Skip to main content
SpringerLink
Log in

Machine Learning Combining with Visualization for Intrusion Detection: A Survey

  • Conference paper
  • First Online:
Modeling Decisions for Artificial Intelligence (MDAI 2016)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 9880))

Abstract

Intrusion detection is facing great challenges as network attacks producing massive volumes of data are increasingly sophisticated and heterogeneous. In order to gain much more accurate and reliable detection results, machine learning and visualization techniques have been respectively applied to intrusion detection. In this paper, we review some important work related to machine learning and visualization techniques for intrusion detection. We present a collaborative analysis architecture for intrusion detection tasks which integrate both machine learning and visualization techniques into intrusion detection. We also discuss some significant issues related to the proposed collaborative analysis architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmed, M., Naser Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  2. Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2, 1–41 (2015)

    Article  Google Scholar 

  3. Ektefa, M., Memar, S., Sidi, F., Affendey, L.S.: Intrusion detection using data mining techniques. In: International Conference on Information Retrieval & Knowledge Management, pp. 1–14 (2010)

    Google Scholar 

  4. Nguyen, H.: Reliable machine learning algorithms for intrusion detection systems. Ph.D. thesis, Faculty of Computer Science and Media Technology Gjøvik University College (2012). http://hdl.handle.net/11250/144371. Accessed August 2015, 2.3. 2, 2.4. 2, 2, 5.3. 3

  5. Farah, N., Avishek, M., Muhammad, F., Rahman, A., Rafni, M., Md, D.: Application of machine learning approaches in intrusion detection system: a survey. Int. J. Adv. Res. Artif. Intell. 4, 9–18 (2015)

    Article  Google Scholar 

  6. Kapoor, A., Lee, B., Tan, D., Horvitz, E.: Performance and preferences: interactive refinement of machine learning procedures. In: AAAI Conference on Artificial Intelligence, pp. 113–126 (2015)

    Google Scholar 

  7. Bertini, E., Hertzog, P., Lalanne, D.: SpiralView: towards security policies assessment through visual correlation of network resources with evolution of alarms. In: IEEE Symposium on Visual Analytics Science and Technology, 2007, VAST 2007, pp. 139–146. IEEE (2007)

    Google Scholar 

  8. Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 65–72. ACM (2004)

    Google Scholar 

  9. Fischer, F., Fuchs, J., Vervier, P.-A., Mansmann, F., Thonnard, O.: Vistracer: a visual analytics tool to investigate routing anomalies in traceroutes. In: Proceedings of the Ninth International Symposium on visualization for Cyber Security, pp. 80–87. ACM (2012)

    Google Scholar 

  10. Keim, D.A., Munzner, T., Rossi, F., Verleysen, M., Keim, D.A., Verleysen, M.: Bridging information visualization with machine learning. Dagstuhl Rep. 5, 1–27 (2015)

    Google Scholar 

  11. Rieck, K.: Machine learning for application-layer intrusion detection. In: Fraunhofer Institute FIRST and Berlin Institute of Technology, Berlin, Germany (2009)

    Google Scholar 

  12. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. 3, 227–261 (2000)

    Article  Google Scholar 

  13. Kumarshrivas, A., Kumar Dewangan, A.: An ensemble model for classification of attacks with feature selection based on KDD99 and NSL-KDD data set. Int. J. Comput. Appl. 99, 8–13 (2014)

    Google Scholar 

  14. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection. Appl. Data Min. Comput. Sec. 6, 77–101 (2002)

    Google Scholar 

  15. Fan, W., Miller, M., Stolfo, S., Lee, W., Chan, P.: Using artificial anomalies to detect unknown and known network intrusions. In: IEEE International Conference on Data Mining, ICDM, pp. 123–130 (2001)

    Google Scholar 

  16. Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. J. Comput. Virol. 2, 243–256 (2007)

    Article  Google Scholar 

  17. Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. J. Mach. Learn. Res. 9, 23–48 (2008)

    MATH  Google Scholar 

  18. Liao, Y., Vemuri, V.R.: Using text categorization techniques for intrusion detection. In: Proceedings of Usenix Security Symposium, pp. 51–59 (2002)

    Google Scholar 

  19. Mahoney, M.V., Chan, P.K.: Learning rules for anomaly detection of hostile network traffic. In: Null, p. 601. IEEE (2003)

    Google Scholar 

  20. Ingham, K.L., Inoue, H.: Comparing anomaly detection techniques for HTTP. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 42–62. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful intrusion detection for high-speed network’s. In: 2002 IEEE Symposium on Security and Privacy, 2002, Proceedings, pp. 285–293 (2002)

    Google Scholar 

  22. Wang, K., Stolfo, S.J.: One-class training for masquerade detection. In: IEEE Conference Data Mining Workshop on Data Mining for Computer Security (2003)

