Definition
The prevalence of information technology (IT) across all segments of society, greatly improves the accessibility of information, however, it also provides more opportunities for individuals to act with malicious intent. Intrusion detection is the task of identifying attacks against computer systems and networks. Based on data/behavior observed in the past, machine learning methods can automate the process of building detectors for identifying malicious activities.
Motivation and Background
Cyber security often focuses on preventing attacks using authentication, filtering, and encryption techniques, but another important facet is detecting attacks once the preventive measures are breached. Consider a bank vault: thick steel doors prevent intrusions, while motion and heat sensors detect intrusions. Prevention and detection complement each other to provide a more secure environment.
How do we know if an attack has occurred or has been attempted? This requires analyzing huge...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Anderson D, Lunt T, Javitz H, Tamaru A, Valdes A (1995) Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES). Technical report SRI-CSL-95-06, SRI
Apap F, Honig A, Hershkop S, Eskin E, Stolfo S (2002) Detecting malicious software by monitoring anomalous windows registry accesses. In: Proceeding of fifth international symposium on recent advances in intrusion detection (RAID), Zurich, pp 16–18
Bratko A, Filipic B, Cormack G, Lynam T, Zupan B (2006) Spam filtering using statistical data compression models. J Mach Learn Res 7:2673–2698
Fumera G, Pillai I, Roli F (2006) Spam filtering based on the analysis of text information embedded into images. J Mach Learn Res 7:2699–2720
Ghosh A, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: Proceeding of 8th USENIX security symposium, Washington, DC, pp 141–151
Lane T, Brodley C (1999) Temporal sequence learning and data reduction for anomaly detection. ACM Trans Inf Syst Secur 2(3):295–331
Lee W, Stolfo S, Mok K (1999) A data mining framework for building intrusion detection models. In: IEEE symposium on security and privacy, pp 120–132
Mahoney M, Chan P (2003) Learning rules for anomaly detection of hostile network traffic. In: Proceeding of IEEE international conference data mining, Melbourne, pp 601–604
Maxion R, Townsend T (2002) Masquerade detection using truncated command lines. In: Proceeding of international conference dependable systems and networks (DSN), Washington, DC, pp 219–228
Schultz M, Eskin E, Zadok E, Stolfo S (2001) Data mining methods for detection of new malicious executables. In: Proceeding of IEEE symposium security and privacy, Oakland, pp 38–49
Sekar R, Bendre M, Dhurjati D, Bollinen P (2001) A fast automaton-based method for detecting anomalous program behaviors. In: Proceeding of IEEE symposium security and privacy, Oakland, pp 144–155
Warrender C, Forrest S, Pearlmutter B (1999) Detecting intrusions using system calls: alternative data models. In: IEEE symposium on security and privacy, Los Alamitos, pp 133–145
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Science+Business Media New York
About this entry
Cite this entry
Chan, P.K. (2017). Machine Learning for IT Security. In: Sammut, C., Webb, G.I. (eds) Encyclopedia of Machine Learning and Data Mining. Springer, Boston, MA. https://doi.org/10.1007/978-1-4899-7687-1_505
Download citation
DOI: https://doi.org/10.1007/978-1-4899-7687-1_505
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4899-7685-7
Online ISBN: 978-1-4899-7687-1
eBook Packages: Computer ScienceReference Module Computer Science and Engineering