Applications of Data Mining in Computer Security,9781402070549

Applications of Data Mining in Computer Security

by ;
ISBN13: 9781402070549
ISBN10: 1402070543
Format: Hardcover
Pub. Date: 2002-06-01
Publisher(s): Kluwer Academic Pub
List Price: $188.99

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:30 Days access
Downloadable:30 Days
$35.64
Online:60 Days access
Downloadable:60 Days
$47.52
Online:90 Days access
Downloadable:90 Days
$59.40
Online:120 Days access
Downloadable:120 Days
$71.28
Online:180 Days access
Downloadable:180 Days
$77.22
Online:1825 Days access
Downloadable:Lifetime Access
$118.80
*To support the delivery of the digital material to you, a non-refundable digital delivery fee of $3.99 will be charged on each digital item.
$77.22*
Add to Cart

New Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

Buy from our Marketplace starting at $113.65

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Data mining is becoming a pervasive technology in activities as diverse as using historical data to predict the success of a marketing campaign, looking for patterns in financial transactions to discover illegal activities or analyzing genome sequences. From this perspective, it was just a matter of time for the discipline to reach the important area of computer security. Applications Of Data Mining In Computer Security presents a collection of research efforts on the use of data mining in computer security. Data mining has been loosely defined as the process of extracting information from large amounts of data. In the context of security, the information we are seeking is the knowledge of whether a security breach has been experienced, and if the answer is yes, who is the perpetrator. This information could be collected in the context of discovering intrusions that aim to breach the privacy of services, data in a computer system or alternatively, in the context of discovering evidence left in a computer system as part of criminal activity. Applications Of Data Mining In Computer Security concentrates heavily on the use of data mining in the area of intrusion detection. The reason for this is twofold. First, the volume of data dealing with both network and host activity is so large that it makes it an ideal candidate for using data mining techniques. Second, intrusion detection is an extremely critical activity. This book also addresses the application of data mining to computer forensics. This is a crucial area that seeks to address the needs of law enforcement in analyzing the digital evidence. Applications Of Data Mining In Computer Security is designed to meet the needs of a professional audience composed of researchers and practitioners in industry and graduate level students in computer science.

Author Biography

Dr. Sushil Jajodia is Professor and Chairman of the Dept. of Information and Software Engineering, and Director of the Center for Secure Information Systems at the George Mason University, Fairfax, Virginia, USA

Table of Contents

List of Figures
xiii
List of Tables
xvii
Preface xix
Modern Instrusion Detection, Data Mining, and Degrees of Attack Guilt
1(32)
Steven Noel
Duminda Wijesekera
Charles Youman
Introduction
2(1)
Detection Strategies
3(9)
Misuse Detection
4(1)
Expert Systems
4(1)
Signature Analysis
5(1)
State-Transition Analysis
6(1)
Data Mining
7(1)
Other Approaches
8(1)
Anomaly Detection
8(1)
Statistical Methods
9(1)
Expert Systems
10(1)
Data Mining
10(2)
Other Approaches
12(1)
Data Sources
12(2)
Degrees of Attack Guilt
14(11)
Misuse Detection
15(1)
Knowledge-Based Methods
16(1)
Machine-Learning Methods
17(1)
Anomaly Detection
18(1)
Knowledge-Based Methods
18(1)
Statistical Methods
19(1)
Machine-Learning Methods
20(5)
Conclusion
25(8)
References
25(8)
Data Mining for Intrusion Detection
33(30)
Klaus Julisch
Introduction
33(1)
Data Mining Basics
34(7)
Data Mining, KDD, and Related Fields
34(2)
Some Data Mining Techniques
36(1)
Association Rules
37(1)
Frequent Episode Rules
38(1)
Classification
39(1)
Clustering
40(1)
Research Challenges in Data Mining
40(1)
Data Mining Meets Intrusion Detection
41(9)
Madam Id
43(2)
Adam
45(1)
Clustering of Unlabeled ID Data
46(1)
Mining the Alarm Stream
47(2)
Further Reading
49(1)
Observations on the State of the Art
50(4)
Data Mining, but no Knowledge Discovery
50(1)
Disregard of Other KDD Steps
51(1)
Too Strong Assumptions
52(1)
Narrow Scope of Research Activities
53(1)
Future Research Directions
54(2)
Summary
56(7)
References
57(6)
An Architecture for Anomaly Detection
63(14)
Daniel Barbara
Julia Couto
Sushil Jajodia
Ningning Wu
Introduction
63(2)
Architecture
65(2)
Filter
65(1)
Profile
65(2)
Profile Builder
67(1)
Diagnoser
67(1)
ADAM: an implementation of the architecture
67(5)
Experiences
72(1)
Breaking the dependency on training data
73(1)
Future
74(3)
References
75(2)
A Geometric Framework for Unsupervised Anomaly Detection
77(26)
Eleazar Eskin
Andrew Arnold
Michael Prerau
Leonid Portnoy
Sal Stolfo
Introduction
78(3)
Unsupervised Anomaly Detection
81(2)
A Geometric Framework for Unsupervised Anomaly Detection
83(2)
Feature Spaces
83(1)
Kernel Functions
84(1)
Convolution Kernels
85(1)
Detecting Outliers in Feature Spaces
85(1)
Algorithm 1: Cluster-based Estimation
86(1)
Algorithm 2: K-nearest neighbor
87(2)
Algorithm 3: One Class SVM
89(2)
Feature Spaces for Intrusion Detection
91(2)
Data-dependent Normalization Kernels
92(1)
Kernels for Sequences: The Spectrum Kernel
92(1)
Experiments
93(5)
Performance measures
93(1)
Data Set Descriptions
94(1)
Experimental Setup
95(1)
Experimental Results
96(2)
Discussion
98(5)
References
99(4)
Fusing a Heterogeneous Alert Stream into Scenarios
103(20)
Oliver Dain
Robert K. Cunningham
Introduction
104(1)
Fusion Approach
105(1)
Architecture
106(1)
Definitions
107(1)
Probability Assignment
108(7)
Data Sources and Use
108(3)
Naive Technique
111(1)
Heuristic Technique
112(2)
Data Mining Techniques
114(1)
Experimental Results
115(4)
Naive Technique
116(1)
Heuristic Technique
117(1)
Data Mining Techniques
117(2)
System Benefits
119(1)
Discussion and Summary
120(3)
References
120(3)
Using MIB II Variables for Network Intrusion Detection
123(30)
Xinzhou Qin
Wenke Lee
Lundy Lewis
Joao B. D. Cabrera
Introduction
124(1)
Background
125(2)
MIB II
125(1)
Entropy and Conditional Entropy
126(1)
Model Construction
127(7)
Model Architecture
127(2)
Anomaly Detection Module
129(1)
Anomaly Detection Model Design Overview
129(1)
Anomaly Detection Module Construction
129(5)
Experiments and Performance Evaluation
134(12)
Normal Data Sets
134(1)
Evaluation under Attacks
135(1)
Misuse Detection
135(5)
Anomaly Detection
140(6)
Discussion
146(2)
Related Work
148(1)
Conclusions and Future Work
149(4)
References
149(4)
Adaptive Model Generation
153(42)
Andrew Honig
Andrew Howard
Eleazar Eskin
Sal Stolfo
Introduction
154(3)
Components of Adaptive Model Generation
157(18)
Real Time Components
159(4)
Data Warehouse
163(2)
Detection Model Management
165(2)
Data Analysis Engines
167(7)
Efficiency consideration
174(1)
Capabilities of Adaptive Model Generation
175(4)
Real Time Detection Capabilities
175(1)
Automatic Data Collection and Data Warehousing
175(1)
Model Generation and Management
176(1)
Data Analysis Capabilities
176(2)
Correlation of Multiple Sensors
178(1)
Model Generation Algorithms
179(1)
Misuse Detection
179(1)
Anomaly Detection
179(1)
Unsupervised Anomaly Detection
180(1)
Model Generation Example: SVM
180(5)
SVM Algorithm
181(1)
SVM for Misuse Detection in AMG
182(1)
Unsupervised SVM Algorithm
183(1)
Unsupervised SVM for Unsuperivised Anomaly Detection
184(1)
System Example 1: Registry Anomaly Detection
185(2)
The RAD Data Model
185(1)
The RAD Sensor
185(1)
The RAD Classification Algorithm
186(1)
The RAD Detector
187(1)
System Example 2: Haunt
187(3)
Haunt Sensor
188(1)
Haunt Classification Algorithm
188(1)
Haunt Detector
188(1)
Haunt Feature Extraction
189(1)
Conclusion
190(5)
References
191(4)
Proactive Intrusion Detection
195(34)
Joao B. D. Cabrera
Lundy Lewis
Xinzhou Qin
Wenke Lee
Raman K. Mehra
Introduction
196(2)
Information Assurance, Data Mining, and Proactive Intrusion Detection
198(8)
Intrusion Detection Systems
198(1)
A Thought Experiment
198(6)
Proactive Intrusion Detection
204(2)
A methodology for discovering precursors - Assumptions, Objectives, Procedure and Analysis
206(11)
Notation and Definitions
206(1)
Time Series, Multivariate Time Series and Collections
206(1)
Events, Event Sequences, Causal Rules and Precursor Rules
207(1)
Assumptions, Problem Set-Up, Objectives and Procedure
208(3)
Analysis - Detection and Gradation of Causality in Time Series
211(1)
Notation and Definitions
211(1)
The Granger Causality Test as an Exploratory Tool
212(1)
GCT and the Extraction of Precurosor Rules - Modeling and Theoretical Developments
213(4)
A Case Study - Precursor Rules for Distributed Denial of Service Attacks
217(5)
DDoS Attacks and the experiments
217(2)
TFN2K Ping Flood - Extracting Precurosor Rules
219(3)
Conclusions
222(7)
References
223(6)
E-mail Authorship Attribution for Computer Forensics
229(1)
Olivier de Vel
Alison Anderson
Mal Corney
George Mohay
Introduction and Motivation
230(1)
Computer Forensics
230(2)
E-mail Forensics
232(2)
Authorship Attribution
234(4)
E-mail Authorship Attribution
238(1)
Support Vector Machine Classifier
239(1)
E-mail Corpus and Methodology
240(4)
Results and Discussion
244(2)
Conclusions
246(1)
References
247

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.