    Google Scholar 

  23. Rieck, K., Laskov, P.: Detecting unknown network attacks using language models. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 74–90. Springer, Heidelberg (2006)

    Google Scholar 

  24. Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: ACM Conference on Computer and Communications Security, pp. 251–261 (2003)

    Google Scholar 

  26. Krueger, T., Gehl, C., Rieck, K., Laskov, P.: An architecture for inline anomaly detection. In: 2008 European Conference on Computer Network Defense, pp. 11–18 (2008)

    Google Scholar 

  27. Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomalous system call detection. ACM Trans. Inf. Syst. Secur. 9, 61–93 (2006)

    Article  Google Scholar 

  28. Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: International Conference on Detection of Intrusions & Malware, pp. 123–140 (2005)

    Google Scholar 

  29. Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: a yacc for writing application protocol parsers. In: ACM SIGCOMM Conference on Internet Measurement, pp. 289–300 (2006)

    Google Scholar 

  30. Borisov, N., Brumley, D.J., Wang, H.J., Dunagan, J., Joshi, P., Guo, C.: Generic application-level protocol analyzer and its language. In: Annual Network and Distributed System Security Symposium (2005)

    Google Scholar 

  31. Wondracek, G., Comparetti, P.M., Krügel, C., Kirda, E.: Automatic network protocol analysis. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)

    Google Scholar 

  32. Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36, 11994–12000 (2009)

    Article  Google Scholar 

  33. Koc, L., Mazzuchi, T.A., Sarkani, S.: A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. Expert Syst. Appl. 39, 13492–13500 (2012)

    Article  Google Scholar 

  34. Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious web content detection by machine learning. Expert Syst. Appl. 37, 55–60 (2010)

    Article  Google Scholar 

  35. Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39, 1822–1829 (2012)

    Article  Google Scholar 

  36. Kang, I., Jeong, M.K., Kong, D.: A differentiated one-class classification method with applications to intrusion detection. Expert Syst. Appl. 39, 3899–3905 (2012)

    Article  Google Scholar 

  37. Grinblat, G.L., Uzal, L.C., Granitto, P.M.: Abrupt change detection with one-class time-adaptive support vector machines. Expert Syst. Appl. 40, 7242–7249 (2013)

    Article  Google Scholar 

  38. Sahin, Y., Bulkan, S., Duman, E.: A cost-sensitive decision tree approach for fraud detection. Expert Syst. Appl. 40, 5916–5923 (2013)

    Article  Google Scholar 

  39. Wu, S.Y., Yen, E.: Data mining-based intrusion detectors. Expert Syst. Appl. 36, 5605–5612 (2009)

    Article  Google Scholar 

  40. Devaraju, S.: Detection of accuracy for intrusion detection system using neural network classifier. In: International Conference on Information, Systems and Computing-ICISC, pp. 1028–1041 (2013)

    Google Scholar 

  41. Wu, H.C., Huang, S.H.S.: Neural networks-based detection of stepping-stone intrusion. Expert Syst. Appl. 37, 1431–1437 (2010)

    Article  Google Scholar 

  42. Min, S.M., Sohn, S.Y., Ju, Y.H.: Random effects logistic regression model for anomaly detection. Pharmacol. Biochem. Behav. 37, 7162–7166 (2010)

    Google Scholar 

  43. Davanzo, G., Medvet, E., Bartoli, A.: Anomaly detection techniques for a web defacement monitoring service. Expert Syst. Appl. 38, 12521–12530 (2011)

    Article  Google Scholar 

  44. Feng, W., Zhang, Q., Hu, G., Huang, J.X.: Mining network data for intrusion detection through combining SVMs with ant colony networks. Future Gener. Comput. Syst. 37, 127–140 (2014)

    Article  Google Scholar 

  45. Ranjan, R., Sahoo, G.: A new clustering approach for anomaly intrusion detection. Eprint Arxiv 4, 29–38 (2014)

    Google Scholar 

  46. Farid, D.M., Zhang, L., Hossain, A., Rahman, C.M., Strachan, R., Sexton, G., Dahal, K.: An adaptive ensemble classifier for mining concept drifting data streams. Expert Syst. Appl. 40, 5895–5906 (2013)

    Article  Google Scholar 

  47. Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing network data. IEEE Trans. Visual. Comput. Graph. 1, 16–28 (1995)

    Article  Google Scholar 

  48. Girardin, L., Brodbeck, D.: A visual approach for monitoring logs. In: LISA, pp. 299–308 (2001)

    Google Scholar 

  49. Zhao, Y., Liang, X., Fan, X., Wang, Y., Yang, M., Zhou, F.: MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data. J. Visual. 17, 181–196 (2014)

    Article  Google Scholar 

  50. Fischer, F., Mansmann, F., Keim, D.A., Pietzko, S., Waldvogel, M.: Large-scale network monitoring for visual analysis of attacks. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 111–118. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  51. Tsigkas, O., Thonnard, O., Tzovaras, D.: Visual spam campaigns analysis using abstract graphs representation. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security, pp. 64–71. ACM (2012)

