Abstract
In the last years, people have been seeing the pervasive use of computer, communication technology and Internet, e.g., e-mail, online shopping, banking, gaming, Internet telephony, streaming. Unfortunately, the reliability of the Internet and its services, and in general Information and Communication Technology (ICT) devices, is undermined by insecurity issues. On the other hand, machine learning and soft computing techniques have been widely applied to disparate fields, becoming, in several cases, the leading technology. The aim of the work is to investigate the trends of the machine learning (ML) and soft computing (SC) methodologies for ICT security. In particular, it overviews ML and SC applications for three hot topics in ICT security: password-based schemes for access control, intrusion detection and spam filtering.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
WHID (Web-Hacking-Incident-Database) 2007 report is available on http://www.webappsec.org/projects/whid/statistics.shtml.
The entropy of a character set can be calculated by using Shannon estimation H = − ∑ P(x)log2 (P(x)−1 ) where x ∈ Character set.
In K-fold cross-validation the training set is partitioned into K subsets. Of the K subsets, a single subset is retained as the validation data for testing the model, and the remaining K − 1 subsets are used as training data. The cross-validation process is then repeated K times, i.e. the folds, with each of the K subsets used exactly once as the validation data. The K results from the folds then can be averaged to produce a single estimation.
Novelty detection is the identification of new or unknown data that a machine learning based system is not aware of during its training (Markov and Singh 2003).
Decision trees with a root node and two leaf nodes.
In linguistics the lemma of a word is the word that is conventionally chosen to represent all flexed forms of a given term. For instance, the lemma of the verb "am" is "to be".
OCR stands for Optical Character Recognizer.
References
Abraham A, Jain R (2005) Soft computing models for network intrusion detection systems. In: Classification and clustering for knowledge discovery. Springer, Berlin, pp 191–207
Abraham A, Jain R, Thomas J, Han SY (2007) D-scids: distributed soft computing intrusion detection system. J Netw Comput Appl 30(1):81–89
Al-Subaie M, Zulkernine M (2007) The power of temporal pattern processing in anomaly intrusion detection. In: IEEE international conference on communications (ICC’07), pp 1391–1398
Aradhye H, Myers G, Herson J (2005) Image analysis for efficient categorization of image-based spam e-mail. In: Proceedings of the international conference on document analysis and recognition, pp 914–918
Barreno M, Nelson B, Joseph AD, Tygar JD (2010) The security of machine learning. Mach Learn 81:121–148
Bergadano F, Crispo B, Ruffo G (1998) High dictionary compression for proactive password checking. ACM Trans Inform Syst Secur 1(1):3–25
Bezdek JC (1981) Pattern recognition with fuzzy objective function algorithms. Plenum Press, New York
Bishop C (1995) Neural networks for pattern recognition. Cambridge University Press, Cambridge
Bishop C (2006) Pattern recognition and machine learning. Springer, Berlin
Blundo C, D’Arco P, De Santis A, Galdi C (2002) A novel approach to proactive password checking. In: Proceedings of INFRASEC 2002. LNCS, vol 2437. Springer, Berlin, pp 30–39
Blundo C, D’Arco P, De Santis A, Galdi C (2004) Hippocrates: a new proactive password checker. J Syst Softw 71(1–2):163–175
Carreras X, Marquez L (2001) Boosting trees for anti-spam email filtering. In: Proceedings of the 4th international conference on recent advances in natural language processing, pp 58–64
Castiglione A, De Santis A, Fiore U, Palmieri F (2011) An asynchronous covert channel using spam. Comput Math Appl (in press)
