An Unsupervised Learning Approach for Network and System Analysis

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii List of Abbreviations and Symbols Used . . . . . . . . . . . . . . . . . . ix Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Chapter

[1]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[2]  Xiaobo Zhou,et al.  An Adaptive Growing Hierarchical Self Organizing Map for Network Intrusion Detection , 2010, 2010 Proceedings of 19th International Conference on Computer Communications and Networks.

[3]  Sameer Singh,et al.  Novelty detection: a review - part 1: statistical approaches , 2003, Signal Process..

[4]  A. Nur Zincir-Heywood,et al.  On botnet behaviour analysis using GP and C4.5 , 2014, GECCO.

[5]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[6]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[7]  Esa Alhoniemi,et al.  Probabilistic measures for responses of Self-Organizing Map units , 1999 .

[8]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[9]  Gonzalo Álvarez,et al.  Application of the Generic Feature Selection Measure in Detection of Web Attacks , 2011, CISIS.

[10]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[11]  Esa Alhoniemi,et al.  SOM Toolbox for Matlab 5 , 2000 .

[12]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[13]  Guofei Gu,et al.  Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems , 2006, Sixth International Conference on Data Mining (ICDM'06).

[14]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[15]  Ethem Alpaydin,et al.  Introduction to machine learning , 2004, Adaptive computation and machine learning.

[16]  István Szabó,et al.  On the Validation of Traffic Classification Algorithms , 2008, PAM.

[17]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[18]  Andrew W. Moore,et al.  X-means: Extending K-means with Efficient Estimation of the Number of Clusters , 2000, ICML.

[19]  Malcolm I. Heywood,et al.  A Hierarchical SOM based Intrusion Detection System , 2008 .

[20]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[21]  Leyla Bilge,et al.  Automatically Generating Models for Botnet Detection , 2009, ESORICS.

[22]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[23]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[24]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[25]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[26]  Prateek Mittal,et al.  BotGrep: Finding P2P Bots with Structured Graph Analysis , 2010, USENIX Security Symposium.

[27]  Kalyan Veeramachaneni,et al.  AI^2: Training a Big Data Machine to Defend , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[28]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[29]  Xiaobo Zhou,et al.  A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection , 2012, J. Parallel Distributed Comput..

[30]  Aiko M. Hormann,et al.  Programs for Machine Learning. Part I , 1962, Inf. Control..

[31]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[32]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[33]  J. L. Hodges,et al.  Rank Methods for Combination of Independent Experiments in Analysis of Variance , 1962 .

[34]  A. Nur Zincir-Heywood,et al.  On the Effectiveness of Different Botnet Detection Approaches , 2015, ISPEC.

[35]  O. J. Dunn Multiple Comparisons among Means , 1961 .

[36]  A. Nur Zincir-Heywood,et al.  Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification , 2016, IEEE Systems Journal.

[37]  Philip S. Yu,et al.  Top 10 algorithms in data mining , 2007, Knowledge and Information Systems.

[38]  Francisco Herrera,et al.  Advanced nonparametric tests for multiple comparisons in the design of experiments in computational intelligence and data mining: Experimental analysis of power , 2010, Inf. Sci..

[39]  Yao Zheng,et al.  PeerClean: Unveiling peer-to-peer botnets through dynamic group behavior analysis , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[40]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .