Intrusion detection based on behavior mining and machine learning techniques

Authors:
Srinivas Mukkamala;Dennis Xu;Andrew H. Sung
Affiliations:
Institute for Complex Additive Systems and Analysis, Department of Computer Science, New Mexico Tech, Socorro, NM;Institute for Complex Additive Systems and Analysis, Department of Computer Science, New Mexico Tech, Socorro, NM;Institute for Complex Additive Systems and Analysis, Department of Computer Science, New Mexico Tech, Socorro, NM
Venue:
IEA/AIE'06 Proceedings of the 19th international conference on Advances in Applied Artificial Intelligence: industrial, Engineering and Other Applications of Applied Intelligent Systems
Year:
2006

Citing 3
Cited 3

Mining frequent patterns without candidate generation

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Stochastic gradient boosting

Computational Statistics & Data Analysis - Nonlinear methods and data mining

Semantic networks -based teachable agents in an educational game

WSEAS Transactions on Computers
Teachable characters: semantic neural networks in game AI

NN'09 Proceedings of the 10th WSEAS international conference on Neural networks
Self-organizing content management with semantic neural networks

NN'09 Proceedings of the 10th WSEAS international conference on Neural networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes results concerning the classification capability of unsupervised and supervised machine learning techniques in detecting intrusions using network audit trails. In this paper we investigate well known machine learning techniques: Frequent Pattern Tree mining (FP-tree), classification and regression tress (CART), multivariate regression splines (MARS) and TreeNet. The best model is chosen based on the classification accuracy (ROC curve analysis). The results show that high classification accuracies can be achieved in a fraction of the time required by well known support vector machines and artificial neural networks. TreeNet performs the best for normal, probe and denial of service attacks (DoS). CART performs the best for user to super user (U2su) and remote to local (R2L).