Chan APF, Ng WWY, Yeung DS, Tsang ECC (2005) Comparison of different fusion approaches for network intrusion detection using ensemble of rbfnn. In: Proceedings of international conference on machine learning and cybernetics, pp 3846–3851
Cheng E, Jin H, Han Z, Sun J (2005) Network-based anomaly detection using an elman network. In: Proceedings of INFRASEC 2002. LNCS, vol 3619. Springer, Berlin, pp 471–480
Cho S, Han C, Han DH, Kim H-I (2000) Web based keystroke dynamics identity verification using neural network. J Org Comput Electr Comm 10(4):295–307
Ciaramella A, D’Arco P, De Santis A, Galdi C, Tagliaferri R (2006a) Neural network techniques for proactive password checking. IEEE Trans Dependable Secur Comput 3(4):327–339
Ciaramella A, Tagliaferri R, Pedrycz W, Di Nola A (2006b) Fuzzy relational neural network. Int J Approx Reason 41(2):146–163
Clark J, Koprinska I, Poon J (2003) A neural network based approach to automated e-mail classification. In: Proceedings of the IEEE/WIC international conference on web intelligence
Cormen TH, Leiserson CE, Rivest RL, Stein C (2009) Introduction to algorithms. MIT Press, Cambridge
Dainotti A, Pescapé A, Rossi PS, Palmieri F, Ventre G (2008) Internet traffic modeling by means of hidden markov models. Comput Netw 52(14):2645–2662
de Castro LN, Timmis J (2002) Artificial immune systems: a new computational intelligence method. Springer, Berlin
de Oliveira M, Kinto VSE, Hernandez EDM, de Carvalho TC (2005) User authentication based on human typing patterns with artificial neural networks and support vector machines. In: Proceedings of SBC 2005
de Ru WG, Eloff J (1997) Enhanced password authentication through fuzzy logic. IEEE Expert 12(6):38–45
Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw 31(9):805–822
Drucker H, Wu D, Vapnik VN (1999) Support vector machines for spam categorization. IEEE Trans Neural Netw 10(5):1048–1054
Duda RO, Hart PE, Stork DG (2000) Pattern classification. Wiley, New York
Farid DM, Rahman MZ (2008) Learning intrusion detection based on adaptive bayesian algorithm. In: Proceedings of International Conference on Computer and Information Technology (ICCIT 2008), pp 652–656
Fawcett T (2003) In: “vivo” spam filtering: a challenge problem for kdd. SIGKDD Explor 5(2):140–148
Freund Y, Schapire RE (1996) Experiments with a new boosting algorithm. In: Proceedings of international conference in machine learning, pp 138–146
Fumera G, Pillai I, Roli F (2006) Spam filtering based on the analysis of text informations embedded into images. J Mach Learn Res 7:2699–2720
Gabrilovitch E, Markovitch S (2007) Harnessing the expertise of 70000 human editors: knowledge-based feature generation of text categorization. J Mach Learn Res 8:2297–2345
Gao D, Reiter MK, Song DX (2006) Behavioral distance measurement using hidden markov models. In: Proceedings of 9th international symposium recent advances in intrusion detection, pp 19–40
Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th USENIX security symposium, pp 141–152
Ghosh AK, Wanken J, Charron F (1998) Detecting anomalous and unknown intrusions against programs. In: Proceedings of the 14th annual computer security applications conference (ACSAC’98), pp 259–267
Goodman J, Cormack GV, Heckerman D (2007) Spam and the ongoing battle for the inbox. Commun ACM 50(2):24–33
Goodman J, Yih W (2006) Online discriminative spam filter training. In: Proceedings of third conference on Email and anti spam
Gudadhe M, Prasad P, Wankhade K (2010) A new data mining network intrusion detection model. In: Proceedings of the international conference on computer and communication technology, pp 731–735
Guzella TS, Caminhas WM (2009) A review of machine learning approaches to spam filtering. Expert Syst Appl 36(7):10206–10222
Haider S, Abbas A, Zaidi AK (2000) A multi-technique approach for user identification through keystroke dynamics. In: Proceedings of the IEEE international conference on systems, man and cybernetics, pp 1336–1341
Han SJ, Cho SB (2006) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybern Part B Cybern 36(3):559–570
Hastie T, Tibshirani RJ, Friedman J (2001) The elements of statistical learning. Springer, Berlin
Haykin S (1998) Neural networks: a comprehensive foundation. Prentice Hall, Englewood Cliffs
Hoanca B (2006) How goods are our weapons in the spam wars? IEEE Technol Soc Mag 25(1):22–30
Hofmann A, Schmitz C, Sick B (2003) Rule extraction from neural networks for intrusion detection in computer networks. In: Proceedings of the IEEE international conference on systems, man and cybernetics, pp 1259–1265
Hoglund AJ, Hatonen K, Sorvari AS (2000) A computer host-based user anomaly detection system using the self-organizing map. In: Proceedings of the IEEE INNS-ENNS international joint conference on neural networks (IJCNN’00), pp 411–416
Hu W, Hu W, Maybank S (2008) Adaboost-based algorithm for network intrusion detection. IEEE Trans Syst Man Cybern Part B Cybern 38(2): 577–583
Hussien B, Bleha S, McLaren R (1989) An application of fuzzy algorithms in a computer access security system. Patt Recogn Lett 9:39–43
Hyvärinen A, Karhunen J, Oja E (2001) Independent component analysis. Wiley, New York
Jamuna KS, Karpagavalli S, Vijaya MS (2009) Novel approach for password strength analysis through support vector machine. Int J Recent Trends Eng 2(1):79–82
Jiang S, Song X, Wang H, Han J, Li Q (2006) A clustering-based method for unsupervised intrusion detection. Patt Recogn Lett 27(7):802–810
Kang P, Hwang S, Cho S (2007) Continual retraining of keystroke dynamics based authenticator. In: Proceedings of the 2nd International Conference on Biometrics (ICB’ 07). Springer, Berlin, pp 1203–1211
Killourhy KS, Maxion RA (2009) Comparing anomaly-detection algorithms for keystroke dynamics. In: IEEE/IFIP International conference on dependable systems & networks, pp 125–134
Kruegel C, Valeur F, Vigna G (2004) Intrusion detection and challenges and solutions. Springer, Berlin
Kurose JF, Ross KW (2010) Computer networking. Addison Wesley, Reading
Li L-H, Lin I-C, Hwang M-S (2001) A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504
Lin DT (1997) Computer-access authentication with neural network based keystroke identity verification. In: Proceedings of international Conference on Neural Networks, pp 174–178
Lin C-T, Lee CSG (1996) Neural fuzzy systems. Prentice Hall, Englewood Cliffs
Liu G, Yi Z, Yang S (2007) A hierarchical intrusion detection model based on the pca neural networks. Neurocomputing 70:1561–1560
Markov M, Singh S (2003) Novelty detection: a review, part 1: statistical approaches. Signal Process 83:2481–2497
Mill J, Inoue A (2004) Support vector classifiers and network intrusion detection. In: Proceedings of international conference on fuzzy systems, pp 407–410
Mitchell M (1996) An introduction to genetic algorithms. MIT Press, Cambridge
Mukkamala S, Janoski G, Sung AH (2002) Intrusion detection using neural networks and support vector machines. In: Proceedings of the international joint conference on neural networks, pp 1702–1707
Oda T, White T (2003) Developing an immunity to spam. In: GECCO’03 Proceedings of the 2003 international conference on genetic and evolutionary computation, Part I. LNCS, vol 2723, Springer, pp 231–242
Owezarski P, Mazel J, Labit Y (2010) 0day anomaly detection made possible thanks to machine learning. In: Proceedings of the 8th international conference on WWIC 2010, pp 327–338
Panda M, Patra M (2009a) Ensembling rule based classifiers for detecting network intrusions. In: Proceedings of the international conference on advances in recent technologies in communication and computing, pp 19–22
Panda M, Patra M (2009b) Evaluating machine learning algorithms for detecting network intrusions. Int J Recent Trends Eng 1:472–477
Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51:3448–3470
Pawlak Z (1982) Rough sets. Int J Parall Program 11(5):341–356
Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132
Platt JC (1999) Fast training of support vector machines using sequential minimal optimization. In: Advances in Kernel methods, pp 185–208. MIT Press, Cambridge
Porter MF (1980) An algorithm for suffix stripping. Program 14(3):77–84
Qiao Y, Xin XW, Bin Y, Ge S (2002) Anomaly intrusion detection method based on hmm. IEEE Electr Lett 38(13):663–664
Rabiner L (1989) A tutorial on hidden markov models and selected applications in speech recognition. In: Readings in speech recognition, pp 267–299
Rapaka A, Novokhodko A, Wunsch D (2003) Intrusion detection using radial basis function network on sequence of system calls. In: Proceedings of the international joint conference on neural networks, pp 1820–1825
Ren X, Wang R, Zhou H (2009) Intrusion detection method using protocol classification and rough set based support vector machine. Comput Inform Sci 2(4):100–108
Revett K, Gorunescu F, Gorunescu M, Ene M, de Magalhaes ST, Santos HMD (2007) A machine learning approach to keystroke dynamics based user authentication. Int J Electr Secur Dig Forens 1(1):55–70
Revett K, Magalhaes S, Santos H (2005) Developing a keystroke dynamics based agent using rough sets. In: The 2005 IEEE/WIC/ACM international joint conference on web intelligence and intelligent agent technology Compiegne, pp 56–61
Reyhani SZ, Mahdavi M (2007) User authentication using neural network in smart home networks. Int J Smart Home 1(2):147–154
Ruffo G, Bergadano F (2005) Enfilter: a password enforcement and filter tool based on pattern recognition techniques. In: 13th international conference of image processing (ICIAP 2005). LNCS, vol 3617, Springer, Berlin, pp 75–82
Ryan J, Lin MJ, Miikkulainen R (1998) Intrusion detection with neural networks. In: Advances in neural information processing systems, vol 10. MIT Press, Cambridge, pp 943–949
Salem O, Hossain A, Kamala M (2008) Intelligent system to measure the strength of authentication. In: Proceedings of 3rd international conference on information and communication technologies: from theory to applications, pp 1–6
Salton G, Wong A, Yang CS (1975) A vector-space model for automatic indexing. Commun ACM 18(11):613–620
Sang Y, Shen H, Fan P (2005) Novel impostors detection in keystroke dynamics using support vector machines. In: Parallel and distributed computing: applications and technologies, pp 666–669. LNCS, vol 3320. Springer, Berlin
Sarasamma ST, Zhu QA, Huff J (2005) Hierarchical kohonen net for anomaly detection in network security. IEEE Trans Syst Man Cybern Part B Cybern 35(2):302–312
Schapire RE (1990) The strength of weak learnability. Mach Learn 5(2):197–227
Sebastiani F (2002) Machine learning in automated text categorization. ACM Comput Surv 34(1):1–47
Shawe-Taylor J, Cristianini N (2004) Kernel methods for pattern analysis. Cambridge University Press, Cambridge
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inform Sci 177:3799–3821
Sibai FN, Shehhi A, Shehhi S, Shehhi B, Salami N (2008) Secure password detection with artificial neural networks. In: Proceedings of the international conference on innovations in information technology, pp 628–632
Sibai FN, Shehhi A, Shehhi S, Shehhi B, Salami N (2009) Designing and training feed-forward artificial neural networks for secure access authorization. In: Pattern recognition. InTech, Rijeka, pp 666–669
Singh MK (2009) Password based a generalize robust security system design using neural network. Int J Comput Sci Iss 4(2):1–9
Siripanwattana W, Srinoy S (2008) Information security based soft computing techniques. In: Proceedings of international multiConference of engineers and computer scientists
Sperotto A, Sadre R, de Boer P-T, Pras A (2009) Hidden markov model modeling of ssh brute-force attacks. In: Proceedings of the 20th IFIP/IEEE international workshop on distributed systems: operations and management: integrated management of systems, services, processes and people in IT, pp 164–176
Srinoy S, Kurutach W, Chimphlee W, Chimphlee S (2005) Network anomaly detection using soft computing. World Acad Sci Eng Technol 9:140–144
Stahl B, Elizondo D, Carroll-Mayer M, Zheng Y, Wakunuma K (2010) Ethical and legal issues of the use of computational intelligence techniques in computer security and computer forensics. In: Proceedings of The 2010 international joint conference on neural networks (IJCNN), pp 1–8
Stern H (2008) A survey of modern tools. In: Proceedings of the fifth conference on email and anti-spam
Suganya G, Karpgavalli S, Christina V (2010) Proactive password strength analyzer using filters and machine learning techniques. Int J Comput Appl 7(14):1–5
Sung KS, Cho S (2006) Ga svm wrapper ensemble for keystroke dynamics authentication. In: International conference on Biometrics, pp 654–660
Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of the 2003 symposium on applications and the internet, pp 209–216
Talbot D (2008) Where spam is born. Technol Rev 111(3):28–28
Tan K (1995) The application of neural networks to unix computer security. In: Proceedings of IEEE international Conference on Neural Networks, pp 476–481
Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30:2201–2212
Tsai C, Hsu Y, Lin C, Lin W (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36:11994–12000
Vijaya MS, Jamuna KS, Karpagavalli S (2009) Password strength prediction using supervised machine learning techniques. In: 2009 international conference on advances in computing, control, and telecommunication technologies, pp 401–405
Wang S, Wang H (2008) Password authentication using hopfield neural networks. IEEE Trans Syst Man Cybern Part C Appl Rev 38(2):265–268
Wang W, Guan X, Zhang X, Yang L (2006) Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Comput Secur 25(7):539–550
Weiser M (1991) The computer for the twenty-first century. Scientific American, New York, pp 94–100
Wright CV, Monrose F, Masson GM (2004) Hmm profiles for network traffic classification. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security (VizSEC/DMSEC’04), pp 9–15
Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10:1–35
Wu C-T, Cheng K-T, Zhu Q, Wu Y-L (2005) Using visual features for anti-spam filtering. In: Proceedings of the IEEE international conference on image processing, pp 509–512
Yu E, Cho S (2004) Keystroke dynamics identity verification problems and practical solutions. Comput Secur 23(5):428–440
Zadeh LH (1994) Fuzzy logic, neural networks and soft computing. Commun ACM 37(3):77–84
Zhang C, Jiang J, Kamel M (2005) Intrusion detection using hierarchical neural networks. Patt Recogn Lett 26(6):779–791
Zhang L, Zhu J, Yao T (2004) An evaluation of statistical spam filtering techniques. ACM Trans Asian Lang Inform Process 3(4):243–269
Zhang Z, Shen H (2004) Online training of svms for real-time intrusion detection. In: Proceedings of the 18th international conference on advanced information networking and applications, pp 568–573
Zhao W, Zhang Z (2005) An email classification model based on rough set theory. In: Proceedings of the international conference on active media technology
Zhao Y (2006) Learning user keystroke patterns for authentication. World Academy of Science Engineering and Technology, vol 14
Zorkadis V, Karras DA (2006) Efficient information theoretic extraction of higher order feature for improving neural network-based spam e-mail categorization. J Exp Theor Artif Intell 18(4):523–534
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Camastra, F., Ciaramella, A. & Staiano, A. Machine learning and soft computing for ICT security: an overview of current trends. J Ambient Intell Human Comput 4, 235–247 (2013). https://doi.org/10.1007/s12652-011-0073-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-011-0073-z