Machine Learning Methods for Network Intrusion Detection and Intrusion Prevention Systems

Given the continuing advancement of networking applications and our increased dependence upon software-based systems, there is a pressing need to develop improved security techniques for defending modern information technology (IT) systems from malicious cyber-attacks. Indeed, anyone can be impacted by such activities, including individuals, corporations, and governments. Furthermore, the sustained expansion of the network user base and its associated set of applications is also introducing additional vulnerabilities which can lead to criminal breaches and loss of critical data. As a result, the broader cybersecurity problem area has emerged as a significant concern, with many solution strategies being proposed for both intrusion detection and prevention. Now in general, the cybersecurity dilemma can be treated as a conflict-resolution setup entailing a security system and minimum of two decision agents with competing goals (e.g., the attacker and the defender). Namely, on the one hand, the defender is focused on guaranteeing that the system operates at or above an adequate (specified) level. Conversely, the attacker is focused on trying to interrupt or corrupt the systems operation. In light of the above, this dissertation introduces novel methodologies to build appropriate strategies for system administrators (defenders). In particular, detailed mathematical models of security systems are developed to analyze overall performance and predict the likely behavior of the key decision makers influencing the protection structure. The initial objective here is to create a reliable intrusion detection mechanism to help identify malicious attacks at a very early stage, i.e., in order to minimize potentially critical consequences and damage to system privacy and stability. Furthermore, another key objective is also to develop effective intrusion prevention (response) mechanisms. Along these lines, a machine learning based solution framework is developed consisting of two modules. Specifically, the first module prepares the system for analysis and detects

[1]  Sudhir Kumar Sharma,et al.  Improving Classification Accuracy of Intrusion Detection System Using Feature Subset Selection , 2015, 2015 Fifth International Conference on Advanced Computing & Communication Technologies.

[2]  Sanjay Kumar Jena,et al.  A Study of K-Means and C-Means Clustering Algorithms for Intrusion Detection Product Development , 2014 .

[3]  Zhu Han,et al.  Game Theory in Wireless and Communication Networks: Theory, Models, and Applications , 2011 .

[4]  Hongsheng Xi,et al.  A Markov Game Theory-Based Risk Assessment Model for Network Information System , 2008, 2008 International Conference on Computer Science and Software Engineering.

[5]  Sean P. Meyn,et al.  An analysis of reinforcement learning with function approximation , 2008, ICML '08.

[6]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[7]  Sajal K. Das,et al.  Intrusion detection in sensor networks: a non-cooperative game approach , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[8]  Christin Schäfer,et al.  Learning Intrusion Detection: Supervised or Unsupervised? , 2005, ICIAP.

[9]  Svein J. Knapskog,et al.  Using Stochastic Game Theory to Compute the Expected Behavior of Attackers , 2005 .

[10]  Cannady,et al.  Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks , 2000 .

[11]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[12]  Ron Kohavi,et al.  Wrappers for Feature Subset Selection , 1997, Artif. Intell..

[13]  L. Hedges Distribution Theory for Glass's Estimator of Effect size and Related Estimators , 1981 .

[14]  Kandethody M. Ramachandran,et al.  Off-Policy Q-learning Technique for Intrusion Response in Network Security , 2018 .

[15]  Larry A. Rendell,et al.  A Practical Approach to Feature Selection , 1992, ML.

[16]  Nitesh V. Chawla,et al.  Computing Information Gain in Data Streams , 2005 .

[17]  Ralf Klinkenberg,et al.  Learning drifting concepts: Example selection vs. example weighting , 2004, Intell. Data Anal..

[18]  Michael L. Littman,et al.  Markov Games as a Framework for Multi-Agent Reinforcement Learning , 1994, ICML.

[19]  David A. Burke,et al.  Towards a Game Theory Model of Information Warfare , 2012 .

[20]  Geoff Hulten,et al.  Mining high-speed data streams , 2000, KDD '00.

[21]  Stuart J. Russell,et al.  Online bagging and boosting , 2005, 2005 IEEE International Conference on Systems, Man and Cybernetics.

[22]  Qishi Wu,et al.  A Stochastic Game Model with Imperfect Information in Cyber Security , 2010 .

[23]  João Gama,et al.  Issues in evaluation of stream learning algorithms , 2009, KDD.

[24]  Tansu Alpcan,et al.  Security Games with Incomplete Information , 2009, 2009 IEEE International Conference on Communications.

[25]  Zheni Stefanova,et al.  Network attribute selection, classification and accuracy (NASCA) procedure for intrusion detection systems , 2017, 2017 IEEE International Symposium on Technologies for Homeland Security (HST).

[26]  K. Ramachandran,et al.  Dynamic Game Theories in Cyber Security , 2016 .

[27]  Vladimir Vapnik,et al.  Constructing Learning Algorithms , 1995 .

[28]  Ricard Gavaldà,et al.  Learning from Time-Changing Data with Adaptive Windowing , 2007, SDM.

[29]  Zhang Shiyong,et al.  A kind of network security behavior model based on game theory , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[30]  K. Hausken,et al.  A Strategic Analysis of Information Sharing Among Cyber Attackers , 2015 .

