 중에서 분류 기법을 기반으로 구현되었다. 실험 을 통해서 IDS에서 발생하는 경보 중에서 정상데이터이나 공격으로 잘못 판단하여 발생하는 False Positive의 발생율이 현저히 감소됨을 확인할 수 있었다. 제안된 오 경보 분류 모델은 경보메시지 축약의 효과가 있으며 침입탐지 시스템의 탐지율을 높이는데 활용될 수 있다.

  • PDF

Learning Method for minimize false positive in IDS (침입탐지시스템에서 긍정적 결함을 최소화하기 위한 학습 방법)

  • 정종근;김철원
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.7 no.5
    • /
    • pp.978-985
    • /
    • 2003
  • The implementation of abnormal behavior detection IDS is more difficult than the implementation of misuse behavior detection IDS because usage patterns are various. Therefore, most of commercial IDS is misuse behavior detection IDS. However, misuse behavior detection IDS cannot detect system intrusion in case of modified intrusion patterns occurs. In this paper, we apply data mining so as to detect intrusion with only audit data related in intrusion among many audit data. The agent in the distributed IDS can collect log data as well as monitoring target system. False positive should be minimized in order to make detection accuracy high, that is, core of intrusion detection system. So We apply data mining algorithm for prediction of modified intrusion pattern in the level of audit data learning.

A novel watermarking scheme for authenticating individual data integrity of WSNs

  • Guangyong Gao;Min Wang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.3
    • /
    • pp.938-957
    • /
    • 2023
  • The limited computing power of sensor nodes in wireless sensor networks (WSNs) and data tampering during wireless transmission are two important issues. In this paper, we propose a scheme for independent individual authentication of WSNs data based on digital watermarking technology. Digital watermarking suits well for WSNs, owing to its lower computational cost. The proposed scheme uses independent individual to generate a digital watermark and embeds the watermark in current data item. Moreover, a sink node extracts the watermark in single data and compares it with the generated watermark, thereby achieving integrity verification of data. Inherently, individual validation differs from the grouping-level validation, and avoids the lack of grouping robustness. The improved performance of individual integrity verification based on proposed scheme is validated through experimental analysis. Lastly, compared to other state-of-the-art schemes, our proposed scheme significantly reduces the false negative rate by an average of 5%, the false positive rate by an average of 80% of data verification, and increases the correct verification rate by 50% on average.

Estimation of Gini-Simpson index for SNP data

  • Kang, Joonsung
    • Journal of the Korean Data and Information Science Society
    • /
    • v.28 no.6
    • /
    • pp.1557-1564
    • /
    • 2017
  • We take genomic sequences of high-dimensional low sample size (HDLSS) without ordering of response categories into account. When constructing an appropriate test statistics in this model, the classical multivariate analysis of variance (MANOVA) approach might not be useful owing to very large number of parameters and very small sample size. For these reasons, we present a pseudo marginal model based upon the Gini-Simpson index estimated via Bayesian approach. In view of small sample size, we consider the permutation distribution by every possible n! (equally likely) permutation of the joined sample observations across G groups of (sizes $n_1,{\ldots}n_G$). We simulate data and apply false discovery rate (FDR) and positive false discovery rate (pFDR) with associated proposed test statistics to the data. And we also analyze real SARS data and compute FDR and pFDR. FDR and pFDR procedure along with the associated test statistics for each gene control the FDR and pFDR respectively at any level ${\alpha}$ for the set of p-values by using the exact conditional permutation theory.