Intrusion detection using continuous time bayesian networks

Journal of Artificial Intelligence Research

Volumn 39, Issue , 2010, Pages 745-774

  Xu, Jing ^a   Shelton, Christian R ^a  

^a University of California Riverside   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ABNORMAL BEHAVIOR; ANOMALY DETECTION; BURSTINESS; CONTINUOUS TIME; CONTINUOUS TIME MODELS; DATA SETS; DISCRETE-TIME MODEL; FINITE RESOLUTION; GENERATIVE MODEL; HOST-BASED; INTRUSION DETECTION SYSTEMS; LEARNING METHODS; LOG FILE; MONITOR SYSTEM; NETWORK BASED SYSTEMS; NETWORK BEHAVIORS; NETWORK PACKET TRACES; RAO-BLACKWELLIZED PARTICLE FILTERING; TIME STAMPS; TRAINING DATA;

BAYESIAN NETWORKS; BEHAVIORAL RESEARCH; COMPUTER CRIME; DISTRIBUTED PARAMETER NETWORKS; INFERENCE ENGINES; INTELLIGENT NETWORKS; INTRUSION DETECTION; SIGNAL FILTERING AND PREDICTION;

CONTINUOUS TIME SYSTEMS;

EID: 78651432290     PISSN: None     EISSN: 10769757     Source Type: Journal    
DOI: 10.1613/jair.3050     Document Type: Article

References (46)

1. Agosta, J. M., Duik-Wasser, C., Chandrashekar, J., & Livadas, C. (2007). An adaptive anomaly detector for worm detection. In Workshop on Tackling Computer Systems Problems with Machine Learning Techniques.
2. A.Hofmeyr, S., Forrest, S., & Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 6, 151-180.
3. Cha, B. (2005). Host anomaly detection performance analysis based on system call of neuro-fuzzy using soundex algorithm and n-gram technique. In Systems Communications (ICW).
4. Chang, C.-C., & Lin, C.-J. (2001). LIBSVM: a library for support vector machines. http:// www.csie.ntu.edu.tw/̃cjlin/libsvm.
5. Cohn, I., El-Hay, T., Friedman, N., & Kupferman, R. (2009). Mean field variational approximation for continous-time Bayesian networks. In Uncertainty in Artificial Intelligence.
6. Dewaele, G., Fukuda, K., & Borgnat, P. (2007). Extracting hidden anomalies using sketch and non Gaussian multiresulotion statistical detection procedures. In ACM SIGCOMM.
7. Doucet, A., de Freitas, N., Murphy, K., & Russel, S. (2000). Rao-Blackwellised particle filtering for dynamic Bayesian networks. In Uncertainty in Artificial Intelligence.
8. El-Hay, T., Cohn, I., Friedman, N., & Kupferman, R. (2010). Continuous-time belief propagation. In Proceedings of the Twenty-Seventh International Conference on Machine Learning.
9. El-Hay, T., Friedman, N., & Kupferman, R. (2008). Gibbs sampling in factorized continous-time Markov processes. In Uncertainty in Artificial Intelligence.
10. Eskin, E. (2000). Anomaly detection over noisy data using learned probability distributions. In International Conference on Machine Learning.
11. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., & Stolfo, S. (2002). A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In Barbara, D., & Jajodia, S. (Eds.), Applications of Data Mining in Computer Security. Kluwer.
12. Fan, Y., & Shelton, C. R. (2008). Sampling for approximate inference in continuous time Bayesian networks. In Symposium on Artificial Intelligence and Mathematics.
13. Fan, Y., & Shelton, C. R. (2009). Learning continuous-time social network dynamics. In Proceedings of the Twenty-Fifth International Conference on Uncertainty in Artificial Intelligence.
14. Forrest, S., A.Hofmeyr, S., Somayaji, A., & A.Longstaff, T. (1996). A sense of self for unix processes. In IEEE Symposium on Security and Privacy, pp. 120-128.
15. Hu, W., Liao, Y., & Vemuri, V. (2003). Robust support vector machines for anomaly detection in computer security. In International Conference on Machine Learning and Applications.
16. Kang, D.-K., Fuller, D., & Honavar, V. (2005). Learning classifiers for misuse detetction using a bag of system calls representation. In IEEE International Conferences on Intelligence and Security Informatics.
17. Karagiannis, T., Papagiannaki, K., & Faloutsos, M. (2005). BLINC: Multilevel traffic classification in the dark. In ACM SIGCOMM.
18. Kruegel, C., Mutz, D., Robertson, W., & Valeur, F. (2003). Bayesian event classification for intrusion detection. In Annual Computer Security Applications Conference.
19. Lakhina, A., Crovella, M., & Diot, C. (2005). Mining anomalies using traffic feature distributions. In ACM SIGCOMM, pp. 21-26.
20. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., & Srivastava, J. (2003). A compare study of anomaly detection schemes in network intrusion detection. In SIAM International Conference on Data Mining.
21. LBNL. LBNL/ICSI enterprise tracing project.. http://www.icir.org/ enterprise-tracing/Overview.html/.
22. Leslie, C., Eskin, E., & Noble, W. S. (2002). The spectrum kernel: A string kernel for SVM protein classification. In Pacific Symposium on Biocomputing 7:566-575.
23. Malan, D. J., & Smith, M. D. (2005). Host-based detection of worms through peer to peer cooperation. In Workshop on Rapid Malcode.
24. MAWI. MAWI working group traffic archive.. http://mawi.nezu.wide.ad.jp/ mawi/.
25. Moore, A. W., & Zuev, D. (2005). Internet traffic classification using Bayesian analysis techniques. In ACM SIGMETRICS.
26. Ng, B., Pfeffer, A., & Dearden, R. (2005). Continuous time particle filtering. In National Conference on Artificial Intelligence, pp. 1360-1365.
27. Nodelman, U., & Horvitz, E. (2003). Continuous time Bayesian networks for inferring users' presence and activities with extensions for modeling and evaluation. Tech. rep. MSR-TR-2003-97, Microsoft Research.
28. Nodelman, U., Koller, D., & Shelton, C. R. (2005). Expectation propagation for continuous time Bayesian networks. In Uncertainty in Artificial Intelligence, pp. 431-440.
29. Nodelman, U., Shelton, C. R., & Koller, D. (2002). Continuous time Bayesian networks. In Uncertainty in Artificial Intelligence, pp. 378-387.
30. Nodelman, U., Shelton, C. R., & Koller, D. (2003). Learning continuous time Bayesian networks. In Uncertainty in Artificial Intelligence, pp. 451-458.
31. Nodelman, U., Shelton, C. R., & Koller, D. (2005). Expectation maximization and complex duration distributions for continuous time Bayesian networks. In Uncertainty in Artificial Intelligence, pp. 421-430.
32. Press, W. H., Teukolsky, S. A., Vetterling, W. T., & Flannery, B. P. (1992). Numerical Recipes in C (Second edition). Cambridge University Press.
33. Qin, X., & Lee, W. (2004). Attack plan recognition and prediction using causal networks. In Annual Computer Security Application Conference, pp. 370-379.
34. Rieck, K., & Laskov, P. (2007). Language models for detection of unknown attacks in network traffic. In Journal in Computer Virology.
35. Saria, S., Nodelman, U., & Koller, D. (2007). Reasoning at the right time granularity. In Uncertainty in Artificial Intelligence.
36. Simma, A., Goldszmidt, M., MacCormick, J., Barham, P., Black, R., Isaacs, R., & Mortier, R. (2008). CT-NOR: Representing and reasoning about events in continuous time. In Uncertainty in Artificial Intelligence.
37. Soule, A., Salamatian, L., Taft, N., Emilion, R., & Papagiannali, K. (2004). Flow classification by histogram. In ACM SIGMETRICS.
38. Soule, A., Salamatian, K., & Taft, N. (2005). Combining filtering and statistical methods for anomaly detection. In Internet Measurement Conference, pp. 331-344.
39. Tandon, G., & Chan, P. K. (2005). Learning useful system call attributes for anomaly detection. In The Florida Artificial Intelligence Research Society Conference, pp. 405-410.
40. Warrender, C., Forrest, S., & Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, IEEE Computer Society.
41. Xu, J., & Shelton, C. R. (2008). Continuous time Bayesian networks for host level network intrusion detection. In European Conference on Machine Learning.
42. Xu, K., Zhang, Z.-L., & Bhattacharyya, S. (2005). Profiling internet backbone traffic: Behavior models and applications. In ACM SIGCOMM.
43. Ye, N., Emran, S. M., Chen, Q., & Vilbert, S. (2002). Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Transactions of Computers, 51(7), 810-820.
44. Yeung, D.-Y., & Chow, C. (2002). Parzen-window network intrusion detectors. In International Conference on Pattern Recognition.
45. Yeung, D.-Y., & Ding, Y. (2002). User profiling for intrusion detection using dynamic and static behavioral models. Advances in Knowledge Discovery and Data Mining, 2336, 494-505.
46. Zuev, D., & Moore, A. (2005). Internet traffic classification using Bayesian analysis techniques. In ACM SIGMETRICS.