[31]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[32]  Pavol Zavarsky,et al.  Fault Tree Analysis of Accidental Insider Security Events , 2012, 2012 International Conference on Cyber Security.

[33]  James Cannady Distributed Detection of Attacks in Mobile Ad Hoc Networks Using Learning Vector Quantization , 2009, 2009 Third International Conference on Network and System Security.

[34]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[35]  P. Bühlmann,et al.  Analyzing Bagging , 2001 .

[36]  Peter Dayan,et al.  Q-learning , 1992, Machine Learning.

[37]  Xin Xu,et al.  A Kernel-Based Reinforcement Learning Approach to Dynamic Behavior Modeling of Intrusion Detection , 2007, ISNN.

[38]  Ufuk Topcu,et al.  Probably Approximately Correct MDP Learning and Control With Temporal Logic Constraints , 2014, Robotics: Science and Systems.

[39]  T. Basar,et al.  Intrusion Response as a Resource Allocation Problem , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[40]  L. Shapley,et al.  Stochastic Games* , 1953, Proceedings of the National Academy of Sciences.

[41]  Nura Kawa Text Classification , 2016 .

[42]  Johannes Fürnkranz,et al.  A review and comparison of strategies for handling missing values in separate-and-conquer rule learning , 2011, Journal of Intelligent Information Systems.

[43]  Tansu Alpcan,et al.  Nash equilibrium design and optimization , 2009, 2009 International Conference on Game Theory for Networks.

[44]  Yuanzhuo Wang,et al.  Stochastic Game Nets and Applications in Network Security , 2008 .

[45]  Ryszard S. Michalski,et al.  Selecting Examples for Partial Memory Learning , 2000, Machine Learning.

[46]  D McMorrow,et al.  Science of Cyber-Security , 2010 .

[47]  Tansu Alpcan,et al.  Security Risk Management via Dynamic Games with Learning , 2011, 2011 IEEE International Conference on Communications (ICC).

[48]  Talel Abdessalem,et al.  Adaptive random forests for evolving data stream classification , 2017, Machine Learning.

[49]  Maria Kjaerland,et al.  A taxonomy and comparison of computer security incidents from the commercial and government sectors , 2006, Comput. Secur..

[50]  Gerhard Widmer,et al.  Learning in the presence of concept drift and hidden contexts , 2004, Machine Learning.

[51]  Huan Liu,et al.  Feature Selection via Discretization , 1997, IEEE Trans. Knowl. Data Eng..

[52]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[53]  James Cannady,et al.  Minimal dataset for Network Intrusion Detection Systems via MID-PCA: A hybrid approach , 2012, 2012 6th IEEE International Conference Intelligent Systems.

[54]  Salim Hariri,et al.  Game Theory Based Network Security , 2010, J. Information Security.

[55]  James Cannady Applying CMAC-based online learning to intrusion detection , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[56]  David B. Dunson,et al.  Sequential Markov Chain Monte Carlo , 2013 .

[57]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[58]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[59]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[60]  John N. Tsitsiklis,et al.  Asynchronous stochastic approximation and Q-learning , 1994, Mach. Learn..

[61]  M. Hemalatha,et al.  Effectiveness Evaluation of Rule Based Classifiers for the Classification of Iris Data Set , 2012 .

[62]  Richard S. Sutton,et al.  Reinforcement Learning: An Introduction , 1998, IEEE Trans. Neural Networks.

[63]  Atsushi Inoue,et al.  Collaborative intrusion detection system , 2003, 22nd International Conference of the North American Fuzzy Information Processing Society, NAFIPS 2003.

[64]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[65]  Tansu Alpcan,et al.  Network Security , 2010 .

[66]  Svein J. Knapskog,et al.  Towards a stochastic model for integrated security and dependability evaluation , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[67]  Thorsten Joachims,et al.  Detecting Concept Drift with Support Vector Machines , 2000, ICML.

[68]  Ian H. Witten,et al.  Generating Accurate Rule Sets Without Global Optimization , 1998, ICML.

[69]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[70]  A. Patcha,et al.  A game theoretic approach to modeling intrusion detection in mobile ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[71]  Yishay Mansour,et al.  Learning Rates for Q-learning , 2004, J. Mach. Learn. Res..

[72]  Chris P. Tsokos,et al.  Stochastic Differential Games. Theory and Applications , 2012 .

[73]  J. Filar,et al.  Competitive Markov Decision Processes , 1996 .

[74]  Rudolf Kruse,et al.  Enhancing Text Classification to Improve Information Filtering , 2001 .

[75]  Xin Xu,et al.  A Reinforcement Learning Approach for Host-Based Intrusion Detection Using Sequences of System Calls , 2005, ICIC.

[76]  Geoff Holmes,et al.  Benchmarking Attribute Selection Techniques for Discrete Class Data Mining , 2003, IEEE Trans. Knowl. Data Eng..

[77]  Cristina Comaniciu,et al.  A Bayesian game approach for intrusion detection in wireless ad hoc networks , 2006, GameNets '06.

[78]  Xin Xu,et al.  Kernel Least-Squares Temporal Difference Learning , 2006 .

[79]  W. Marsden I and J , 2012 .

[80]  George Forman Choose Your Words Carefully: An Empirical Study of Feature Selection Metrics for Text Classification , 2002, PKDD.