    Google Scholar 

  52. Keim, D.A., Rossi, F., Seidl, T., Verleysen, M., Wrobel, S., Seidl, T.: Information visualization, visual data mining and machine learning. Dagstuhl Rep. 2, 58–83 (2012)

    Google Scholar 

  53. Schulz, A., Gisbrecht, A., Bunte, K., Hammer, B.: How to visualize a classifier. In: New Challenges in Neural Computation, pp. 73–83 (2012)

    Google Scholar 

  54. Schulz, A., Gisbrecht, A., Hammer, B.: Using discriminative dimensionality reduction to visualize classifiers. Neural Process. Lett. 42, 27–54 (2014)

    Article  Google Scholar 

  55. Gisbrecht, A., Schulz, A., Hammer, B.: Discriminative dimensionality reduction for the visualization of classifiers. In: Fred, A., De Marsico, M. (eds.) ICPRAM 2013. AISC, vol. 318, pp. 39–56. Springer, Heidelberg (2015)

    Google Scholar 

  56. Amershi, S., Lee, B., Kapoor, A., Mahajan, R., Christian, B.: CueT: human-guided fast and accurate network alarm triage. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 157–166. ACM (2011)

    Google Scholar 

  57. Kapoor, A., Lee, B., Tan, D., Horvitz, E.: Interactive optimization for steering machine classification. In: SIGCHI Conference on Human Factors in Computing Systems, pp. 1343–1352 (2010)

    Google Scholar 

  58. Amershi, S., Chickering, M., Drucker, S.M., Lee, B., Simard, P., Suh, J.: ModelTracker: redesigning performance analysis tools for machine learning. In: ACM Conference on Human Factors in Computing Systems, pp. 337–346 (2015)

    Google Scholar 

  59. Zhao, Q., Long, J., Fang, F., Cai, Z.: The important features of anomaly detection based on visualization technology. In: Proceedings of the 12th International Conference on Modeling Decisions for Artificial Intelligence (MDAI 2015), Skovde, Sweden (2015)

    Google Scholar 

  60. Abdi, H., Williams, L.J.: Principal component analysis. Wiley Interdisc. Rev. Comput. Stat. 2, 433–459 (2010)

    Article  Google Scholar 

  61. Kruskal, J.B.: Multidimensional scaling by optimizing goodness of fit to a nonmetric hypothesis. Brain Res. 1142, 159–168 (2007)

    Article  Google Scholar 

  62. Saul, L.K., Roweis, S.T.: An Introduction to Locally Linear Embedding. Report at AT&T Labs – Research (2000)

    Google Scholar 

  63. Choi, H., Choi, S.: Robust kernel Isomap. Pattern Recogn. 40, 853–862 (2010)

    Article  MATH  Google Scholar 

  64. Cai, Z., Wang, Z., Zheng, K., Cao, J.: A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering. IEEE Trans. Comput. 62(3), 417–427 (2013)

    Article  MathSciNet  Google Scholar 

  65. Chen, J., Yin, J., Liu, Y., Cai, Z., Li, M.: Detecting distributed denial of service attack based on address correlation value. J. Comput. Res. Dev. 46(8), 1334–1340 (2009)

    Google Scholar 

  66. Liu, F., Dai, K., Wang, Z., Cai, Z.: Research on the technology of quantitative security evaluation based on fuzzy number arithmetic operation. Fuzzy Syst. Math. 18(4), 51–54 (2004)

    Google Scholar 

Download references

Acknowledgements

This work is supported by the National Natural Science Foundation of China under Grant Nos. 61105050, 61379145.

Author information

Authors and Affiliations

  1. College of Computer, National University of Defense Technology, Changsha, 410073, Hunan, China

    Yang Yu, Jun Long, Fang Liu & Zhiping Cai

Authors
  1. Yang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Long
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhiping Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhiping Cai .

Editor information

Editors and Affiliations

  1. University of Kövde , Skövde, Sweden

    Vicenç Torra

  2. Toho Gakuen , Kunitachi, Tokyo, Japan

    Yasuo Narukawa

  3. Enginyeria de la Informacio I de les Com, Univ Autonoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  4. Universitat d'Andorra , Sant Julià de Lòria, Andorra

    Cristina Yañez

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Yu, Y., Long, J., Liu, F., Cai, Z. (2016). Machine Learning Combining with Visualization for Intrusion Detection: A Survey. In: Torra, V., Narukawa, Y., Navarro-Arribas, G., Yañez, C. (eds) Modeling Decisions for Artificial Intelligence. MDAI 2016. Lecture Notes in Computer Science(), vol 9880. Springer, Cham. https://doi.org/10.1007/978-3-319-45656-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45656-0_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45655-3

  • Online ISBN: 978-3-319-45656-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation