Abstract
This paper describes results concerning the classification capability of unsupervised and supervised machine learning techniques in detecting intrusions using network audit trails. In this paper we investigate well known machine learning techniques: Frequent Pattern Tree mining (FP-tree), classification and regression tress (CART), multivariate regression splines (MARS) and TreeNet. The best model is chosen based on the classification accuracy (ROC curve analysis). The results show that high classification accuracies can be achieved in a fraction of the time required by well known support vector machines and artificial neural networks. TreeNet performs the best for normal, probe and denial of service attacks (DoS). CART performs the best for user to super user (U2su) and remote to local (R2L).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mukkamala, S., Janowski, G., Sung, A.H.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE International Joint Conference on Neural Networks 2002, pp. 1702–1707. IEEE press, Los Alamitos (2002)
Fugate, M., Gattiker, J.R.: Computer Intrusion Detection with Classification and Anomaly Detection, Using SVMs. International Journal of Pattern Recognition and Artificial Intelligence 17(3), 441–458 (2003)
Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anamoly Detection in Computer Security. In: International Conference on Machine Learning, pp. 168–174 (2003)
Heller, K.A., Svore, K.M., Keromytis, A.D., Stolfo, S.J.: One Class Support Vector Machines for Detecting Anomalous Window Registry Accesses. In: Proceedings of IEEE Conference Data Mining Workshop on Data Mining for Computer Security (2003)
Lazarevic, A., Ertoz, L., Ozgur, A., Srivastava, J., Kumar, V.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proceedings of Third SIAM Conference on Data Mining (2003)
Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academics, Transportation Research Record No: 1822, 33–39 (2003)
Stolfo, S.J., Wei, F., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection. Results from the JAM Project (1999)
Mukkamala, S., Ribeiro, B., Sung, A.H.: Model Selection for Kernel Based Intrusion Detection Systems. In: Proceedings of International Conference on Adaptive and Natural Computing Algorithms (ICANNGA), pp. 458–461. Springer, Heidelberg (2005)
Han, J., Pei, J., Yin, Y.: Mining Frequent Patterns Without Candidate Generation. In: Proceedings of ACM SIGMOD International Conference on Management of Data (SIGMOD 2000), pp. 1–12 (2000)
Hastie, T., Tibshirani, R., Friedman, J.H.: The elements of statistical learning: Data mining, inference, and prediction. Springer, Heidelberg (2001)
Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and regression trees. Wadsworth and Brooks/Cole Advanced Books and Software (1986)
Salford Systems. TreeNet, CART, MARS Manual
Friedman, J.H.: Stochastic Gradient Boosting. Journal of Computational Statistics and Data Analysis 38, 367–378 (2002)
Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (MIT) (1998)
Webster, S.E.: The Development and Analysis of Intrusion Detection Algorithms. Master’s Thesis, MIT (1998)
Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3, 227–261 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mukkamala, S., Xu, D., Sung, A.H. (2006). Intrusion Detection Based on Behavior Mining and Machine Learning Techniques. In: Ali, M., Dapoigny, R. (eds) Advances in Applied Artificial Intelligence. IEA/AIE 2006. Lecture Notes in Computer Science(), vol 4031. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11779568_67
Download citation
DOI: https://doi.org/10.1007/11779568_67
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35453-6
Online ISBN: 978-3-540-35454-3
eBook Packages: Computer ScienceComputer Science (R0)