Abstract
Intrusion detection is facing great challenges as network attacks producing massive volumes of data are increasingly sophisticated and heterogeneous. In order to gain much more accurate and reliable detection results, machine learning and visualization techniques have been respectively applied to intrusion detection. In this paper, we review some important work related to machine learning and visualization techniques for intrusion detection. We present a collaborative analysis architecture for intrusion detection tasks which integrate both machine learning and visualization techniques into intrusion detection. We also discuss some significant issues related to the proposed collaborative analysis architecture.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2, 1–41 (2015)
Ektefa, M., Memar, S., Sidi, F., Affendey, L.S.: Intrusion detection using data mining techniques. In: International Conference on Information Retrieval & Knowledge Management, pp. 1–14 (2010)
Nguyen, H.: Reliable machine learning algorithms for intrusion detection systems. Ph.D. thesis, Faculty of Computer Science and Media Technology Gjøvik University College (2012). http://hdl.handle.net/11250/144371. Accessed August 2015, 2.3. 2, 2.4. 2, 2, 5.3. 3
Farah, N., Avishek, M., Muhammad, F., Rahman, A., Rafni, M., Md, D.: Application of machine learning approaches in intrusion detection system: a survey. Int. J. Adv. Res. Artif. Intell. 4, 9–18 (2015)
Kapoor, A., Lee, B., Tan, D., Horvitz, E.: Performance and preferences: interactive refinement of machine learning procedures. In: AAAI Conference on Artificial Intelligence, pp. 113–126 (2015)
Bertini, E., Hertzog, P., Lalanne, D.: SpiralView: towards security policies assessment through visual correlation of network resources with evolution of alarms. In: IEEE Symposium on Visual Analytics Science and Technology, 2007, VAST 2007, pp. 139–146. IEEE (2007)
Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65–72. ACM (2004)
Fischer, F., Fuchs, J., Vervier, P.-A., Mansmann, F., Thonnard, O.: Vistracer: a visual analytics tool to investigate routing anomalies in traceroutes. In: Proceedings of the Ninth International Symposium on visualization for Cyber Security, pp. 80–87. ACM (2012)
Keim, D.A., Munzner, T., Rossi, F., Verleysen, M., Keim, D.A., Verleysen, M.: Bridging information visualization with machine learning. Dagstuhl Rep. 5, 1–27 (2015)
Rieck, K.: Machine learning for application-layer intrusion detection. In: Fraunhofer Institute FIRST and Berlin Institute of Technology, Berlin, Germany (2009)
Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. 3, 227–261 (2000)
Kumarshrivas, A., Kumar Dewangan, A.: An ensemble model for classification of attacks with feature selection based on KDD99 and NSL-KDD data set. Int. J. Comput. Appl. 99, 8–13 (2014)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection. Appl. Data Min. Comput. Sec. 6, 77–101 (2002)
Fan, W., Miller, M., Stolfo, S., Lee, W., Chan, P.: Using artificial anomalies to detect unknown and known network intrusions. In: IEEE International Conference on Data Mining, ICDM, pp. 123–130 (2001)
Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. J. Comput. Virol. 2, 243–256 (2007)
Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. J. Mach. Learn. Res. 9, 23–48 (2008)
Liao, Y., Vemuri, V.R.: Using text categorization techniques for intrusion detection. In: Proceedings of Usenix Security Symposium, pp. 51–59 (2002)
Mahoney, M.V., Chan, P.K.: Learning rules for anomaly detection of hostile network traffic. In: Null, p. 601. IEEE (2003)
Ingham, K.L., Inoue, H.: Comparing anomaly detection techniques for HTTP. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 42–62. Springer, Heidelberg (2007)
Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful intrusion detection for high-speed network’s. In: 2002 IEEE Symposium on Security and Privacy, 2002, Proceedings, pp. 285–293 (2002)
Wang, K., Stolfo, S.J.: One-class training for masquerade detection. In: IEEE Conference Data Mining Workshop on Data Mining for Computer Security (2003)
Rieck, K., Laskov, P.: Detecting unknown network attacks using language models. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 74–90. Springer, Heidelberg (2006)
Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)
Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: ACM Conference on Computer and Communications Security, pp. 251–261 (2003)
Krueger, T., Gehl, C., Rieck, K., Laskov, P.: An architecture for inline anomaly detection. In: 2008 European Conference on Computer Network Defense, pp. 11–18 (2008)
Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. 9, 61–93 (2006)
Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: International Conference on Detection of Intrusions & Malware, pp. 123–140 (2005)
Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: a yacc for writing application protocol parsers. In: ACM SIGCOMM Conference on Internet Measurement, pp. 289–300 (2006)
Borisov, N., Brumley, D.J., Wang, H.J., Dunagan, J., Joshi, P., Guo, C.: Generic application-level protocol analyzer and its language. In: Annual Network and Distributed System Security Symposium (2005)
Wondracek, G., Comparetti, P.M., Krügel, C., Kirda, E.: Automatic network protocol analysis. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)
Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36, 11994–12000 (2009)
Koc, L., Mazzuchi, T.A., Sarkani, S.: A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. Expert Syst. Appl. 39, 13492–13500 (2012)
Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious web content detection by machine learning. Expert Syst. Appl. 37, 55–60 (2010)
Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39, 1822–1829 (2012)
Kang, I., Jeong, M.K., Kong, D.: A differentiated one-class classification method with applications to intrusion detection. Expert Syst. Appl. 39, 3899–3905 (2012)
Grinblat, G.L., Uzal, L.C., Granitto, P.M.: Abrupt change detection with one-class time-adaptive support vector machines. Expert Syst. Appl. 40, 7242–7249 (2013)
Sahin, Y., Bulkan, S., Duman, E.: A cost-sensitive decision tree approach for fraud detection. Expert Syst. Appl. 40, 5916–5923 (2013)
Wu, S.Y., Yen, E.: Data mining-based intrusion detectors. Expert Syst. Appl. 36, 5605–5612 (2009)
Devaraju, S.: Detection of accuracy for intrusion detection system using neural network classifier. In: International Conference on Information, Systems and Computing-ICISC, pp. 1028–1041 (2013)
Wu, H.C., Huang, S.H.S.: Neural networks-based detection of stepping-stone intrusion. Expert Syst. Appl. 37, 1431–1437 (2010)
Min, S.M., Sohn, S.Y., Ju, Y.H.: Random effects logistic regression model for anomaly detection. Pharmacol. Biochem. Behav. 37, 7162–7166 (2010)
Davanzo, G., Medvet, E., Bartoli, A.: Anomaly detection techniques for a web defacement monitoring service. Expert Syst. Appl. 38, 12521–12530 (2011)
Feng, W., Zhang, Q., Hu, G., Huang, J.X.: Mining network data for intrusion detection through combining SVMs with ant colony networks. Future Gener. Comput. Syst. 37, 127–140 (2014)
Ranjan, R., Sahoo, G.: A new clustering approach for anomaly intrusion detection. Eprint Arxiv 4, 29–38 (2014)
Farid, D.M., Zhang, L., Hossain, A., Rahman, C.M., Strachan, R., Sexton, G., Dahal, K.: An adaptive ensemble classifier for mining concept drifting data streams. Expert Syst. Appl. 40, 5895–5906 (2013)
Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing network data. IEEE Trans. Visual. Comput. Graph. 1, 16–28 (1995)
