Definition
The prevalence of information technology (IT) across all segments of society, greatly improves the accessibility of information, however, it also provides more opportunities for individuals to act with malicious intent. Intrusion detection is the task of identifying attacks against computer systems and networks. Based on data/behavior observed in the past, machine learning methods can automate the process of building detectors for identifying malicious activities.
Motivation and Background
Cyber security often focuses on preventing attacks using authentication, filtering, and encryption techniques, but another important facet is detecting attacks once the preventive measures are breached. Consider a bank vault: thick steel doors prevent intrusions, while motion and heat sensors detect intrusions. Prevention and detection complement each other to provide a more secure environment.
How do we know if an attack has occurred or has been attempted? This requires analyzing huge...
Recommended Reading
Anderson, D., Lunt, T., Javitz, H., Tamaru, A., & Valdes, A. (1995). Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). Technical Report SRI-CSL-95-06, SRI.
Apap, F., Honig, A., Hershkop, S., Eskin, E., & Stolfo, S. (2002). Detecting malicious software by monitoring anomalous windows registry accesses. In Proceeding of fifth international symposium on recent advances in intrusion detection (RAID), (pp. 16–18). Zurich, Switzerland.
Bratko, A., Filipic, B., Cormack, G., Lynam, T., & Zupan, B. (2006). Spam filtering using statistical data compression models. Journal of Machine Learning Research, 7, 2673–2698.
Fumera, G., Pillai, I., & Roli, F. (2006). Spam filtering based on the analysis of text information embedded into images. Journal of Machine Learning Research, 7, 2699–2720.
Ghosh, A., & Schwartzbard, A. (1999). A study in using neural networks for anomaly and misuse detection. In Proceeding of 8th USENIX security symposium (pp. 141–151). Washington, DC.
Lane, T., & Brodley, C. (1999). Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 2(3), 295–331.
Lee, W., Stolfo, S., & Mok, K. (1999). A data mining framework for building intrusion detection models. In IEEE symposium on security and privacy (pp. 120–132).
Mahoney, M., & Chan, P. (2003). Learning rules for anomaly detection of hostile network traffic. In Proceeding of IEEE international conference data mining (pp. 601–604). Melbourne, FL.
Maxion, R., & Townsend, T. (2002). Masquerade detection using truncated command lines. In Proceeding of international conferernce dependable systems and networks (DSN) (pp. 219–228). Washington, DC.
Schultz, M., Eskin, E., Zadok, E., & Stolfo, S. (2001). Data mining methods for detection of new malicious executables. In Proceeding of IEEE symposium security and privacy (pp. 38–49). Oakland, CA.
Sekar, R., Bendre, M., Dhurjati, D., & Bollinen, P. (2001). A fast automaton-based method for detecting anomalous program behaviors. In Proceeding of IEEE symposium security and privacy (pp. 144–155). Oakland, CA.
Warrender, C., Forrest, S., & Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In IEEE symposium on security and privacy (pp. 133–145). Los Alamitos, CA.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Chan, P.K. (2011). Machine Learning for IT Security. In: Sammut, C., Webb, G.I. (eds) Encyclopedia of Machine Learning. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-30164-8_505
Download citation
DOI: https://doi.org/10.1007/978-0-387-30164-8_505
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-30768-8
Online ISBN: 978-0-387-30164-8
eBook Packages: Computer ScienceReference Module Computer Science and Engineering