IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Intrusion detection with neural networks
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Learning to Predict by the Methods of Temporal Differences
Machine Learning
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Intrusion detection using sequences of system calls
Journal of Computer Security
Efficient reinforcement learning using recursive least-squares methods
Journal of Artificial Intelligence Research
Reinforcement learning: a survey
Journal of Artificial Intelligence Research
A Kernel-Based Reinforcement Learning Approach to Dynamic Behavior Modeling of Intrusion Detection
ISNN '07 Proceedings of the 4th international symposium on Neural Networks: Advances in Neural Networks
Multi-Agent Reinforcement Learning for Intrusion Detection: A Case Study and Evaluation
MATES '08 Proceedings of the 6th German conference on Multiagent System Technologies
Multi-Agent Reinforcement Learning for Intrusion Detection: A case study and evaluation
Proceedings of the 2008 conference on ECAI 2008: 18th European Conference on Artificial Intelligence
Defending DDoS attacks using hidden Markov models and cooperative reinforcement learning
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Heliza: talking dirty to the attackers
Journal in Computer Virology
Engineering Applications of Artificial Intelligence
| Hi-index | 0.00 |
Intrusion detection has emerged as an important technique for network security. Due to the complex and dynamic properties of intrusion behaviors, machine learning and data mining methods have been widely employed to optimize the performance of intrusion detection systems (IDSs). However, the results of existing work still need to be improved both in accuracy and in computational efficiency. In this paper, a novel reinforcement learning approach is presented for host-based intrusion detection using sequences of system calls. A Markov reward process model is introduced for modeling the behaviors of system call sequences and the intrusion detection problem is converted to predicting the value functions of the Markov reward process. A temporal different learning algorithm using linear basis functions is used for value function prediction so that abnormal temporal behaviors of host processes can be predicted accurately and efficiently. The proposed method has advantages over previous algorithms in that the temporal property of system call data is well captured in a natural and simple way and better intrusion detection performance can be achieved. Experimental results on the MIT system call data illustrate that compared with previous work, the proposed method has better detection accuracy with low training costs.