Instance-Based Learning Algorithms
Machine Learning
Using explanation-based and empirical methods in theory revision
Using explanation-based and empirical methods in theory revision
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Foundations of statistical natural language processing
Foundations of statistical natural language processing
Data mining: practical machine learning tools and techniques with Java implementations
Data mining: practical machine learning tools and techniques with Java implementations
Robust Classification for Imprecise Environments
Machine Learning
Mining needle in a haystack: classifying rare classes via two-phase rule induction
SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
Hidden Markov Models for Speech Recognition
Hidden Markov Models for Speech Recognition
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence
Analysis Techniques for Detecting Coordinated Attacks and Probes
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
An Application of Machine Learning to Network Intrusion Detection
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Theory Refinement with Noisy Data
Theory Refinement with Noisy Data
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Asset priority risk assessment using hidden markov models
Proceedings of the 10th ACM conference on SIG-information technology education
A multiple agents based intrusion detection system
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
Immunizing mobile ad hoc networks against collaborative attacks using cooperative immune model
Security and Communication Networks
| Hi-index | 0.00 |
This paper examines the issues involved with responding to complex Internet attacks. Such attacks characteristically occur in stages over extended periods of time and allow specific actions in a particular stage to be interchangeable. The stages can be extremely difficult to correlate because they are separated in time, and these effects can be deliberately obscured to achieve the goals of the attacker. We have chosen an approach to intrusion detection using Hidden Markov Models (HMMs) that explicitly addresses these issues. As part of our research we also developed a methodology for labeling examples that reduced the effort involved from that of labeling thousands of training examples to that of labeling less than two hundred feature values. When compared with two classic machine learning algorithms, decision trees and neural nets, the HMM algorithm provides an approximately five-% performance advantage over the decision tree algorithm, and at least a thirty % advantage over neural nets, at all training levels. The HMM performance advantage over decision trees is shown to increase as the complexity of the attack increases. The HMM performance advantage also increases as the number of training examples decreases. This last result indicates that the HMM algorithm may have additional benefit when examples of a particular attack type are rare.