Artificial Intelligence and Data Mining Approaches in Security Frameworks E-Book

Table of Contents

Cover

Title Page

Copyright

Preface

1 Role of AI in Cyber Security

1.1 Introduction

1.2 Need for Artificial Intelligence

1.3 Artificial Intelligence in Cyber Security

1.4 Related Work

1.5 Proposed Work

1.6 Conclusion

References

2 Privacy Preserving Using Data Mining

2.1 Introduction

2.2 Data Mining Techniques and Their Role in Classification and Detection

2.3 Clustering

2.4 Privacy Preserving Data Mining (PPDM)

2.5 Intrusion Detection Systems (IDS)

2.6 Phishing Website Classification

2.7 Attacks by Mitigating Code Injection

2.8 Conclusion

References

3 Role of Artificial Intelligence in Cyber Security and Security Framework

3.1 Introduction

3.2 AI for Cyber Security

3.3 Uses of Artificial Intelligence in Cyber Security

3.4 The Role of AI in Cyber Security

3.5 AI Impacts on Cyber Security

3.6 The Positive Uses of AI Based for Cyber Security

3.7 Drawbacks and Restrictions of Using Computerized Reasoning For Digital Security

3.8 Solutions to Artificial Intelligence Confinements

3.9 Security Threats of Artificial Intelligence

3.10 Expanding Cyber Security Threats with Artificial Consciousness

3.11 Artificial Intelligence in Cybersecurity – Current Use-Cases and Capabilities

3.12 How to Improve Cyber Security for Artificial Intelligence

3.13 Conclusion

References

4 Botnet Detection Using Artificial Intelligence

4.1 Introduction to Botnet

4.2 Botnet Detection

4.3 Botnet Architecture

4.4 Detection of Botnet

4.5 Machine Learning

4.6 A Machine Learning Approach of Botnet Detection

4.7 Methods of Machine Learning Used in Botnet Exposure

4.8 Problems with Existing Botnet Detection Systems

4.9 Extensive Botnet Detection System (EBDS)

4.10 Conclusion

References

5 Spam Filtering Using AI

5.1 Introduction

5.2 Content-Based Spam Filtering Techniques

5.3 Machine Learning–Based Filtering

5.4 Performance Analysis

5.5 Conclusion

References

6 Artificial Intelligence in the Cyber Security Environment

6.1 Introduction

6.2 Digital Protection and Security Correspondences Arrangements

6.3 Black Tracking

6.4 Spark Cognition Deep Military

6.5 The Process of Detecting Threats

6.6 Vectra Cognito Networks

6.7 Conclusion

References

7 Privacy in Multi-Tenancy Frameworks Using AI

7.1 Introduction

7.2 Framework of Multi-Tenancy

7.3 Privacy and Security in Multi-Tenant Base System Using AI

7.4 Related Work

7.5 Conclusion

References

8 Biometric Facial Detection and Recognition Based on ILPB and SVM

8.1 Introduction

8.2 The Proposed Methodolgy

8.3 Experimental Results

8.4 Conclusion

References

9 Intelligent Robot for Automatic Detection of Defects in Pre-Stressed Multi-Strand Wires and Medical Gas Pipe Line System Using ANN and IoT

