Weighting versus pruning in rule validation for detecting network and host anomalies

Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Volumn , Issue , 2007, Pages 697-706

  Tandon, Gaurav ^a   Chan, Philip K ^a  

^a Florida Institute of Technology ^*  (United States)

Author keywords

Anomaly detection; Machine learning; Rule pruning; Rule weighting

Indexed keywords

COMPUTATIONAL METHODS; COMPUTER NETWORKS; DATA MINING;

ANOMALY DETECTION; RULE PRUNING; RULE WEIGHTING;

LEARNING SYSTEMS;

EID: 36849030790     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1281192.1281267     Document Type: Conference Paper

References (34)

1. R. Agrawal and R. Srikant. Fast algorithms for mining association rules. In VLDB, 1994.
2. D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes. Detecting unusual program behavior using the statistical component of the next generation intrusion detection expert system (nides). Technical Report SRI-CSL-95-06, Computer Science Laboratory SRI, 1995.
3. D. Barbara, J. Couto, S. Jajodia, L. Popyack, and N. Wu. Adam: Detecting intrusions by data mining. In IEEE Workshop on Information Assurance and Security, 2001.
4. S. Bhatkar, A. Chaturvedi, and R. Sekar. Dataflow anomaly detection. In IEEE Security and Privacy, 2006.
5. A. Blum. Empirical support for winnow and weighted-majority algorithms: Results on a calendar scheduling domain. Machine Learning, 26(5):5-23, 1997.
6. P. Clark and T. Niblett. The CN2 induction algorithm. Machine Learning, 3:261-285, 1989.
7. W. Cohen. Fast effective rule induction. In ICML, pages 115-123, 1995.
8. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In IEEE Security and Privacy, 2003.
9. P. Flach. The many faces of roc analysis in machine learning. In ICML Tutorial, 2004.
10. S. Forrest, S. Hofmeyr, A.Somayaji, and T. Longstaff. A sense of self for unix processes. In IEEE Security and Privacy, 1996.
11. Y. Freund and R. Schapire. Experiments with a new boosting algorithm. In ICML, pages 148-156, 1996.
12. J. Furnkranz. Pruning algorithms for rule learning. Machine Learning, 27:139-171, 1997.
13. D. Gao, M. Reiter, and D. Song. On gray-box program tracking for anomaly detection. In USENIX Security Symposium, 2004.
14. A. Ghosh and A. Schwartzbard. A study in using neural networks for anomaly and misuse detection. In USENIX Security Symposium, 1999.
15. K. Kendell. A database of computer attacks for the evaluation of intrusion detection systems. Master's thesis, MIT, Cambridge, MA, 1999.
16. C. Krugel, T. Toth, and E. Kirda. Service specific anomaly detection for network intrusion detection. In ACM SAC, 2002.
17. R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das. The 1999 darpa off-line intrusion detection evaluation. Computer Networks, 2000.
18. N. Littlestone. Learning quickly when irrelevant attributes abound: A new linear threshold algorithm. Machine Learning, 2:285-318, 1988.
19. N. Littlestone and M. Warmuth. The weighted majority algorithm. Information and Computation, 108(2):212-261, 1994.
20. M. Mahoney and P. Chan. Learning rules for anomaly detection of hostile network traffic. In ICDM, 2003.
21. D. Mutz, F. Valeur, C. Kruegel, and G. Vigna. Anomalous system call detection. ACM Trans. Information and System Security, 2006.
22. V. Paxson. Bro: A system for detecting network intruders in real time. In USENIX Security Symposium, 1998.
23. V. Paxson and S. Floyd. The failure of poisson modeling. IEEE/ACM Trans. Networking, 3:226-244, 1995.
24. J. R. Quinlan. C4.5: programs for machine learning. Morgan Kaufmann, San Mateo, CA, 1993.
25. W. Robertson, G. Vigna, C. Kruegel, and R. Kemmerer. Using generalization and characterization techniques in the anomaly-based detection of web attacks. In NDSS, 2006.
26. M. Roesch. Snort - lightweight intrusion detection for networks. In USENIX LISA, 1999.
27. R. Schapire. The strength of weak learnability. Machine Learning, 5:197-226, 1990.
28. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A fast automaton-based method for detecting anomalous program behaviors. In IEEE Security and Privacy, 2001.
29. S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10:105-136, 2002.
30. G. Tandon and P. Chan. On the learning of system call attributes for host-based anomaly detection. Intl. Journal on AI Tools, 15(6):875-892, 2006.
31. Y. Wang and A. Wong. From association to classification: inference using weight of evidence. IEEE Trans. Knowledge and Data Engineering, 15(3), 2003.
32. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Security and Privacy, 1999.
33. A. Wespi, M. Dacier, and H. Debar. Intrusion detection using variable-length audit trail patterns. In Recent Advances in Intrusion Detection, 2000.
34. I. Witten and T. Bell. The zero-frequency problem: estimating the probabilities of novel events in adaptive text compression. IEEE Trans. Info. Theory, 1991.