IEEE Transactions on Software Engineering - Special issue on computer security and privacy
The nature of statistical learning theory
The nature of statistical learning theory
Genetic programming: an introduction: on the automatic evolution of computer programs and its applications
An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
Practical automated detection of stealthy portscans
Journal of Computer Security
A Comparative Study of Techniques for Intrusion Detection
ICTAI '03 Proceedings of the 15th IEEE International Conference on Tools with Artificial Intelligence
Distributed multi-intelligent agent framework for detection of stealthy probes
Design and application of hybrid intelligent systems
Static Analyzer of Vicious Executables (SAVE)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A comparison of linear genetic programming and neural networks inmedical data mining
IEEE Transactions on Evolutionary Computation
Similarity-based classification using specific features in network intrusion detection
AsiaCSN '08 Proceedings of the Fifth IASTED International Conference on Communication Systems and Networks
Feature selection using rough-DPSO in anomaly intrusion detection
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I
An effective intrusion detection method using optimal hybrid model of classifiers
Journal of Computational Methods in Sciences and Engineering - Special Supplement Issue in Section A and B: Selected Papers from the ISCA International Conference on Software Engineering and Data Engineering, 2009
Selection of effective network parameters in attacks for intrusion detection
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
Feature selection for detection of peer-to-peer botnet traffic
Proceedings of the 6th ACM India Computing Convention
Hi-index | 0.00 |
Cyber security is a serious global concern. The potential of cyber terrorism has posed a threat to national security; meanwhile the increasing prevalence of malware and incidents of cyber attacks hinder the utilization of the Internet to its greatest benefit and incur significant economic losses to individuals, enterprises, and public organizations. This paper presents some recent advances in intrusion detection, feature selection, and malware detection. In intrusion detection, stealthy and low profile attacks that include only few carefully crafted packets over an extended period of time to delude firewalls and the intrusion detection system (IDS) have been difficult to detect. In protection against malware (trojans, worms, viruses, etc.), how to detect polymorphic and metamorphic versions of recognized malware using static scanners is a great challenge. We present in this paper an agent based IDS architecture that is capable of detecting probe attacks at the originating host and denial of service (DoS) attacks at the boundary controllers. We investigate and compare the performance of different classifiers implemented for intrusion detection purposes. Further, we study the performance of the classifiers in real-time detection of probes and DoS attacks, with respect to intrusion data collected on a real operating network that includes a variety of simulated attacks. Feature selection is as important for IDS as it is for many other modeling problems. We present several techniques for feature selection and compare their performance in the IDS application. It is demonstrated that, with appropriately chosen features, both probes and DoS attacks can be detected in real time or near real time at the originating host or at the boundary controllers. We also briefly present some encouraging recent results in detecting polymorphic and metamorphic malware with advanced static, signature-based scanning techniques.