9.1 Introduction

9.2 Inspection System for Defect Detection

9.3 Defect Recognition Methodology

9.4 Health Care MGPS Inspection

9.5 Conclusion

References

10 Fuzzy Approach for Designing Security Framework

10.1 Introduction

10.2 Fuzzy Set

10.3 Planning for a Rule-Based Expert System for Cyber Security

10.4 Digital Security

10.5 Improvement of Cyber Security System (Advance)

10.6 Conclusions

References

11 Threat Analysis Using Data Mining Technique

11.1 Introduction

11.2 Related Work

11.3 Data Mining Methods in Favor of Cyber-Attack Detection

11.4 Process of Cyber-Attack Detection Based on Data Mining

11.5 Conclusion

References

12 Intrusion Detection Using Data Mining

12.1 Introduction

12.2 Essential Concept

12.3 Detection Program

12.4 Decision Tree

12.5 Data Mining Model for Detecting the Attacks

12.6 Conclusion

References

13 A Maize Crop Yield Optimization and Healthcare Monitoring Framework Using Firefly Algorithm through IoT

13.1 Introduction

13.2 Literature Survey

13.3 Experimental Framework

13.4 Healthcare Monitoring

13.5 Results and Discussion

13.6 Conclusion

References

14 Vision-Based Gesture Recognition: A Critical Review

14.1 Introduction

14.2 Issues in Vision-Based Gesture Recognition

14.3 Step-by-Step Process in Vision-Based

14.4 Classification

14.5 Literature Review

14.6 Conclusion

References

15 SPAM Filtering Using Artificial Intelligence

15.1 Introduction

15.2 Architecture of Email Servers and Email Processing Stages

15.3 Execution Evaluation Measures

15.4 Classification - Machine Learning Technique for Email Spam

15.5 Conclusion

References

About the Editors

Index

End User License Agreement

List of Illustrations

Chapter 1

Figure 1.1 Network infrastructure [4].

Figure 1.2 System architecture [11].

Chapter 2

Figure 2.1 Privacy preserving data mining approaches.

Figure 2.2 Flowchart of genetic algorithm.

Figure 2.3 An overview of intrusion detection system (IDS).

Chapter 3

Figure 3.1 Artificial intelligence.

Figure 3.2 AI for cyber security.

Figure 3.3 Role of artificial intelligence in cyber security.

Figure 3.4 Challenges in cyber security.

Figure 3.5 Effects of AI in cyber security.

Figure 3.6 Security threats.

Chapter 4

Figure 4.1 Introduction to Botnet.

Figure 4.2 Factor of Botnet.

Figure 4.3 Host-centered detection system.

Figure 4.4 Honey nets-based botnet detection.

Figure 4.5 Botnet architecture (a) federal model (b) devolved model (c) cross ar...

Figure 4.6 Mapping among ML area x and objects y.

Figure 4.7 Extensive Botnet Detection System (EBDS).

Chapter 5

Figure 5.1 Word cloud of common words in spam mails.

Figure 5.2 A typical spam filter mechanism.

Figure 5.3 Hyperplane sets for tanning data.

Figure 5.4 Flowdiagram of Naive Bayes classifier.

Figure 5.5 Simulation results of a SVM classifier.

Figure 5.6 Fuzzy logic–based e-mail spam filtering architecture.

Figure 5.7 Block diagram for training set generation.

Chapter 6

Figure 6.1 Cyber security system.

Figure 6.2 Empower security analysts.

Figure 6.3 AI cyber security.

Figure 6.4 Cyberlytic profile.

Figure 6.5 Amazon Macie.

Figure 6.6 Deep sensitivity.

Figure 6.7 ENDPOINT security.

Figure 6.8 Cloud-based comprehension engine.

Figure 6.9 The process of detecting threats.

Figure 6.10 Vectra AI.

Figure 6.11 QRadar Advisor.

Figure 6.12 Cyber Security/UBA/UEBA.

Figure 6.13 AI in CyberSecurity.

Chapter 7

Figure 7.1 Multi-tenancy structure.

Figure 7.2 Multi-tenancy structure.

Figure 7.3 Multi-users in system.

Figure 7.4 Multiple company in the single database.

Chapter 8

Figure 8.1 Flow chart of general face recognition process.

Figure 8.2 Detecting facial feature from an image.

Figure 8.3 Extracting detected images.

Figure 8.4 Flowchart of proposed methodology.

Figure 8.5 Rectangular integral.

Figure 8.6 (a) Segmentated image (b) Feature histogram generated by ILBP.

Figure 8.7 People’s dataset images.

Figure 8.8 Unknown face.

Figure 8.9 Face detection.

Figure 8.10 Segmented facial image.

Figure 8.11 Comparison between feature that are extracted using (a) ILBP method ...

Figure 8.12 ROC curve for face recognition.

Chapter 9

Figure 9.1 Cable bridge.

Figure 9.2 Wifi board, 2b Bitmap format of sample image, 2c SPIHT method.

Figure 9.3 Noise reduction.

Figure 9.4 Methodology of the developed model.

Figure 9.5 ANN network.

Figure 9.6 Robot carriage and frame.

Figure 9.7 Sample images and ANN decisions.

Figure 9.8 Sample MGPS.

Figure 9.9 MGPS – color codes.

Figure 9.10 Image and ANN encoding for color pipes.

Figure 9.11 Defect image and ANN encoding for color pipes.

Figure 9.12 Copper pipe image and ANN encoding.

Figure 9.13 Leakage deduction fan.

Chapter 10

Figure 10.1 Fuzzy expert system.

Figure 10.2 Crisp vs. fuzzy sets.

Figure 10.3 Example of complement operation on a fuzzy set.

Figure 10.4 Example of intersection operation on a fuzzy set.

Figure 10.5 Example of union operation on a fuzzy set.

Figure 10.6 Proposed model for input and output.

Figure 10.7 Potential cyber threats.

Figure 10.8 Model of rule-based system.

Figure 10.9 Input output variables.

Figure 10.10 The structure of cyber security system.

Chapter 11

Figure 11.1 Conventional system for cyber security.

Figure 11.2 Cyber security with supervised and unsupervised machine learning.

Figure 11.3 Cyber-attack attribution rules through association rule mining.

Figure 11.4 Supervised learning (Classification) and Unsupervised learning (Clus...

Figure 11.5 Different stages for detecting cyber attack through data mining.

Chapter 12

Figure 12.1 Intrusion detection system.

Figure 12.2 Web-based intrusion detection system.

Figure 12.3 Host-based Intrusion Detection System

Figure 12.4 Application Protocol-based Intrusion Detection System (APIDS).

Figure 12.5 Hybrid intrusion detection system.

Figure 12.6 Misuse detection expert system (MDES).

Figure 12.7 Signature-based analysis in IDS.

Figure 12.8 Data mining in intrusion detection system.

Figure 12.9 Classification tree.

Figure 12.10 Regression tree.

Figure 12.11 Model of modified decision tree algorithm.

Figure 12.12 Stream of attack detection.

Chapter 13

Figure 13.1 The Architecture of the experimental framework.

Figure 13.2 Scatter plot of the collected data.

Figure 13.3 Output GUI with sample output.

Figure 13.4 Flowchart for the firefly algorithm (

Singh Rathore, P. et al. 2020

).

Figure 13.5 Blood pressure measuring GUI.

Figure 13.6 Heart Rate measurement GUI.

Figure 13.7 Oxygen measurement GUI.

Figure 13.8 Warning message GUI.

Figure 13.9 Cloud database value.

Figure 13.10 GUI for optimal, best and worst parameters.

Chapter 14

Figure 14.1 Gesture recognition product growth over Asia-Pacific regions (Source...

Figure 14.2 Gesture classification.

Figure 14.3 (a) Operations in Image Enhancement (b) Hand gestures in the process...

Figure 14.4 Image acquisition taxonomy.

Figure 14.5 Vision controlled remote (www.zdnet.com).

Chapter 15

Figure 15.1 The capacity of spam emails 4th zone 2018 to 1st area 2019.

Figure 15.2 Representation of an email server structure and process of spam filt...

Figure 15.3 Structure of neural network (NN).

Figure 15.4 Fuzzy set e-mail filtering manner workflow from person mailbox.

List of Tables

Chapter 1

Table 4.1 Aspect of machine learning method in botnet detection system.

Chapter 8

Table 8.1 Sample of featured extraction using ILBP method.

Table 8.2 Comparison table.

Chapter 11

Table 11.1 Common cyber attacks and their description.

Table 11.2 Popular Data Mining Tools for cyber security.

Chapter 12

Table 12.1 IDS type comparative.

Chapter 14

Table 14.1 Comparison of classifiers.

Table 14.2 Comparison of exiting vision based.

Chapter 15

Table 15.1 Freely available email spam collection.

