The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Detecting the Abnormal: Machine Learning in Computer Security

Download

Download PDF Document
PDF

Author

Lane, Brodley

Entry type

techreport

Abstract

Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous user. In this paper we present a machine learning approach to anomaly detection, designed to handle these two problems. Our system learns a user profile for each user account and subsequently employs it to detect anomalous behavior in that acount. Based on sequences of actions (UNIX commands) of the current user\'s input stream, the system compares each fixed-length input sequence with a historical library of the account\'s command sequences using a similarity measure...

Download

PDF

URL

http://ftp.cerias.purdue.edu/p ... lane-brodley-learning.pdf

Booktitle

Detecting the Abnormal: Machine Learning in Computer Security

Key alpha

Lane

Pages

20

School

Purdue

Affiliation

CERIAS

Bibdate

1/31/1997

Publication Date

2001-01-01

Contents

INTRODUCTION LEARNING A USER PROFILE DETECTING ANAMOLOUS BEHAVIOR EXPERIMENT 1: PROOF OF CONCEPT EXPERIMENT 2: INSTANCE SELECTION CONCLUSIONS AND FUTURE WORK

Keywords

application, learning from positive examples, sequence learning

Language

English

Subject

Detecting the Abnormal: Machine Learning in Computer Security

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.