Introductory Chapter: Machine Learning in Misuse and Anomaly Detection (original) (raw)

Machine Learning Applications in Misuse and Anomaly Detection

2020

Machine learning and data mining algorithms play important roles in designing intrusion detection systems. Based on their approaches toward the detection of attacks in a network, intrusion detection systems can be broadly categorized into two types. In the misuse detection systems, an attack in a system is detected whenever the sequence of activities in the network matches with a known attack signature. In the anomaly detection approach, on the other hand, anomalous states in a system are identified based on a significant difference in the state transitions of the system from its normal states. This chapter presents a comprehensive discussion on some of the existing schemes of intrusion detection based on misuse detection, anomaly detection and hybrid detection approaches. Some future directions of research in the design of algorithms for intrusion detection are also identified.

Anomaly Detection Using Machine Learning

International Journal of Advance Research, Ideas and Innovations in Technology, 2018

In this day and age of plethora of information, the importance of information security cannot be emphasized enough. Any threat to confidentiality, integrity or availability of information must be taken seriously. Ignoring such threats can have serious consequences, like misappropriation, modification or encryption of data. Vulnerabilities in information security are a tempting target for malwares. Malwares are malicious scripts or software, including computer viruses, worms, Trojan-horses, ransomware, spyware, adware, etc. The traditional way of detecting an advanced malware or threat compromise uses a signature based antivirus. This approach, however, is not foolproof and can be bypassed. The signature based approach relies on a known list of signatures. The list of signatures is not perfect and also does not contain previously unseen malware signatures. The proposed system uses operational intelligence tools and machine learning to monitor usual user behavior. This is done by collecting system activities like event logs, sysinternal, etc. Once the system learns normal behavior patterns, it can detect anomalies that may be caused by malware. Thus, unlike signature based approach, the proposed system can detect previously unseen malwares as well.

Learning Rules and Clusters for Anomaly Detection in Network Traffic

Massive Computing, 2005

Much of the intrusion detection research focuses on signature (misuse) detection, where models are built to recognize known attacks. However, signature detection, by its nature, cannot detect novel attacks. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this chapter we explore two machine learning methods that can construct anomaly detection models from past behavior. The first method is a rule learning algorithm that characterizes normal behavior in the absence of labeled attack data. The second method uses a clustering algorithm to identify outliers.

A Survey of Signature Based & Statistical Based Intrusion Detection Techniques

— This paper presents a comprehensive survey of some modern and most popular intrusion detection techniques. It is unrealistic to prevent security breaches completely using the existing security technologies. Detecting the presence of intruder is very crucial for maintaining the network security. It is found that most of the current intrusion detection systems (IDSs) are signature based systems. The signature based intrusion detection system are based on matching a signature with the network details. Provided with the signatures or patterns they can detect many or all known attack patterns but they are of little use for as yet unknown attacks. Rate of false positives is close to nil but these types of systems are poor at detecting new attacks or variation of known attacks or attacks that can be masked as normal behavior. The other type of IDS i.e. Statistical Based Intrusion detection System (SBIDS) can overcome many of the aforementioned limitations of signature based intrusion detection systems. The statistical based intrusion detection systems performs better than signature based intrusion detection system for novelty detection i.e. detection of new attack is very important for intrusion detection system. Researchers have implemented various classification algorithms for intrusion detection.

Application of Machine Learning Approaches in Intrusion Detection System: A Survey

Network security is one of the major concerns of the modern era. With the rapid development and massive usage of internet over the past decade, the vulnerabilities of network security have become an important issue. Intrusion detection system is used to identify unauthorized access and unusual attacks over the secured networks. Over the past years, many studies have been conducted on the intrusion detection system. However, in order to understand the current status of implementation of machine learning techniques for solving the intrusion detection problems this survey paper enlisted the 49 related studies in the time frame between 2009 and 2014 focusing on the architecture of the single, hybrid and ensemble classifier design. This survey paper also includes a statistical comparison of classifier algorithms, datasets being used and some other experimental setups as well as consideration of feature selection step.

Machine Learning and Threat Detection: A Review

National Seminar on National Development through Science and Technology, 2017

Today’s computer network systems are vulnerable both to abuse by insiders and to penetration by outsiders, as evidenced by the growing number of incidents reported. To close all security loopholes from today’s network systems is infeasible, and no combination of technologies can prevent legitimate users from abusing their authority in a network; thus auditing is viewed as the last line of defense. The popularity of using Internet contains risks of network attacks. Intrusion detection is one major research problem in network security, whose aim is to identify unusual access or attacks to secure internal networks. In literature, intrusion detection systems have been approached by various machine learning techniques. Here we want to provide an overview of current achievements and limitations in developing intrusion detection systems by machine learning.

A Machine Learning Approach for Intrusion Detection

International Journal for Research in Applied Science and Engineering Technology

Computer networks and virtual machine security are very essential in today's era. IDS monitors a network or system for malicious action and protects a computer network from unofficial access from users, including perhaps insiders. Various existing systems have already been developed to detect malicious activity on target machines; sometimes any external user creates some malicious behavior and gets unauthorized access to victim machines to such a behavior system considered as malicious activities or Intruder. Machine Learning (ML) algorithms are applied in IDS in order to identify and classify security threats. Numerous machine learning and soft computing techniques are designed to detect the activities in real-time network log audit data. KKDDCUP99 and NLSKDD most utilized data sets to detect the Intruder on the benchmark data set. In this paper, we proposed the identification of impostors using machine learning algorithms. Two different techniques have been proposed a signature with detection and anomaly-based detection. The experimental analysis demonstrates SVM, Naïve Bayes, and ANN algorithms with various data sets and demonstrates system performance in the real-time network environment.

Intrusion detection by machine learning: A review

The popularity of using Internet contains some risks of network attacks. Intrusion detection is one major research problem in network security, whose aim is to identify unusual access or attacks to secure internal networks. In literature, intrusion detection systems have been approached by various machine learning techniques. However, there is no a review paper to examine and understand the current status of using machine learning techniques to solve the intrusion detection problems. This chapter reviews 55 related studies in the period between 2000 and 2007 focusing on developing single, hybrid, and ensemble classifiers. Related studies are compared by their classifier design, datasets used, and other experimental setups. Current achievements and limitations in developing intrusion detection systems by machine learning are present and discussed. A number of future research directions are also provided.