Guide

Cover

Table of Contents

Title Page

Preface

Copyright

Begin Reading

About the Editors

Index

End User License Agreement

Pages

v

ii

iii

iv

xiii

xiv

xv

xvi

xvii

1

2

3

4

5

6

7

8

9

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

87

88

89

90

91

92

93

94

95

96

97

98

99

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

293

294

295

296

297

Scrivener Publishing100 Cummings Center, Suite 541JBeverly, MA 01915-6106

Advances in Cyber Security

Series Editor: Rashmi Agrawal and D. Ganesh Gopal

Scope: The purpose of this book series is to present books that are specifically designed to address the critical security challenges in today’s computing world including cloud and mobile environments and to discuss mechanisms for defending against those attacks by using classical and modern approaches of cryptography, blockchain and other defense mechanisms. The book series presents some of the state-of-the-art research work in the field of blockchain, cryptography and security in computing and communications. It is a valuable source of knowledge for researchers, engineers, practitioners, graduates, and doctoral students who are working in the field of blockchain, cryptography, network security, and security and privacy issues in the Internet of Things (IoT). It will also be useful for faculty members of graduate schools and universities. The book series provides a comprehensive look at the various facets of cloud security: infrastructure, network, services, compliance and users. It will provide real-world case studies to articulate the real and perceived risks and challenges in deploying and managing services in a cloud infrastructure from a security perspective. The book series will serve as a platform for books dealing with security concerns of decentralized applications (DApps) and smart contracts that operate on an open blockchain. The book series will be a comprehensive and up-to-date reference on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations.

Publishers at ScrivenerMartin Scrivener ([email protected])Phillip Carmical ([email protected])

rtificial Intelligence and Data Mining Approaches in Security Frameworks

Edited by

This edition first published 2021 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and Scrivener Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA© 2021 Scrivener Publishing LLCFor more information about Scrivener publications please visit www.scrivenerpublishing.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

Wiley Global Headquarters111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Limit of Liability/Disclaimer of WarrantyWhile the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials, or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read.

Library of Congress Cataloging-in-Publication Data

ISBN 978-1-119-76040-5

Cover image: (Antenna Tower): Carmen Hauser | Dreamstime.comCover design by Kris Hackerott

Set in size of 11pt and Minion Pro by Manila Typesetting Company, Makati, Philippines

Printed in the USA

10 9 8 7 6 5 4 3 2 1

Preface

Artificial Intelligence (AI) and data mining not only provide a better understanding of how real-world systems function, but they also enable us to predict system behavior before a system is actually built. They can also accurately analyze systems under varying operating conditions. This book provides comprehensive, state-of-the-art coverage of all the important aspects of modeling and simulating both physical and conceptual systems. Various real-life examples show how simulation plays a key role in understanding real-world systems. We also explained how to effectively use AI and Data Mining techniques to successfully apply the modeling and simulation techniques presented.

After introducing the underlying philosophy of systems, the book offers step-by-step procedures for modeling with practical examples and coding different types of systems using modeling techniques, such as the Pattern Recognition, Automatic Threat detection, Automatic problem solving, etc.

Preparing both undergraduate and graduate students for advanced modeling and simulation courses, this text helps them carry out effective simulation studies. In addition, graduate students should be able to comprehend and conduct AI and Data Mining research after completing this book.

This book is organized into fifteen chapters. In Chapter 1, this Chapter discusses about the cyber security needs that can be addressed by AI techniques. It talks about the traditional approach and how AI can be used to modify the multilayered security mechanism used in companies today. Here we propose a system that adds additional layer of security in order to detect any unwanted intrusion. The ever-expanding danger of digital assaults, cybercrimes, and malware attacks has grown exponentially with evolution of artificial intelligence. Conventional ways of cyber-attacks have now taken a turning point, consequently, the attackers resort to more intelligent ways.

In Chapter 2, we have tried to show the power of intrusion detection is the most important application of data mining by applying different data mining techniques to detect it effectively and report the same in actual time so that essential and required arrangements can be made to stop the efforts made by the trespassery.

