Abstract. MOVICAB-IDS enables the more interesting projections of a massive traffic data set to be analysed, thereby providing an overview of any possible anomalous situations taking place on a computer network. This IDS responds to the challenges presented by traffic volume and diversity. It is a connectionist agent-based model extended by means of a functional and mobile visualization interface. The IDS is designed to be more flexible, accessible and portable by running on a great variety of applications, including small mobile ones such as PDA’s, mobile phones or embedded devices. Furthermore, its effectiveness has been demonstrated in different tests.

Abstract. This study demonstrates the ability of powerful visualization tools (based on the use of connectionist models) to identify network intrusion attempts in an effective and reliable manner. It presents a novel technique to test and evaluate a previously developed network-based intrusion detection system (IDS). This technique applies mutant operators and is intended to test IDSs using numerical data sets. It should be made clear that some mutations were discarded as they did not all provide real life situations. As an application example of the proposed testing model, it has been specially applied to the identification of network scans and mutations of these. The tested Connectionist Agent-Based IDS (CAB-IDS) is used as a method to investigate the traffic which travels along the analysed network, detecting anomalous traffic patterns. The specific tests performed in this study were based on the mutation of one or several variables analysed by CAB-IDS. 1

Processing, Knowledge Identification and Proposal), which is a Knowledge Management (KM) tool that profiles the KM status of a company. Qualitative data is fed into the system which allow it not only to assess the KM situation in the company in a straightforward and intuitive manner, but also to propose corrective actions to improve that situation. DIPKIP is based on four separate steps. An initial 'data acquisition step', in which key data is captured, is followed by an 'intelligent processing ' step, using neural projection architectures. Subsequently, the 'knowledge identification ' step catalogues the company into three categories, according to a set of theoretical situations that can arise in the field of strategic knowledge: knowledge deficit, partial knowledge deficit and no knowledge deficit. Finally, a 'proposal step ' is performed, which weighs up the 'knowledge processes ' of creation/acquisition, transference/distribution and putting into practice/updating. This process of knowledge updating (increasing the knowledge held and removing obsolete knowledge) is a novel contribution in itself, which to the best of our knowledge has not been considered elsewhere. DIPKIP can be seen as a decision support system, which, under the supervision of a KM expert, can provide useful and practical proposals to senior management for the improvement of KM, leading to flexibility, cost savings and greater competitiveness. This study approaches KM from both a theoretical and a practical point of view. It describes the impact that transformations can have on individual and organizational responsibilities, from the lowest states (data and information) to the highest (knowledge and its management).

Abstract. A novel hybrid artificial intelligent system for Intrusion Detection, called MOVIH-IDS, is presented in this study. A hybrid model built by means of a multiagent system that incorporates an unsupervised connectionist Intrusion Detection System (IDS) has been defined to guaranty an efficient computer network security architecture. This hybrid IDS facilitates the intrusion detection in dynamic networks, in a more flexible and adaptable manner. The proposed improvement of the system in this paper includes deliberative agents characterized by the use of an unsupervised connectionist model to identify intrusions in computer networks. This hybrid IDS has been probed through several real anomalous situations related to the Simple Network Management Protocol as it is potentially dangerous. Experimental results probed the successful detection of such attacks through MOVIH-IDS.

The nonnegative Boltzmann machine (NNBM) is a recurrent neural network model that can describe multimodal nonnegative data. Application of maximum likelihood estimation to this model gives a learning rule that is analogous to the binary Boltzmann machine. We examine the utility of the mean field approximation for the NNBM, and describe how Monte Carlo sampling techniques can be used to learn its parameters. Reflective slice sampling is particularly well-suited for this distribution, and can efficiently be implemented to sample the distribution. We illustrate learning of the NNBM on a translationally invariant distribution, as well as on a generative model for images of human faces. Introduction The multivariate Gaussian is the most elementary distribution used to model generic data. It represents the maximum entropy distribution under the constraint that the mean and covariance matrix of the distribution match that of the data. For the case of binary data, the maximum entrop...

Abstract. This paper reviews one nonlinear and two linear projection architectures, in the context of a comparative study, which are used as either alternative or complementary tools in the identification and analysis of anomalous situations by Intrusion Detection Systems (IDSs). Three neural projection models are empirically compared, using real traffic data sets in an IDS framework. The specific multivariate data analysis techniques that drive these models are able to identify different factors or components by studying higher order statistics- variance and kurtosis- in order to display the most interesting projections or dimensions. Our research describes how a network manager is able to diagnose anomalous behaviour in data traffic through visual projection of network traffic. We also emphasize the importance of the timedependent variable in the application of these projection methods.

Linear factor models with non-negativity constraints have received a great deal of interest in a number of problem domains. In existing approaches, positivity has often been associated with sparsity. In this paper we argue that sparsity of the factors is not always a desirable option, but certainly a technical limitation of the currently existing solutions. We then reformulate the problem in order to relax the sparsity constraint while retaining positivity. This is achieved by employing a rectification nonlinearity rather than a positively supported prior directly on the latent space. A variational learning procedure is derived for the proposed model and this is contrasted to existing related approaches. Both i.i.d. and first-order AR variants of the proposed model are provided and they are experimentally demonstrated with artificial data. Application to the analysis of galaxy spectra show the benefits of the method in a real world astrophysical problem, where the existing approach is not a viable alternative.

Abstract. An increasing effort has being devoted to researching on the field of Intrusion Detection Systems (IDS’s). A wide variety of artificial intelligence techniques and paradigms have been applied to this challenging task in order to identify anomalous situations taking place within a computer network. Among these techniques is the neural network approach whose models (or most of them) have some difficulties in processing traffic data “on the fly”. The present work addresses this weakness, emphasizing the importance of an appropriate segmentation of raw traffic data for a successful network intrusion detection relying on unsupervised neural models. In this paper, the presented neural model is embedded in a hybrid artificial intelligence IDS which integrates the case based reasoning and multiagent paradigms.

Recent work has exploited boundedness of data in the unsupervised learning of new types of generative model. For nonnegative data it was recently shown that the maximum-entropy generative model is a Nonnegative Boltzmann Distribution not a Gaussian distribution, when the model is constrained to match the first and second order statistics of the data. Learning for practical sized problems is made difficult by the need to compute expectations under the model distribution. The computational cost of Markov chain Monte Carlo methods and low fidelity of naive mean field techniques has led to increasing interest in advanced mean field theories and variational methods. Here I present a secondorder mean-field approximation for the Nonnegative Boltzmann Machine model, obtained using a "high-temperature" expansion. The theory is tested on learning a bimodal 2-dimensional model, a high-dimensional translationally invariant distribution, and a generative model for handwritten digits. ...

Abstract. A multiagent system that incorporates an Artificial Neural Networks based Intrusion Detection System (IDS) has been defined to guaranty an efficient computer network security architecture. The proposed system facilitates the intrusion detection in dynamic networks. This paper presents the structure of the Mobile Visualization Connectionist Agent-Based IDS, more flexible and adaptable. The proposed improvement of the system in this paper includes deliberative agents that use the artificial neural network to identify intrusions in computer networks. The agent based system has been probed through anomalous situations related to the