Terran D. Lane, Machine learning techniques for the computer security domain of anomaly detection, Ph.D. thesis, Department of Electrical and Computer Engineering, Purdue University, aug 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....Alberta, Canada Copyright 2002 ACM 1 58113 567 X 02 0007 . 5.00. include, determining what audit data to collect and what data model to use to represent it, dealing with noisy, highdimensional, categorical audit data, and satisfying generic requirements like automation and real time detection [10]. The specific problem we seek to solve is that of di#erentiation between masqueraders and the true user of a computer terminal. We do so by augmenting conventional password authentication measures, with a continuously running terminal resident IDS program, called ADMIT (Anomalybased Data Mining ....

....the proportion of network data that is anomalous is very low. Zamboni observed that the distribution of test points to clusters changes significantly at the time of attacks, which can be used as an indicator of anomalous behavior. The work most closely related to ours is that by Lane and Brodley [10, 11], who used both instance based learning [1] IBL) as well as Hidden Markov Models (HMM) techniques to create user profiles for user command data. Like our method, they too use clustering, however only for model scaling (i.e. limiting the number of sequences representing the user) The IBL ....

[Article contains additional citation context not shown here]

T. Lane. Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. Ph. D. Thesis, CERIAS TR 2000-12, Purdue University, August 2000.

....criticized as encouraging the development of ad hoc rules [ESNP96] and require significant human engineering e#ort to develop. In contrast, statistical systems traditionally build profiles of normal user behavior and then search for the unusual sequences of events for consideration [DS98, FP99, Lan00] Unlike most systems that perform anomaly detection by audit trail processing o# line, our method works online, incrementally updating users profiles as additional data arrives and could be augmented to provide user recognition. Finally, IPAM s success has fostered work by others. Jacobs and ....

Terran Lane. Machine learning techniques for the computer security domain of anomaly detection. PhD thesis, Purdue University, August 2000.

....complex. The general assumption is that the normal behavior of a system can often be characterized by a series of observations over time. Also, normal system behavior generally exhibits stable patterns when observed over a period of time. There are multiple approaches to such anomaly detection [5, 7, 13, 14, 15, 22, 23, 26], and most of them work by building a model or profile of the system that reflects its normal behavior. A simple approach is to define thresholds (upper and lower) for each monitored parameter of the system, and if a parameter exceeds this range, it is considered an abnormality. The most common ....

....security) Therefore, the challenge is to build an anomaly detection system that can capture multi variable correlations, and is capable of dealing with the large amount of data generated in a computer network environment. Data mining techniques have been applied with some success to this problem [24, 22, 25]. This approach has the advantages of dealing with large data sets and being able to garner useful knowledge (generally expressed in terms of rules) For these techniques, it is important that the data have some degree of structure. In several works, the network tra#c data (packet level) is ....

T. Lane. Machine Learning Techniques For The Computer Security. PhD thesis, Purdue University, 200.

No context found.

Terran D. Lane, Machine learning techniques for the computer security domain of anomaly detection, Ph.D. thesis, Department of Electrical and Computer Engineering, Purdue University, aug 2000.

No context found.

Lane, T.: 2000, `Machine learning techniques for the computer security'. Ph.D. thesis, Purdue University.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC