James Cannady

• Group Leader at Georgia Institute of Technology

Intrusion detection has focused primarily on detecting cyberattacks at the event-level. Since there is such a large volume of network data and attacks are minimal, machine learning approaches have focused on improving accuracy and reducing false positives, but this has frequently resulted in overfitting. In addition, the volume of intrusion detecti...

Network intrusion detection systems are widely deployed to detect cyberattacks against computer networks. These systems generate large numbers of security alerts that require manual review by security analysts to determine the appropriate courses of action required. The review of these security alerts is time consuming and can cause fatigue for sec...

Feature importance is the process where the individual elements of a machine learning model's feature vector are ranked on their relative importance to the accuracy of that model. Some feature ranking algorithms are specific to a single model type, such as Garson and Goh's neural network weight-based feature ranking algorithm. Other feature ranking...

In telecommunication networks, the user attribution problem refers to the challenge faced in recognizing communication traffic as belonging to a given user when information needed to identify the user is missing. This problem becomes more difficult to tackle as users move across many mobile networks (complex networks) owned and operated by differen...

The use of self-organizing maps in intrusion detection has not been practical for attack analysis as a result of the computational processing time required for large volumes of data. Although previous research has addressed this problem through optimizing the algorithms used for self-organizing maps and through feature reduction, there is no existi...

The accurate detection of attacks in ad hoc computer networks is made significantly more difficult if the components of the attack sequence are distributed throughout the network data stream. Since current approaches to detecting network intrusions rely on associating individual network actions the temporal distribution of an attack throughout a ne...

Network Intrusion Detection Systems (NIDS) monitor internet traffic to detect malicious activities. Unfortunately, the amount of data that must be analyzed by NIDS is too large. Several feature selection and feature extraction techniques have been proposed to reduce the size of data. Few are focused on finding exactly by how much the dataset should...

Wireless sensor networks (WSN) and mobile ad hoc networks (MANET) are being increasingly deployed in critical applications due to the flexibility and extensibility of the technology. While these networks possess numerous advantages over traditional wireless systems in dynamic environments they are still vulnerable to many of the same types of host-...

This work investigates the use of Fast Flux Service Networks as an element of the host infrastructure for illegal scam transaction servers referenced in spam email. The goal of the research is to better understand the dynamics, distinguishing features, and potential vulnerabilities of these networks in order to blacklist, block, or otherwise mitiga...

Today's fast moving technologies create innovative ideas, products, and services, but they also bring with them new security risks. The gap between new technologies and the security needed to keep them from opening up new risks in information systems (ISs) can be difficult to close completely. Changes in ISs are inevitable because computing environ...

Digital steganography has been used extensively for electronic copyright stamping, but also for criminal or covert activities. While a variety of techniques exist for detecting steganography the identification of semagrams, messages transmitted visually in a non-textual format remain elusive. The work that will be presented describes the creation o...

This paper describes the latest results of a research program that is designed to enhance the security of wireless mobile ad hoc networks (MANET) by developing a distributed intrusion detection capability.The current approach uses learning vector quantization neural networks that have the ability to identify patterns of network attacks in a distrib...

Conducting risk assessment on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. Risk assessments may present inaccurate or false data if the organizational assets change in their security postures. Each asset can change its security status from secure...

This paper describes the latest results of a research program that is designed to enhance the security of wireless mobile ad hoc networks (MANET) by developing a distributed intrusion detection capability. The current approach uses learning vector quantization neural networks that have the ability to identify patterns of network attacks in a distri...

With the rapid advance in computer and network technology, computer-based electronic evidence has increasingly played an important role in the courtroom over the last decade. Computer forensics, a growing discipline rooted in forensic science and computer security technology, focuses on acquiring electronic evidence from computer systems to prosecu...

This study developed a composite risk score for anomaly intrusion detection based on the KDD-cup 1999 data, which demonstrated a high sensitivity, specificity and a low misclassification in detecting network attacks (0.90, 0.94, and 0.08, respectively). This score provides a statistically sound basis for developing a real time intrusion detection s...

