Introductory Chapter: Machine Learning in Misuse and Anomaly Detection (original) (raw)

Abstract

sparkles

AI

The chapter discusses the evolution of machine learning techniques applied to misuse and anomaly detection in cybersecurity. It highlights the inadequacies of traditional rule-based intrusion detection systems in identifying novel attacks, emphasizing the need for automated and efficient detection mechanisms. Various machine learning algorithms and their applications in these systems are reviewed, showcasing their potential to improve detection accuracy while addressing challenges such as scalability and real-time processing in high-volume data environments. The chapter serves as an introduction to subsequent sections exploring network security and cryptography.

Loading...

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

References (52)

  1. Agrawal R, Imielinski T, Swami A. Mining association rules between sets of items in large databases. In: Proceedings of the ACM SIGMOD International Conference on Management of Data. Washington, DC: ACM; 1993. pp. 207-216
  2. Lee WK, Stolfo SJ, Mok KW. A data mining framework for building intrusion detection models. In: Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA: IEEE; 1999. pp. 120-132. DOI: 10.1109/ SECPRI.1999.766909
  3. Abraham A, Grosan C, Martin-Vide C. Evolutionary design of intrusion detection programs. International Journal of Network Security. 2007;4(3):328-339. DOI: 10.6633/IJNS.200705.4(3).12
  4. Cannady J. Artificial neural networks for misuse detection. In: Proceedings of the National Information Systems Security Conference (NISSC'98);
  5. Washington, DC; 6-9 October 1998. pp. 441-454
  6. Mukkamala S, Janoski G, Sung AH. Intrusion detection using neural networks and support vector machines. In: Proceedings of the International Joint Conference on Neural Networks (IJCNN'02);
  7. Honolulu, HI; 12-17 May 2002. pp. 1702- 1707. DOI: 10.1109/IJCNN.2002.1007774
  8. Kruegel C, Toth T. Using detection trees to improve signature-based intrusion detection. In: Proceedings of the 6th International Workshop on Recent Advances in Intrusion Detection; Pittsburgh, PA; 8-10 September 2003. pp. 173-191. DOI: 10.1007/978-3-540-45248-5_10
  9. Chebrolu S, Abraham A, Thomas JP. Feature deduction of intrusion detection systems. Computers & Security. 2005;24:295-307. DOI: 10.1016/j. cose.2004.09.008
  10. Cooper GF, Herskovits E. A Bayesian method for the induction of probabilistic networks from data. Machine Learning. 1992;9:309-347. DOI: 10.1007/BF00994110
  11. Verma T, Pearl J. An algorithm for deciding if a set of observed independencies has a causal explanation. In: Proceedings of the 8th International Conference on Uncertainty in Artificial Intelligence;
  12. Stanford, CA; 1992. pp. 323-330. DOI: 10.1016/B978-1-4832-8287-9.50049-9
  13. Pearl J, Wermuth N. When can association graphs admit a causal interpretation? In: Proceedings of the 4th International Workshop on Artificial Intelligence and Statistics;
  14. Fort Lauderdale, FL; 1993. pp. 141-150. DOI: 10.1007/978-1-4612-2660-4_21
  15. Schultz MG, Eskin E, Zadok E, Stolfo SJ. Data mining methods for detection of new malicious executables. In: Proceedings of IEEE Symposium on Security and Privacy (S&P'01);
  16. Oakland, CA/Anaheim, CA; 14-16 May 2000. DOI: 10.1109/ SECPRI.2001.924286
  17. Lee W, Stolfo SJ. Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium; San Antonio, TX; 26-29 January 1998. DOI:10.7916/D86D60P8
  18. Apiletti D, Baralis E, Cerquitelli T, D'Elia V. Characterizing network traffic by means of the NetMine framework. Computer Networks. 2009;53(6):774- 789. DOI: 10.1016/j.comnet.2008.12.011
  19. Mannila H, Toivonen H. Discovering generalized episodes using minimal occurrences. In: Proceedings of the 2nd International Conference on References Introductory Chapter: Machine Learning in Misuse and Anomaly Detection DOI: http://dx.doi.org/10.5772/intechopen.92168
  20. Knowledge Discovery in Databases and Data Mining. Portland, OR: ACM; 1996. pp. 146-151
  21. Luo J, Bridges SM. Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection. International Journal of Intelligent Systems. 2000;15(8):687-703
  22. Ghosh AK, Wanken J, Charron F. Detecting anomalous and unknown intrusions against programs. In: Proceedings of the 14th Annual Computer Security Applications Conference (ACSAC'98); Phoenix, AZ;
  23. -10 December 1998. DOI: 10.1109/ CSAC.1998.738646
  24. Ghosh AK, Schwartzbard A, Schatz M. Learning program behavior profiles for intrusion detection. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring; Santa Clara, CL;
  25. Liu Z, Florez G, Bridges SM. A comparison of input representations in neural networks: A case study in intrusion detection. In: Proceedings of the International Joint Conference on Neural Networks (IJCNN'02);
  26. Honolulu, HI; 12-17 May 2002. DOI: 10.1109/IJCNN.2002.1007775
  27. Chen WH, Hsu SH, Shen HP. Application of SVM and ANN for intrusion detection. Computers and Operations Research. 2005;32(10):2617- 2634. DOI: 10.1016/j.cor.2004.03.019
  28. Hu WJ, Liao YH, Vemuri VR. Robust support vector machines for anomaly detection in computer security. In: Proceedings of the International Conference on Machine Learning (ICMLA'03);
