Emna Bahri - Academia.edu (original) (raw)
Papers by Emna Bahri
psrcentre.org
Recently, information security has become a key issue in information technology as the number of ... more Recently, information security has become a key issue in information technology as the number of computer security breaches are exposed to an increasing number of security threats. A variety of intrusion detection systems (IDS) have been employed for protecting computers and networks from malicious network-based or host-based attacks by using traditional statistical methods to new data mining approaches in last decades. In effect, the detection of the anomalies in the data-processing networks is regarded as one problem of data classification where the use of the data mining techniques and machine learning. In this paper, we present a new method performing the intrusion detection system. This approach, called MCSAS, is based on a multiple classifier System that uses an adaptive strategy for intrusion detection. The adaptive strategy is inspired from Boosting, an ensemble method that distinguishes attacks from normal behaviors and identifies different types of intrusions. The experimental results, conducted on the KDD99 dataset, prove that our proposed solution approach outperforms several state-of-the-art methods, particularly indetecting rare attack types.
et gestion des connaissances: EGC'2008, 2008
… Intelligence Research Society Conference. AAAI Press …, 2009
Mining Complex Data, 2009
To reduce error in generalization, a great number of work is carried out on the classifiers aggre... more To reduce error in generalization, a great number of work is carried out on the classifiers aggregation methods in order to improve generally, by voting techniques, the performance of a single classifier. Among these methods of aggregation, we find the Boosting which is most practical thanks to the adaptive update of the distribution of the examples aiming at increasing in an exponential way the weight of the badly classified examples. However, this method is blamed because of overfitting, and the convergence speed especially with noise. In this study, we propose a new approach and modifications carried out on the algorithm of AdaBoost. We will demonstrate that it is possible to improve the performance of the Boosting, by exploiting assumptions generated with the former iterations to correct the weights of the examples. An experimental study shows the interest of this new approach, called hybrid approach.
… Intelligence in Security for Information Systems, 2011
This study introduces a new method based on Greedy-Boost, a multiple classifier system, for bette... more This study introduces a new method based on Greedy-Boost, a multiple classifier system, for better and faster intrusion detection. Detection of the anomalies in the data-processing networks is regarded as a problem of data classification allowing to use data mining and machine learning techniques to perform intrusion detection. With such automatic processing procedures, human expertise only focuses on a small set of potential anomalies which may result in important time savings and efficiency. In order to be scalable and efficient, these kinds of approaches must respect important requirements. The first is to obtain a high level of precision, that is to be able to detect a maximum of anomalies with a minimum of false alarms. The second is to detect potential anomalies as fast as possible. We propose Greedy-Boost, a new approach of boosting which is based on an adaptive combination of multiple classifiers to perform the precision of the detection. This approach uses an aspect of smooth that ensures stability of the classifier system and offers speed of detection. The experimental results, conducted on the KDD99 dataset, prove that our proposed approach outperforms several state-of-the-art methods, particularly in detecting rare attack types.
Mining Complex Data, 2008
The error reduction in generalization is one of the principal motivations of research in machine ... more The error reduction in generalization is one of the principal motivations of research in machine learning. Thus, a great number of work is carried out on the classifiers aggregation methods in order to improve generally, by voting techniques, the performance of a single classifier. Among these methods of aggregation, we find the Boosting which is most practical thanks to the adaptive update of the distribution of the examples aiming at increasing in an exponential way the weight of the badly classified examples. However, this method is blamed because of overfitting, and the convergence speed especially with noise. In this study, we propose a new approach and modifications carried out on the algorithm of AdaBoost. We will demonstrate that it is possible to improve the performance of the Boosting, by exploiting assumptions generated with the former iterations to correct the weights of the examples. An experimental study shows the interest of this new approach, called hybrid approach.
World Academy of …, 2010
Recently, information security has become a key issue in information technology as the number of ... more Recently, information security has become a key issue in information technology as the number of computer security breaches are exposed to an increasing number of security threats. A variety of intrusion detection systems (IDS) have been employed for protecting computers and networks from malicious network-based or host-based attacks by using traditional statistical methods to new data mining approaches in last decades. However, today's commercially available intrusion detection systems are signature-based that are not capable of detecting unknown attacks. In this paper, we present a new learning algorithm for anomaly based network intrusion detection system using decision tree algorithm that distinguishes attacks from normal behaviors and identifies different types of intrusions. Experimental results on the KDD99 benchmark network intrusion detection dataset demonstrate that the proposed learning algorithm achieved 98% detection rate (DR) in comparison with other existing methods.
