E-Book, Englisch, 210 Seiten, eBook
Maloof Machine Learning and Data Mining for Computer Security
1. Auflage 2006
ISBN: 978-1-84628-253-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Methods and Applications
E-Book, Englisch, 210 Seiten, eBook
Reihe: Advanced Information and Knowledge Processing
ISBN: 978-1-84628-253-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
"Machine Learning and Data Mining for Computer Security" provides an overview of the current state of research in machine learning and data mining as it applies to problems in computer security. This book has a strong focus on information processing and combines and extends results from computer security.
The first part of the book surveys the data sources, the learning and mining methods, evaluation methodologies, and past work relevant for computer security. The second part of the book consists of articles written by the top researchers working in this area. These articles deals with topics of host-based intrusion detection through the analysis of audit trails, of command sequences and of system calls as well as network intrusion detection through the analysis of TCP packets and the detection of malicious executables.
This book fills the great need for a book that collects and frames work on developing and applying methods from machine learning and data mining to problems in computer security.
Zielgruppe
Research
Autoren/Hrsg.
Weitere Infos & Material
Survey Contributions.- An Introduction to Information Assurance.- Some Basic Concept of Machine Learning and Data Mining.- Research Contributions.- Learning to Detect Malicious Executables.- Data Mining Applied to Intrusion Detection: MITRE Experiences.- Intrusion Detection Alarm Clustering.- Behavioral Features for Network Anomaly Detection.- Cost-Sensitive Modeling for Intrusion Detection.- Data Cleaning and Enriched Representations for Anomaly Detection in System Calls.- A Decision-Theoritic, Semi-Supervised Model for Intrusion Detection.
2 An Introduction to Information Assurance (p. 7)
Clay Shields
2.1 Introduction
The intuitive function of computer security is to limit access to a computer system. With a perfect security system, information would never be compromised because unauthorized users would never gain access to the system. Unfortunately, it seems beyond our current abilities to build a system that is both perfectly secure and useful.
Instead, the security of information is often compromised through technical flaws and through user actions. The realization that we cannot build a perfect system is important, because it shows that we need more than just protection mechanisms. We should expect the system to fail, and be prepared for failures.
As described in Sect. 2.2, system designers not only use mechanisms that protect against policy violations, but also detect when violations occur, and respond to the violation. This response often includes analyzing why the protection mechanisms failed and improving them to prevent future failures.
It is also important to realize that security systems do not exist just to limit access to a system. The true goal of implementing security is to protect the information on the system, which can be far more valuable than the system itself or access to its computing resources.
Because systems involve human users, protecting information requires more than just technical measures. It also requires that the users be aware of and follow security policies that support protection of information as needed.
This chapter provides a wider view of information security, with the goal of giving machine learning researchers and practitioners an overview of the area and suggesting new areas that might benefit from machine learning approaches. This wider view of security is called information assurance.
It includes the technical aspects of protecting information, as well as defining policies thoroughly and correctly and ensuring proper behavior of human users and operators. I will first describe the security process.
I will then explain the standard model of information assurance and its components, and, finally, will describe common attackers and the threats they pose. I will conclude with some examples of problems that fall outside much of the normal technical considerations of computer security that may be amenable to solution by machine learning methods.
2.2 The Security Process
Human beings are inherently fallible. Because we will make mistakes, our security process must reflect that fact and attempt to account for it. This recognition leads to the cycle of security shown in Fig. 2.1. This cycle is really very familiar and intuitive, and is common in everyday life, and is illustrated here with a running example of securing an automobile.
2.2.1 Protection
Protection mechanisms are used to enforce a particular policy. The goal is to prevent things that are undesirable from occurring. A familiar example is securing an automobile and its contents. A car comes with locks to prevent anyone without a key from gaining access to it, or from starting it without the key. These locks constitute the car’s protection mechanisms.
2.2.2 Detection
Since we anticipate that our protection mechanisms will be imperfect, we attempt to determine when that occurs by adding detection mechanisms.