In the last few years Nova Southeastern University (NSU) has embarked on the development of a comprehensive education and research program in information security. The university offers traditional and distance-learning graduate educational opportunities to information security professionals and those interested in pursuing careers in this critical...

This paper describes the initial results of a research program that is designed to enhance the security of wireless mobile ad hoc networks (MANET) by developing a distributed intrusion detection capability. Our approach uses self-organizing spiking neural networks that have the ability to establish connections across a widely distributed, and highl...

This paper describes the initial results of a research program that is designed to enhance the security of wireless mobile ad hoc networks (MANET) by developing a distributed intrusion detection capability. Our approach uses self-organizing spiking neural networks that have the ability to establish connections across a widely distributed, and highl...

To date, negative selection algorithms that possess evolutionary features, for example, the NSMutation algorithm, require the optimal value of their strategy parameters, e.g., the mutation rate and the detector lifetime indicator, to be tuned manually. The labor required for this is too time consuming and impractical when manual trial and error is...

Computer models of complex systems are generally unknown to those not closely related to their development The intricacies of complex models make them hard to understand and to modify. This paper describes three paradigm shifts enabled by modern technology that may eliminate the opacity issues in models of complex systems. The three paradigm shifts...

Not Available

Not Available

Intrusion Detection is one of the crucial real-time problems in the field of computer networking. With the changing technology and the exponential growth of Internet traffic, it is becoming difficult for any existing intrusion detection system to offer a reliable service. From earlier research, we have found that there exists a behavioral pattern i...

The detection of attacks against computer networks is becoming a harder problem to solve in the field of network security. The dexterity of the attackers, the developing technologies and the enormous growth of internet traffic have made it difficult for any existing intrusion detection system to offer a reliable service. However, a close examinatio...

Current approaches to intrusion detection have been demonstrated to be relatively effective in identifying network attacks that occur sequentially from a single source. Those that are distributed over an extended period of time are particularly difficult for current intrusion detection approaches to detect. Numerous forms of network attacks can be...

The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn...

The work represented here utilizes evolutionary computation to improve intrusion detection techniques. Many intrusion detection techniques incorporate expert systems (e.g., ASAX, IDES, NIDES, DIDS, Hyperview, JiNao). Problems associated with expert systems are in how the rules are defined and matched against potential intruders. Going outside the r...

Detecting intrusions falls into two categories: anomaly detection and misuse detection. The former refers to the detection of abnormal behavior in the use of network services and computing resources. Misuse detection, on the other hand, relies on the identification of “well defined patterns of attack that exploit” vulnerabilities in network and com...

While many techniques have been explored for detecting intrusive or abnormal behavior on computer systems, approaches that involve pattern matching, expert systems, and traditional neural networks require detectors to either be crafted by hand or trained upon examples of known intrusions. We argue that neural networks capable of unsupervised learni...

The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn...

The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn...

While many techniques have been explored for detecting intrusive or abnormal be- havior on computer systems, approaches that involve pattern matching, expert systems, and traditional neural networks require detectors to either be crafted by hand or trained upon examples of known intrusions. We argue that neural networks capable of unsuper- vised le...

Misuse detection is the process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder. Most current approaches to misuse detection involve the use of rule-based expert systems to identify indications of known attacks. However, these techniques are less successful in identify...

In recent years, a dramatic shift has occurred in the way computers are used. The advances in computer security have not kept pace with the phenomenal advances in computers and networking. This rapidly evolving information systems environment requires up-to-date information security curriculum. The speed in which the information systems environment...

Intrusion detection is a significant focus of research in the security of computer systems and networks. This paper presents an analysis of the progress being made in the development of effective intrusion detection systems for computer systems and distributed computer networks. The technologies which are discussed are designed to detect instances...

Misuse detection is the process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder. Most current approaches to misuse detection involve the use of rule-based expert systems to identify indications of known attacks. However, these techniques are less successful in identify...