In Chapter 3, we have explained about how Artificial Intelligence (AI) is a popular expression in the digital world. It is as yet a creating science in various features as indicated by the difficulties tossed by 21st century. Usage of artificial intelligence has gotten undefined from human life. Nowadays one can’t imagine a world without AI as it has a ton of gigantic impact on human life. The essential objective of artificial intelligence is to develop the advancement based activities which addresses the human data in order to handle issues. Basically artificial intelligence is examination of how an individual think, work, learn and pick in any circumstance of life, whether or not it may be related to basic reasoning or learning new things or thinking equitably or to appear at an answer, etc.

In Chapter 4, we have explained further proposed a botnet identification version using optics algorithm that hopes to effectively discover botnets and perceive the type botnet detected by way of addition of latest feature; incorporation of changed traces to pinpoint supply IP of bot master, identification of existence of the kind of services the botnets have get right of entry to to are areas the proposed solution will cater for.

In Chapter 5, we have explained about models basically ‘learns’ from experience with respect to some task and are capable of finding ‘commonality’ in many different observations. This study discusses various methods of spam filtering using existing Artificial Intelligence techniques and compares their strengths and limitations.

In Chapter 6, we have explained about how as artificial intelligence people in general to improve, there are risks associated with their utilization, set up in functioning frameworks, tools, calculations, framework the executives, morals and duty, and privacy. The study focuses around the risks and threats of computerized reasoning and how AI can help comprehend network safety or areas of cyber security issues.

In Chapter 7, we have explained about problem to make privacy in multi-tenant in the single framework. For that problem we use the artificial intelligence concept to improve the security and privacy concept in multitenant based system. Using Artificial intelligence the privacy and security concept make strong because in artificial intelligence work as intelligent human or animal mind it make maximum changes to fulfill the requirement of the concept to achieve the goal. In this chapter describes the issues of privacy and security problems in multi tenancy.

In Chapter 8, we have provided detailed explanations of a novel approach for biometric recognition has been introduced in which the application of ILBP (Improved Local Binary Pattern) for facial feature detection is discussed which generates the improved features for the facial pattern. It allows only authenticated user to access a system which is better than previous algorithms. Previous research for face detection shows many demerits in terms of false acceptance and rejection rates. In this paper, the extraction of facial features is done from static and dynamic frames using the Haar cascade algorithm.

In Chapter 9, we have explained about a the developed system consists of a climbing robot, camera for image capturing, IoT modules for transmitting images to cloud, image processing platform, and artificial neural network module intended for decision making. Climbing robot holds the cable with the grooved wheels along with the auto trigger camera and the IoT module. For inspection, the robot ascends along the cables continuously and acquires images of various segments of the cable. Then the captured images have been send to the cloud storage through IoT system. The stored images have been retrieved and their sizes have been reduced through the image processing techniques.

In Chapter 10, we have a digital security threats results from the character of those omnipresent and at times over the top interchanges interconnections. Digital security isn’t one aspect, yet rather it’s a gaggle of profoundly various issues mentions various arrangements of threats. An Advance Cyber Security System utilizing emblematic rationale might be a framework that comprises of a standard safe and an instrument for getting to and running the standards. The vault is ordinarily built with a lot of related standard sets. Fuzzy improvement manages finding the estimations of information boundaries of a luxurious recreated framework which winds up in wanted yield.

In Chapter 11, the goal of current chapter is to analyze cyber threats and to demonstrate how artificial intelligence and data mining approaches can be effective to fix cyber-attack issues. The field of artificial intelligence has been increasingly playing a vital role in analyzing cyber threat and improving cyber security as well as safety. Mainly three aspects are discussed in this chapter. First the process of cyber-attack detection which will help to analyses and classify cyber incident, Second task is forecasting upcoming cyber-attack and to control the cyber terrorism. Finally the chapter focus on theoretical background and practical usability of artificial intelligence with data mining approaches for addressing above detection and prediction.

In Chapter 12, this chapter explores the modern intrusion detection with a distinctive determination perspective of data mining. This discussion focuses on major facets of intrusion detection strategy that is misuse detection. Below content focuses on, to identify attacks, information or data which is present on the network using C4.5 algorithm, which is type of decision tree technique and also it helps to enhance the IDS system to recognize types of attacks in network. For this attack detection, KDD-99 dataset is used, contains several features and different class of general and attack type data.

