Approaches to Online Learning and Concept Drift for User Identification in Computer Security
Author
T. Lane and C. Brodley
Tech report number
COAST 98-12
Abstract
The task in the computer security domain of anomaly detection is to characterize the bahaviors of a computer user (the \'valid\', or \'normal\' user) so that unusual occurrences can be detected by comparison of the current input stream to the valid user's profile. This task requires an online learning system that can respond to concept drift and handle discrete non-metric time sequence data. We present an architecture for online learning in the anomaly detection domain and address the issues of incremental updating of system parameters and instance selection. We demonstrate a method for measuring direction and magnitude of concept drift in the classification space and present and evaluate approaches to the above stated issues which make use of the drift measurement.
Institution
Purdue University
Publisher
American Association for Artifical Intelligence
Affiliation
Purdue University
Publication Date
1900-01-01
Keywords
concept drift, online learning
Location
A hard-copy of this is in the Papers Cabinet