Girardin, L., Brodbeck, D.: A visual approach for monitoring logs. In: LISA, pp. 299–308 (2001)
Zhao, Y., Liang, X., Fan, X., Wang, Y., Yang, M., Zhou, F.: MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data. J. Visual. 17, 181–196 (2014)
Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M.: Large-scale network monitoring for visual analysis of attacks. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 111–118. Springer, Heidelberg (2008)
Tsigkas, O., Thonnard, O., Tzovaras, D.: Visual spam campaigns analysis using abstract graphs representation. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security, pp. 64–71. ACM (2012)
Keim, D.A., Rossi, F., Seidl, T., Verleysen, M., Wrobel, S., Seidl, T.: Information visualization, visual data mining and machine learning. Dagstuhl Rep. 2, 58–83 (2012)
Schulz, A., Gisbrecht, A., Bunte, K., Hammer, B.: How to visualize a classifier. In: New Challenges in Neural Computation, pp. 73–83 (2012)
Schulz, A., Gisbrecht, A., Hammer, B.: Using discriminative dimensionality reduction to visualize classifiers. Neural Process. Lett. 42, 27–54 (2014)
Gisbrecht, A., Schulz, A., Hammer, B.: Discriminative dimensionality reduction for the visualization of classifiers. In: Fred, A., De Marsico, M. (eds.) ICPRAM 2013. AISC, vol. 318, pp. 39–56. Springer, Heidelberg (2015)
Amershi, S., Lee, B., Kapoor, A., Mahajan, R., Christian, B.: CueT: human-guided fast and accurate network alarm triage. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 157–166. ACM (2011)
Kapoor, A., Lee, B., Tan, D., Horvitz, E.: Interactive optimization for steering machine classification. In: SIGCHI Conference on Human Factors in Computing Systems, pp. 1343–1352 (2010)
Amershi, S., Chickering, M., Drucker, S.M., Lee, B., Simard, P., Suh, J.: ModelTracker: redesigning performance analysis tools for machine learning. In: ACM Conference on Human Factors in Computing Systems, pp. 337–346 (2015)
Zhao, Q., Long, J., Fang, F., Cai, Z.: The important features of anomaly detection based on visualization technology. In: Proceedings of the 12th International Conference on Modeling Decisions for Artificial Intelligence (MDAI 2015), Skovde, Sweden (2015)
Abdi, H., Williams, L.J.: Principal component analysis. Wiley Interdisc. Rev. Comput. Stat. 2, 433–459 (2010)
Kruskal, J.B.: Multidimensional scaling by optimizing goodness of fit to a nonmetric hypothesis. Brain Res. 1142, 159–168 (2007)
Saul, L.K., Roweis, S.T.: An Introduction to Locally Linear Embedding. Report at AT&T Labs – Research (2000)
Choi, H., Choi, S.: Robust kernel Isomap. Pattern Recogn. 40, 853–862 (2010)
Cai, Z., Wang, Z., Zheng, K., Cao, J.: A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering. IEEE Trans. Comput. 62(3), 417–427 (2013)
Chen, J., Yin, J., Liu, Y., Cai, Z., Li, M.: Detecting distributed denial of service attack based on address correlation value. J. Comput. Res. Dev. 46(8), 1334–1340 (2009)
Liu, F., Dai, K., Wang, Z., Cai, Z.: Research on the technology of quantitative security evaluation based on fuzzy number arithmetic operation. Fuzzy Syst. Math. 18(4), 51–54 (2004)
Acknowledgements
This work is supported by the National Natural Science Foundation of China under Grant Nos. 61105050, 61379145.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Yu, Y., Long, J., Liu, F., Cai, Z. (2016). Machine Learning Combining with Visualization for Intrusion Detection: A Survey. In: Torra, V., Narukawa, Y., Navarro-Arribas, G., Yañez, C. (eds) Modeling Decisions for Artificial Intelligence. MDAI 2016. Lecture Notes in Computer Science(), vol 9880. Springer, Cham. https://doi.org/10.1007/978-3-319-45656-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-45656-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45655-3
Online ISBN: 978-3-319-45656-0
eBook Packages: Computer ScienceComputer Science (R0)