Encyclopedia of Machine Learning

2010 Edition
| Editors: Claude Sammut, Geoffrey I. Webb

Machine Learning for IT Security

  • Philip K. Chan
Reference work entry
DOI: https://doi.org/10.1007/978-0-387-30164-8_505


The prevalence of information technology (IT) across all segments of society, greatly improves the accessibility of information, however, it also provides more opportunities for individuals to act with malicious intent. Intrusion detection is the task of identifying attacks against computer systems and networks. Based on data/behavior observed in the past, machine learning methods can automate the process of building detectors for identifying malicious activities.

Motivation and Background

Cyber security often focuses on preventing attacks using authentication, filtering, and encryption techniques, but another important facet is detecting attacks once the preventive measures are breached. Consider a bank vault: thick steel doors prevent intrusions, while motion and heat sensors detect intrusions. Prevention and detection complement each other to provide a more secure environment.

How do we know if an attack has occurred or has been attempted? This requires analyzing huge...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. Anderson, D., Lunt, T., Javitz, H., Tamaru, A., & Valdes, A. (1995). Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-06, SRI.Google Scholar
  2. Apap, F., Honig, A., Hershkop, S., Eskin, E., & Stolfo, S. (2002). Detecting malicious software by monitoring anomalous windows registry accesses. In Proceeding of fifth international symposium on recent advances in intrusion detection (RAID), (pp. 16–18). Zurich, Switzerland.Google Scholar
  3. Bratko, A., Filipic, B., Cormack, G., Lynam, T., & Zupan, B. (2006). Spam filtering using statistical data compression models. Journal of Machine Learning Research, 7, 2673–2698.MathSciNetGoogle Scholar
  4. Fumera, G., Pillai, I., & Roli, F. (2006). Spam filtering based on the analysis of text information embedded into images. Journal of Machine Learning Research, 7, 2699–2720.Google Scholar
  5. Ghosh, A., & Schwartzbard, A. (1999). A study in using neural networks for anomaly and misuse detection. In Proceeding of 8th USENIX security symposium (pp. 141–151). Washington, DC.Google Scholar
  6. Lane, T., & Brodley, C. (1999). Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 2(3), 295–331.Google Scholar
  7. Lee, W., Stolfo, S., & Mok, K. (1999). A data mining framework for building intrusion detection models. In IEEE symposium on security and privacy (pp. 120–132).Google Scholar
  8. Mahoney, M., & Chan, P. (2003). Learning rules for anomaly detection of hostile network traffic. In Proceeding of IEEE international conference data mining (pp. 601–604). Melbourne, FL.Google Scholar
  9. Maxion, R., & Townsend, T. (2002). Masquerade detection using truncated command lines. In Proceeding of international conferernce dependable systems and networks (DSN) (pp. 219–228). Washington, DC.Google Scholar
  10. Schultz, M., Eskin, E., Zadok, E., & Stolfo, S. (2001). Data mining methods for detection of new malicious executables. In Proceeding of IEEE symposium security and privacy (pp. 38–49). Oakland, CA.Google Scholar
  11. Sekar, R., Bendre, M., Dhurjati, D., & Bollinen, P. (2001). A fast automaton-based method for detecting anomalous program behaviors. In Proceeding of IEEE symposium security and privacy (pp. 144–155). Oakland, CA.Google Scholar
  12. Warrender, C., Forrest, S., & Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In IEEE symposium on security and privacy (pp. 133–145). Los Alamitos, CA.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  • Philip K. Chan

There are no affiliations available