Machine Learning for IT Security
The prevalence of information technology (IT) across all segments of society, greatly improves the accessibility of information, however, it also provides more opportunities for individuals to act with malicious intent. Intrusion detection is the task of identifying attacks against computer systems and networks. Based on data/behavior observed in the past, machine learning methods can automate the process of building detectors for identifying malicious activities.
Motivation and Background
Cyber security often focuses on preventing attacks using authentication, filtering, and encryption techniques, but another important facet is detecting attacks once the preventive measures are breached. Consider a bank vault: thick steel doors prevent intrusions, while motion and heat sensors detect intrusions. Prevention and detection complement each other to provide a more secure environment.
How do we know if an attack has occurred or has been attempted? This requires analyzing huge...
- Anderson, D., Lunt, T., Javitz, H., Tamaru, A., & Valdes, A. (1995). Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-06, SRI.Google Scholar
- Apap, F., Honig, A., Hershkop, S., Eskin, E., & Stolfo, S. (2002). Detecting malicious software by monitoring anomalous windows registry accesses. In Proceeding of fifth international symposium on recent advances in intrusion detection (RAID), (pp. 16–18). Zurich, Switzerland.Google Scholar
- Fumera, G., Pillai, I., & Roli, F. (2006). Spam filtering based on the analysis of text information embedded into images. Journal of Machine Learning Research, 7, 2699–2720.Google Scholar
- Ghosh, A., & Schwartzbard, A. (1999). A study in using neural networks for anomaly and misuse detection. In Proceeding of 8th USENIX security symposium (pp. 141–151). Washington, DC.Google Scholar
- Lane, T., & Brodley, C. (1999). Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 2(3), 295–331.Google Scholar
- Lee, W., Stolfo, S., & Mok, K. (1999). A data mining framework for building intrusion detection models. In IEEE symposium on security and privacy (pp. 120–132).Google Scholar
- Mahoney, M., & Chan, P. (2003). Learning rules for anomaly detection of hostile network traffic. In Proceeding of IEEE international conference data mining (pp. 601–604). Melbourne, FL.Google Scholar
- Maxion, R., & Townsend, T. (2002). Masquerade detection using truncated command lines. In Proceeding of international conferernce dependable systems and networks (DSN) (pp. 219–228). Washington, DC.Google Scholar
- Schultz, M., Eskin, E., Zadok, E., & Stolfo, S. (2001). Data mining methods for detection of new malicious executables. In Proceeding of IEEE symposium security and privacy (pp. 38–49). Oakland, CA.Google Scholar
- Sekar, R., Bendre, M., Dhurjati, D., & Bollinen, P. (2001). A fast automaton-based method for detecting anomalous program behaviors. In Proceeding of IEEE symposium security and privacy (pp. 144–155). Oakland, CA.Google Scholar
- Warrender, C., Forrest, S., & Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In IEEE symposium on security and privacy (pp. 133–145). Los Alamitos, CA.Google Scholar