  29. Liao YH, Vemuri VR. Use of k-nearest neighbor classifier for intrusion detection. Computers & Security. 2002;21(5):439-448. DOI: 10.1016/S0167-4048(02)00514-X [22] Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: Alternative data models. In: Proceedings of IEEE Symposium on Security and Privacy; Oakland, CA: IEEE; 10-14 May 1999. pp. 133-145. DOI: 10.1109/SECPRI.1999.766910
  30. Qiao Y, Xin XW, Bin Y, Ge S. Anomaly intrusion detection method based on HMM. Electronics Letters. 2002;38(13):663-664. DOI: 10.1049/ el:20020467
  31. Wang W, Guan X, Zhang X, Yang L. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Computers & Security. 2006;25(7):539-550. DOI: 10.1016/j.cose.2006.05.005
  32. Soule K, Salamatian K, Taft N. Combining filtering and statistical methods for anomaly detection. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement. Berkeley, CA: ACM; 19-21 October 2005. pp. 331-344. DOI: 10.1145/1330107.1330147 [26] Portnoy L, Eskin E, Stolfo S. Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA). Philadelphia, PA: ACM; 2001. pp. 5-8. DOI: 10.7916/D8MP5904
  33. Zhang J, Zulkernine M. Anomaly based network intrusion detection with unsupervised outlier detection. In: IEEE International Conference on Communications. Istanbul, Turkey: IEEE; 11-15 June 2006. pp. 2388-2393. DOI: 10.1109/ICC.2006.255127
  34. Zhang J, Zulkernine M, Haque A. Random forest-based network intrusion detection systems. IEEE Transactions Computer and Network Security on Systems, Man, and Cybernetics, Part C: Applications and Reviews. 2008;38(5):649-659. DOI: 10.1109/ TSMCC.2008.923876
  35. Eskin E. Anomaly detection over noisy data using learned probability distribution. In: Proceedings of the 17 th International Conference on Machine Learning (ICML'00). Stanford, CA: ACM; 29 June-2 July 2000. pp. 255-262. DOI: 10.7916/D8C53SKF
  36. Ye N, Li X, Chen Q , Emran SM, Xu M. Probabilistic techniques for intrusion detection based on computer audit data. IEEE Transactions on Systems, Man, and Cybernetics -Part A: Systems and Humans. 2001;31(4):266-
  37. DOI: 10.1109/3468.935043
  38. Feinstein L, Schnackenberg D, Balupari R, Kindred D. Statistical approaches to DDoS attack detection and response. In: Proceedings of DARPA Information Survivability Conference and Exposition. Washington, DC: IEEE; 2003. pp. 303-314. DOI: 10.1109/ DISCEX.2003.1194894
  39. Yamanishi K, Takeuchi JI. Discovering outlier filtering rules from unlabeled data: Combining a supervised learner with an unsupervised learner. In: Proceedings of the 7th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining; Edmonton, Canada; 2001. pp. 389-394. DOI: 10.1145/502512.502570
  40. Yamanishi K, Takeuchi J, Williams G, Milne P. On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms. Data Mining and Knowledge Discovery. 2004;8(3):275- 300. DOI: 10.1023/B:DAMI.000002367
  41. Mahoney MV, Chan PK. Learning nonstationary models of normal network traffic for detecting novel attacks. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Edmonton, Alberta, Canada: ACM; 23-26 July 2002. pp. 376-386. DOI: 10.1145/775047.775102
  42. Ye N, Emran SM, Chen Q , Vibert S. Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Transactions on Computers. 2002;51(7):810-820. DOI: 10.1109/TC.2002.1017701
  43. Zhang J, Zulkernine M. Anomaly based network intrusion detection with unsupervised outlier detection. In: Proceedings of the IEEE International Conference on Communications (ICC'06);
  44. Istanbul, Turkey; 11-15 June 2006. DOI: 10.1109/ICC.2006.255127
  45. Barbara D, Couto J, Jajodia S, Wu N. ADAM: A testbed for exploring the use of data mining in intrusion detection. In: Proceedings of the ACM SIGMOD; Santa Barbara, CL; 2001. DOI: 10.1145/604264.604268
  46. Zhang J, Zulkernine M. A hybrid network intrusion detection technique using random forests. In: Proceedings of the 1st International Conference on Availability, Reliability, and Security (ARES'06). Vienna, Austria: IEEE; 20-22 April 2006. DOI: 10.1109/ ARES.2006.7
  47. Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system (NIDES)-A summary. Technical Report SRI-CSL-95-07, SRI; 1995 [40] Agrawal R, Gehrke J, Gunopulos D, Raghavan P. Automatic subspace clustering of high dimensional data for data mining applications. In: Proceedings of ACM SIGMOD. Seattle, WA: ACM; 1998. pp. 94-105. DOI: 10.1145/276305.276314
  48. Sen J, Sengupta I. Autonomous agent-based distributed fault-tolerant Introductory Chapter: Machine Learning in Misuse and Anomaly Detection DOI: http://dx.doi.org/10.5772/intechopen.92168 intrusion detection system. In: Proceedings of the 2 nd International Conference on Distributed Computing and Internet Technology (ICDCIT'05).
  49. Bhubaneswar, India: Springer; LNCS Vol. 3186; 22-24 December 2005. pp. 125-131. DOI: 10.1007/11604655_16
  50. Sen J, Chowdhury PR, Sengupta I. An intrusion detection framework in wireless ad hoc network. In: Proceedings of the International Conference on Computer and Communication Engineering (ICCCE'06);
  51. KL, Malaysia; 10-12 May 2006
  52. Sen J, Sengupta I, Chowdhury PR. An architecture of a distributed intrusion detection system using cooperating agents. In: Proceedings of the International Conference on Computing and Informatics (ICOCI'06). KL, Malaysia: IEEE; 6-8 June 2006. pp. 1-6. DOI: 10.1109/ ICOCI.2006.5276474