Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)

Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)

Language: English

Pages: 210

ISBN: 184628029X

Format: PDF / Kindle (mobi) / ePub


"Machine Learning and Data Mining for Computer Security" provides an overview of the current state of research in machine learning and data mining as it applies to problems in computer security. This book has a strong focus on information processing and combines and extends results from computer security.

The first part of the book surveys the data sources, the learning and mining methods, evaluation methodologies, and past work relevant for computer security. The second part of the book consists of articles written by the top researchers working in this area. These articles deals with topics of host-based intrusion detection through the analysis of audit trails, of command sequences and of system calls as well as network intrusion detection through the analysis of TCP packets and the detection of malicious executables.

This book fills the great need for a book that collects and frames work on developing and applying methods from machine learning and data mining to problems in computer security.

Haptics: Generating and Perceiving Tangible Sensations: International Conference, EuroHaptics 2010, Amsterdam, July 2010, Proceedings Part 1

Ontologies for Software Engineering and Software Technology

Cryptography in C and C++ (2nd Edition)

Graph Databases: New Opportunities for Connected Data (2nd Edition)

Inductive Reasoning: Experimental, Developmental, and Computational Approaches

Kernel Adaptive Filtering: A Comprehensive Introduction

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

traffic. We observed classification accuracies by protocol ranging from 85% to 100% for both the aggregate and host models. The peer-to-peer traffic was classified correctly for 100% of the unseen flows. This is an especially interesting result because Kazaa flows carry a port label that is user-defined. Thus, we are able to correctly classify peer-to-peer flows behaviorally – without the use of the port number. These results indicate that our classification method is effective for real network traffic. The

prevent future incidents by adding a locking device to the steering wheel or parking in a locked garage. If we find that the car was broken into and the alarm did not sound, we might choose also to improve the alarm system. ity tial en nfid y grit ty Inte bili a l i a Pro Av ces sin g Sto rag e Tra nsm issi on Co Education Policy&Practice Technology Fig. 2.2. The standard model of information assurance 10 Machine Learning and Data Mining for Computer Security 2.3 Information Assurance

system calls. A system call sequence (SCS ) s is defined as a finite sequence of system calls and is represented as (c1 c2 c3 · · · cn ), where ci ∈ Σ, 1 ≤ i ≤ n. After processing the audit data into process executions, system call sequences are obtained as finite length strings. Each system call is then mapped to a unique symbol using a translation table. Thereafter, they are ranked by utilizing prior knowledge as to how susceptible the system call is to malicious usage. A ranking scheme similar to

the computational complexity of various cost functions and allows us a rigorous way to trade off complexity against descriptiveness. To our knowledge, this is the first result on the formal complexity of decision-making in the intrusion detection task. We also spend some discussion on possible directions for addressing the intractability of these models. In particular, reducing the IDS problem to learning and planning in POMDPs opens it up to a wide variety of approximate, yet effective, methods

“What you have” describes some token that is carried by a person that the system expects only that person to have. This token can take many forms. In a physical system, a key could be considered an access token. Most people have some form of identification, which is a token that can be used to show that the issuer of the identification has some confidence in the carrier’s identity. For computer systems, there are a variety of authentication tokens. These commonly include devices that generate pass

Download sample

Download