… Learning and Applications, 2009. ICMLA'09 …, 2009
Associative classification presents various methods whose common characteristic is the class pred... more Associative classification presents various methods whose common characteristic is the class prediction from the class association rules (rules whose consequent one is one of the class modalities). According to and, this new approach offers better results than the traditional approaches based on rules such as the decision trees. It also offers a great flexibility with the unstructured data. However, this
psrcentre.org
Recently, information security has become a key issue in information technology as the number of ... more Recently, information security has become a key issue in information technology as the number of computer security breaches are exposed to an increasing number of security threats. A variety of intrusion detection systems (IDS) have been employed for protecting computers and networks from malicious network-based or host-based attacks by using traditional statistical methods to new data mining approaches in last decades. In effect, the detection of the anomalies in the data-processing networks is regarded as one problem of data classification where the use of the data mining techniques and machine learning. In this paper, we present a new method performing the intrusion detection system. This approach, called MCSAS, is based on a multiple classifier System that uses an adaptive strategy for intrusion detection. The adaptive strategy is inspired from Boosting, an ensemble method that distinguishes attacks from normal behaviors and identifies different types of intrusions. The experimental results, conducted on the KDD99 dataset, prove that our proposed solution approach outperforms several state-of-the-art methods, particularly indetecting rare attack types.
et gestion des connaissances: EGC'2008, 2008
… Intelligence Research Society Conference. AAAI Press …, 2009
Mining Complex Data, 2009
To reduce error in generalization, a great number of work is carried out on the classifiers aggre... more To reduce error in generalization, a great number of work is carried out on the classifiers aggregation methods in order to improve generally, by voting techniques, the performance of a single classifier. Among these methods of aggregation, we find the Boosting which is most practical thanks to the adaptive update of the distribution of the examples aiming at increasing in an exponential way the weight of the badly classified examples. However, this method is blamed because of overfitting, and the convergence speed especially with noise. In this study, we propose a new approach and modifications carried out on the algorithm of AdaBoost. We will demonstrate that it is possible to improve the performance of the Boosting, by exploiting assumptions generated with the former iterations to correct the weights of the examples. An experimental study shows the interest of this new approach, called hybrid approach.
… Intelligence in Security for Information Systems, 2011
This study introduces a new method based on Greedy-Boost, a multiple classifier system, for bette... more This study introduces a new method based on Greedy-Boost, a multiple classifier system, for better and faster intrusion detection. Detection of the anomalies in the data-processing networks is regarded as a problem of data classification allowing to use data mining and machine learning techniques to perform intrusion detection. With such automatic processing procedures, human expertise only focuses on a small set of potential anomalies which may result in important time savings and efficiency. In order to be scalable and efficient, these kinds of approaches must respect important requirements. The first is to obtain a high level of precision, that is to be able to detect a maximum of anomalies with a minimum of false alarms. The second is to detect potential anomalies as fast as possible. We propose Greedy-Boost, a new approach of boosting which is based on an adaptive combination of multiple classifiers to perform the precision of the detection. This approach uses an aspect of smooth that ensures stability of the classifier system and offers speed of detection. The experimental results, conducted on the KDD99 dataset, prove that our proposed approach outperforms several state-of-the-art methods, particularly in detecting rare attack types.
Mining Complex Data, 2008
The error reduction in generalization is one of the principal motivations of research in machine ... more The error reduction in generalization is one of the principal motivations of research in machine learning. Thus, a great number of work is carried out on the classifiers aggregation methods in order to improve generally, by voting techniques, the performance of a single classifier. Among these methods of aggregation, we find the Boosting which is most practical thanks to the adaptive update of the distribution of the examples aiming at increasing in an exponential way the weight of the badly classified examples. However, this method is blamed because of overfitting, and the convergence speed especially with noise. In this study, we propose a new approach and modifications carried out on the algorithm of AdaBoost. We will demonstrate that it is possible to improve the performance of the Boosting, by exploiting assumptions generated with the former iterations to correct the weights of the examples. An experimental study shows the interest of this new approach, called hybrid approach.
World Academy of …, 2010
Recently, information security has become a key issue in information technology as the number of ... more Recently, information security has become a key issue in information technology as the number of computer security breaches are exposed to an increasing number of security threats. A variety of intrusion detection systems (IDS) have been employed for protecting computers and networks from malicious network-based or host-based attacks by using traditional statistical methods to new data mining approaches in last decades. However, today's commercially available intrusion detection systems are signature-based that are not capable of detecting unknown attacks. In this paper, we present a new learning algorithm for anomaly based network intrusion detection system using decision tree algorithm that distinguishes attacks from normal behaviors and identifies different types of intrusions. Experimental results on the KDD99 benchmark network intrusion detection dataset demonstrate that the proposed learning algorithm achieved 98% detection rate (DR) in comparison with other existing methods.
… Learning and Applications, 2009. ICMLA'09 …, 2009
Associative classification presents various methods whose common characteristic is the class pred... more Associative classification presents various methods whose common characteristic is the class prediction from the class association rules (rules whose consequent one is one of the class modalities). According to and, this new approach offers better results than the traditional approaches based on rules such as the decision trees. It also offers a great flexibility with the unstructured data. However, this