Host based intrusion detection using machine learning

ISI 2007: 2007 IEEE Intelligence and Security Informatics

Volumn , Issue , 2007, Pages 107-114

  Moskovitch, Robert ^a   Pluderman, Shay ^a   Gus, Ido ^a   Stopel, Dima ^a   Feher, Clint ^a   Parmet, Yisrael ^a   Shahar, Yuval ^a   Elovici, Yuval ^a  

^a BEN GURION UNIVERSITY OF THE NEGEV   (Israel)

Author keywords

Component; Malicious code detection; Worms

Indexed keywords

BINARY CODES; CLASSIFICATION (OF INFORMATION); COMPUTER WORMS; FEATURE EXTRACTION; LEARNING SYSTEMS;

CLASSIFICATION ALGORITHMS; COMPUTER CONFIGURATIONS; MALICIOUS CODE DETECTION;

INTRUSION DETECTION;

EID: 34748915835     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/isi.2007.379542     Document Type: Conference Paper

References (29)

1. Craig Fosnock, Computer Worms: Past, Present and Future. East Carolina University (2005)
2. Kabiri, P., Ghorbani, A.A.. (2005) "Research on intrusion detection and response: A survey," International Journal of Network Security, vol. 1(2), pp. 84-102.
3. Schultz, M., Eskin, E., Zadok, E., and Stolfo, S. (2001) Data Mining Methods for Detection of New Malicious Executables, Proceedings of the IEEE Symposium on Security and Privacy, 2001, pp. 178-184.
4. Abou-Assaleh, T., Cercone, N., Keselj, V., and Sweidan, R. (2004) N-gram based Detection of New Malicious Code, Proceedings of the 28th Annual International Computer Software and Applications Conference (COMPSAC'04)
5. Kolter, J.Z. and Maloof, M.A., Learning to detect and classify malicious executables in the wild, Journal Of Machine Learning Research, 7 (2006) 2721-2744.
6. Moore D., Paxson V., Savage S., and Shannon C., Staniford S., and Weaver N. (2003) Slammer Worm Dissection: Inside the Slammer Worm, IEEE Security and Privacy, Vol. 1 No. 4, July-August 2003, 33-39.
7. Kienzle, D.M. and Elder, M.C. (2003) Recent worms: a survey and trends. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, pages 1-10. ACM Press, October 27, 2003.
8. Moore, D., Shannon, C., and Brown, J. (2002) Code Red: a case study on the spread and victims of an internet worm, Proceedings of the Internet Measurement Workshop 2002, Marseille, France, November 2002.
9. Weaver, N. Paxson, V. Staniford, and S. Cunningham, R. (2003) A Taxonomy of Computer Worms, Proceedings of the 2003 ACM workshop on Rapid Malcode, Washington, DC, October 2003, pages 11-18
10. CERT. CERT Advisory CA-2000-04, Love Letter Worm, http://www.cert.org/ advisories/ca-2000-04.html
11. Lee, W., Stolfo, S.J. and Mok, K.W. (1999). A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999
12. Richard P. Lippmann, Isaac Graf, Dan Wysohogrod, Seth E. Webster, Dan J. Weber, and Sam Gorton, "The 1998 DARPA/AFRL Off-Line Intrusion Detection Evaluation," First International Workshop on Recent Advances in Intrusion Detection (RAID), Louvain-la-Neuve, Belgium, 1998.
13. Barbara, D., Wu, N., Jajodia, S. (2001) "Detecting novel network intrusions using bayes estimators," in Proceedings of the First SIAM International Conference on Data Mining (SDM 2001), Chicago, USA
14. Ste. Zanero and Sergio M. Savaresi, "Unsupervised learning techniques for an intrusion detection system," in Proceedings of the 2004 ACM symposium on Applied computing, pp. 412-419, Nicosia, Cyprus, Mar. 2004. ACM Press.
15. H. Gunes Kayacik, A. Nur Zincir-Heywood, and Malcolm I. Heywood, On the capability of a som based intrusion, detection system, in Proceedings of the International Joint Conference on Neural Networks, vol. 3, pp. 1808-1813. IEEE, IEEE, July 2003.
16. J. Z. Lei and Ali Ghorbani, "Network intrusion detection using an improved competitive learning neural network," in Proceedings of the Second Annual Conference on Communication Networks and Services Research (CNSR04), pp. 190-197. IEEE-Computer Society, IEEE, May 2004.
17. P. Z. Hu and Malcolm I. Heywood, Predicting intrusions with local linear model, in Proceedings of the International Joint Conference on Neural Networks, vol. 3, pp. 1780-1785. IEEE, IEEE, July 2003.
18. John E. Dickerson and Julie, A. Dickerson, "Fuzzy network profiling for intrusion detection," in Proceedings of NAFIPS 19th International Conference of the North American Fuzzy Information Processing Society, pp. 301-306, Atlanta, USA, July 2000.
19. Susan M. Bridges and M. Vaughn Rayford, "Fuzzy data mining and genetic algorithms applied to intrusion detection," in Proceedings of the Twenty-third National Information Systems Security Conference. National Institute of Standards and Technology, Oct. 2000.
20. M. Botha and R. von Solms, "Utilising fuzzy logic and trend analysis for effective intrusion detection," Computers & Security, vol. 22, no. 5, pp. 423-434, 2003.
21. Lorch, J. and Smith, A. J. (2000) The VTrace tool: building a system tracer for Windows NT and Windows 2000. MSDN Magazine, 15(10):86-102, October 2000.
22. Witten, I.H. and Frank E., Data Mining: Practical machine learning tools and techniques, 2nd Edition, Morgan Kaufmann, San Francisco, 2005.
23. Quinlan, J.R. (1993). C4.5; programs for machine learning. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA.
24. Mitchell T. (1997) Machine Learning, McGraw-Hill.
25. Domingos, P., and Pazzani, M. (1997) On the optimality of simple Bayesian classifier under zero-one loss, Machine Learning, 29:103-130.
26. Pearl J., (1986) Fusion, propagation, and structuring in belief networks. Artificial Intelligence 29(3):241-288.
27. Bishop, C.(1995) Neural Networks for Pattern Recognition. Clarendon Press, Oxford.
28. Demuth, H. and Beale, (1998) M. Neural Network toolbox for use with Matlab. The Mathworks Inc., Natick, MA.
29. Kohavi, R., (1995) A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection, International Joint Conference in Artificial Intelligence, 1137-1145, 1995.