In Chapter 13, in this current research, firefly algorithm has been used for optimizing maize crop yield by considering the various constraints and risks. This research investigates the development of new firefly algorithm module for predicting the optimal climatic conditions and predicts the crop cultivation output. As the pre-processing, the maize crop cultivation data for 96 months have been collected and provided as response to Minitab software to formulate the relational equation. The collected data have been stored in the cloud using IoT and the cloud has to be updated periodically for obtaining the accurate results from the algorithm.

In Chapter 14, gestures are of two types as: static and dynamic sequences, this is where vision based techniques plays a vital role. The survey on the research study on the vision-based gesture recognition approaches have been briefed in this paper. Challenges in all perspective of recognition of gestures using images are detailed. A systematic review has been conducted over 100 papers and narrowed down into 60 papers on summarized. The foremost motive of this paper is to provide a strong foundation on vision based recognition and apply this for solutions in medical and engineering fields. Outlines gaps & current trends to motivate researchers to improve their contribution.

In Chapter 15, we will cover a examine of diverse thoughts, attempts, efficiency and different studies trends in junk mail filtering. The history observe explains the packages of device gaining knowledge of strategies to clear out the antispam emails of main e mail service carriers like gmail, yahoo, outlook and so on. We can talk the e-mail unsolicited mail filtering techniques and sundry efforts made via various researchers in fighting the unsolicited mail emails via using device mastering strategies. Here, we talk and make comparisons within the strengths & weaknesses of already present machine learning algorithms & techniques and different open studies troubles in spam filtering. We might suggest deep gaining knowledge & deep adversarial getting to know as these technologies are the destiny to be able to capable of efficaciously deal with spam emails threats.

Prof. Neeraj BhargavaProfessor & HeadDepartment of Computer ScienceSchool of Engineering and System ScienceMDS University, Ajmer, Rajasthan, India

Dr. Ritu BhargavaAssistant ProfessorDepartment of Computer ScienceSophia Girl’s College AutonomousAjmer, Rajasthan, India

Pramod Singh RathoreAssistant ProfessorAryabhatta College of Engineering and Research Center,Ajmer, Rajasthan, IndiaDepartment of Computer Science & EngineeringVisiting Faculty, MDS University, Ajmer, Rajasthan, India

Prof. Rashmi AgrawalProfessorManavrachna International Institute of Research and Studies,Faridabad, India

2Privacy Preserving Using Data Mining

Chitra Jalota* and Dr. Rashmi Agrawal

Manav Rachna International Institute of Research and Studies, Faridabad, India

Abstract

On the one hand, data mining techniques are useful to extract hidden knowledge from a large pool of data but on the other hand a number of privacy threats can be introduced by these techniques. The main aim of this chapter is to discuss a few of these issues along with a comprehensive discussion on various data mining techniques and their applications for providing security. An effective classification technique is helpful to categorize the users as normal users or criminals on the basis of the actions which they perform on social networks. It guides users to distinguish among a normal website and a phishing website. It is the task of a classification technique to always alert users from implementing malicious codes by labelling them as malicious. Intrusion detection is the most important application of data mining by applying different data mining techniques to detect it effectively and report the same in actual time so that essential and required arrangements can be made to stop the efforts made by the trespasser.

Keywords: Data mining, security, intrusion detection, anamoly detection, outlier detection, classification, privacy preserving data mining

2.1 Introduction

A computer system has the ability to protect its valuable information, raw data along with its resources in terms of privacy, veracity and authenticity; this ability is known as computer security. A third party cannot read or edit the contents of a database by using the parameters i.e., Privacy/confidentiality and integrity. By using the parameter authenticity, an unauthorised person is not allowed to modify, use or view the contents of a database. When one or more resources of a computer compromises the availability, integrity or confidentiality by an action, it is known as intrusion. These types of attacks can be prevented by using firewall and filtering router policies. Intrusions can happen even in the most secure systems and therefore it is advisable to detect the same in the beginning. By employing data mining techniques, patterns of features of a system can be detected by an intrusion detection system (IDS) so that anomalies can be detected with the help of an appropriate set of classifiers. For easy detection of intrusion, some important data mining techniques such as classification and clustering are helpful.

Test data could be analysed and labelled into known type of classes with the help of classification techniques. For objects grouping into a set of clusters, clustering methods are used. These methods are used in such a way that a cluster has all similar objects. There could be some security challenges for mining of underlying knowledge from large volumes of data as well as extraction of hidden patterns by using data mining techniques (Ardenas et al., 2014). To solve this issue, Privacy Preserving Data Mining (PPDM) is used, which aims to derive important and useful information from an unwanted or informal database (Friedman, Schuster, 2008). There are various PPDM approaches. On the basis of enforcing privacy principle, some of them can be shown in Figure 2.1.

a) Suppression

An individual’s private or sensitive information like name, salary, address and age, if suppressed prior to any calculation is known as suppression. Suppression can be done with the help of some techniques like Rounding (Rs/- 15365.87 can be round off to 15,000), Full form (Name Chitra Mehra can be substituted with the initials, i.e., CM and Place India may be replaced with IND and so on). When there is a requirement of full access to sensitive values, suppression cannot be used by data mining. Another way to do suppression is to limit rather than suppress the record’s sensitive information. The method by which we can suppress the identity linkage of a record is termed as De-identification. One such de-identification technique is k-Anonymity. Assurance of protection of data which was released against re-identification of the person’s de-identification (Rathore et al., 2020), (Singh, Singh, 2013). K-anonymity and its application is difficult before collecting complete data at one trusted place. For its solution, secret sharing technique based cryptographic solution could be used.

Figure 2.1 Privacy preserving data mining approaches.

b) Data Randomization

The central server of an organization takes information of many customers and builds an aggregate model by performing various data mining techniques. It permits the customers to present precise noise or arbitrarily bother the records and to find out accurate information from that pool of data. There are several ways for introduction of noise, i.e., addition or multiplication of the randomly generated values. To achieve preservation of the required privacy, we use agitation in data randomization technique. To generate an individual record, randomly generated noise can be added to the innovative data. The noise added to the original data is non-recoverable and thus leads to the desired privacy.

Following are the steps of the randomization technique:

After randomizing the data by the data provider, it is to be conveyed to the Data Receiver.

By using algorithm of distribution reconstruction, data receiver is able to perform computation of distribution on the same data.

c) Data Aggregation

Data is combined from various sources to facilitate data analysis by data aggregation technique. By doing this, an attacker is able to infer private- and individual-level data and also to recognize the resource. When extracted data allows the data miner to identify specific individuals, privacy of data miner is considered to be under a serious threat. When data is anonymized immediately after the aggregation process, it can be prevented from being identified, although, the anonymized data sets comprise sufficient information which is required for individual’s identification (Kumar et al., 2018).

d) Data Swapping

For the sake of privacy protection, exchange of values across different records can be done by using this process. Privacy of data can still be preserved by allowing aggregate computations to be achieved exactly as it was done before, i.e., without upsetting the lower order totals of the data. K-anonymity can be used in combination with this technique as well as with other outlines to violate the privacy definitions of that model.

e) Noise Addition/Perturbation

For maximum accuracy of queries and diminish the identification chances its records, there is a mechanism provided by addition of controlled noise (Bhargava et al., 2017). Following are some of the techniques used for noise addition:

Parallel Composition

Laplace Mechanism

Sequential Composition

2.2 Data Mining Techniques and Their Role in Classification and Detection

Malware computer programs that repeat themselves for spreading out from one computer to another computer are called worms. Malware comprises adware, worms, Trojan horse, computer viruses, spyware, key loggers, http worm, UDP worm and port scan worm, and remote to local worm, other malicious code and user to root worm (Herzberg, Gbara, 2004). There are various reasons that attackers write these programs, such as:

i) Computer process and its interruption

ii) Assembling of sensitive information

iii) A private system can gain entry

It is very important to detect a worm on the internet because of the following two reasons: