Approaches to Online Learning and Concept Drift for User Identification in Computer Security

Get BibTex-formatted data

Download

PDF

Author

T. Lane and C. Brodley

Tech report number

COAST 98-12

Entry type

conference

Abstract

The task in the computer security domain of anomaly detection is to characterize the bahaviors of a computer user (the \'valid\', or \'normal\' user) so that unusual occurrences can be detected by comparison of the current input stream to the valid user's profile. This task requires an online learning system that can respond to concept drift and handle discrete non-metric time sequence data. We present an architecture for online learning in the anomaly detection domain and address the issues of incremental updating of system parameters and instance selection. We demonstrate a method for measuring direction and magnitude of concept drift in the classification space and present and evaluate approaches to the above stated issues which make use of the drift measurement.

Download

PDF

Date

1998

URL

https://www.cerias.purdue.edu/ ... orts-ssl/public/98-12.pdf

Institution

Purdue University

Key alpha

Lane

Publisher

American Association for Artifical Intelligence

Affiliation

Purdue University

Publication Date

1900-01-01

Copyright

1998

Keywords

concept drift, online learning

Language

English

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Conference{ Lane,
	title = "Approaches to Online Learning and Concept Drift for User Identification in Computer Security",
	author = "T. Lane and C. Brodley",
	year = "1998",
	institution = "Purdue University",
	publisher = "American Association for Artifical Intelligence",
	abstract = "The task in the computer security domain of anomaly detection is to characterize the bahaviors of a computer user (the \'valid\', or \'normal\' user) so that unusual occurrences can be detected by comparison of the current input stream to the valid user's profile.  This task requires an online learning system that can respond to concept drift and handle discrete non-metric time sequence data.  We present an architecture for online learning in the anomaly detection domain and address the issues of incremental updating of system parameters and instance selection.  We demonstrate a method for measuring direction and magnitude of concept drift in the classification space and present and evaluate approaches to the above stated issues which make use of the drift measurement.",
	affiliation = "Purdue University",
	copyright = "1998 ",
	keywords = "concept drift, online learning",
	language = "English",
	url = "https://www.cerias.purdue.edu/techreports-ssl/public/98-12.pdf",
}