Skip to main content
SpringerLink
Log in

Intrusion Detection Based on Behavior Mining and Machine Learning Techniques

  • Conference paper
Advances in Applied Artificial Intelligence (IEA/AIE 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4031))

Abstract

This paper describes results concerning the classification capability of unsupervised and supervised machine learning techniques in detecting intrusions using network audit trails. In this paper we investigate well known machine learning techniques: Frequent Pattern Tree mining (FP-tree), classification and regression tress (CART), multivariate regression splines (MARS) and TreeNet. The best model is chosen based on the classification accuracy (ROC curve analysis). The results show that high classification accuracies can be achieved in a fraction of the time required by well known support vector machines and artificial neural networks. TreeNet performs the best for normal, probe and denial of service attacks (DoS). CART performs the best for user to super user (U2su) and remote to local (R2L).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mukkamala, S., Janowski, G., Sung, A.H.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE International Joint Conference on Neural Networks 2002, pp. 1702–1707. IEEE press, Los Alamitos (2002)

    Google Scholar 

  2. Fugate, M., Gattiker, J.R.: Computer Intrusion Detection with Classification and Anomaly Detection, Using SVMs. International Journal of Pattern Recognition and Artificial Intelligence 17(3), 441–458 (2003)

    Article  Google Scholar 

  3. Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anamoly Detection in Computer Security. In: International Conference on Machine Learning, pp. 168–174 (2003)

    Google Scholar 

  4. Heller, K.A., Svore, K.M., Keromytis, A.D., Stolfo, S.J.: One Class Support Vector Machines for Detecting Anomalous Window Registry Accesses. In: Proceedings of IEEE Conference Data Mining Workshop on Data Mining for Computer Security (2003)

    Google Scholar 

  5. Lazarevic, A., Ertoz, L., Ozgur, A., Srivastava, J., Kumar, V.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proceedings of Third SIAM Conference on Data Mining (2003)

    Google Scholar 

  6. Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academics, Transportation Research Record No: 1822, 33–39 (2003)

    Google Scholar 

  7. Stolfo, S.J., Wei, F., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection. Results from the JAM Project (1999)

    Google Scholar 

  8. Mukkamala, S., Ribeiro, B., Sung, A.H.: Model Selection for Kernel Based Intrusion Detection Systems. In: Proceedings of International Conference on Adaptive and Natural Computing Algorithms (ICANNGA), pp. 458–461. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Han, J., Pei, J., Yin, Y.: Mining Frequent Patterns Without Candidate Generation. In: Proceedings of ACM SIGMOD International Conference on Management of Data (SIGMOD 2000), pp. 1–12 (2000)

    Google Scholar 

  10. Hastie, T., Tibshirani, R., Friedman, J.H.: The elements of statistical learning: Data mining, inference, and prediction. Springer, Heidelberg (2001)

    Book  Google Scholar 

  11. Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and regression trees. Wadsworth and Brooks/Cole Advanced Books and Software (1986)

    Google Scholar 

  12. Salford Systems. TreeNet, CART, MARS Manual

    Google Scholar 

  13. Friedman, J.H.: Stochastic Gradient Boosting. Journal of Computational Statistics and Data Analysis 38, 367–378 (2002)

    Article  MATH  Google Scholar 

  14. Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (MIT) (1998)

    Google Scholar 

  15. Webster, S.E.: The Development and Analysis of Intrusion Detection Algorithms. Master’s Thesis, MIT (1998)

    Google Scholar 

  16. Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3, 227–261 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Complex Additive Systems and Analysis, Department of Computer Science, New Mexico Tech, Socorro, NM, 87801

    Srinivas Mukkamala, Dennis Xu & Andrew H. Sung

Authors
  1. Srinivas Mukkamala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dennis Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrew H. Sung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Texas State University-San Marcos, Nueces 247, 601 University Drive, 78666-4616, San Marcos, TX, USA

    Moonis Ali

  2. ESIA Laboratoire d’Informatique, Sytèmes, Traitement de l’Information et de la Connaissance, Université de Savoie, B.P. 806, F-74016, ANNECY Cedex, France

    Richard Dapoigny

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mukkamala, S., Xu, D., Sung, A.H. (2006). Intrusion Detection Based on Behavior Mining and Machine Learning Techniques. In: Ali, M., Dapoigny, R. (eds) Advances in Applied Artificial Intelligence. IEA/AIE 2006. Lecture Notes in Computer Science(), vol 4031. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11779568_67

Download citation

  • DOI: https://doi.org/10.1007/11779568_67

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35453-6

  • Online ISBN: 978-3-540-35454-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation