1st Edition

Data Mining and Machine Learning in Cybersecurity

By Sumeet Dua, Xian Du Copyright 2011
    256 Pages 69 B/W Illustrations
    by Auerbach Publications

    With the rapid advancement of information discovery techniques, machine learning and data mining continue to play a significant role in cybersecurity. Although several conferences, workshops, and journals focus on the fragmented research topics in this area, there has been no single interdisciplinary resource on past and current works and possible paths for future research in this area. This book fills this need.

    From basic concepts in machine learning and data mining to advanced problems in the machine learning domain, Data Mining and Machine Learning in Cybersecurity provides a unified reference for specific machine learning solutions to cybersecurity problems. It supplies a foundation in cybersecurity fundamentals and surveys contemporary challenges—detailing cutting-edge machine learning and data mining techniques. It also:

    • Unveils cutting-edge techniques for detecting new attacks
    • Contains in-depth discussions of machine learning solutions to detection problems
    • Categorizes methods for detecting, scanning, and profiling intrusions and anomalies
    • Surveys contemporary cybersecurity problems and unveils state-of-the-art machine learning and data mining solutions
    • Details privacy-preserving data mining methods

    This interdisciplinary resource includes technique review tables that allow for speedy access to common cybersecurity problems and associated data mining methods. Numerous illustrative figures help readers visualize the workflow of complex techniques and more than forty case studies provide a clear understanding of the design and application of data mining and machine learning techniques in cybersecurity.

    Data Mining
    Machine Learning
    Review on Cybersecurity Solutions
         Proactive Security Solutions
         Reactive Security Solutions
    Further Reading

    Classical Machine-Learning Paradigms for Data Mining
    Machine Learning
         Fundamentals of Supervised Machine-Learning Methods
         Popular Unsupervised Machine-Learning Methods
    Improvements on Machine-Learning Methods
         New Machine-Learning Algorithms
         Feature Selection Methods
         Evaluation Methods
         Cross Validation
         Challenges in Data Mining
         Challenges in Machine Learning (Supervised Learning and Unsupervised Learning)
    Research Directions
         Understanding the Fundamental Problems of Machine-Learning Methods in Cybersecurity
         Incremental Learning in Cyberinfrastructures
         Feature Selection/Extraction for Data with Evolving Characteristics
         Privacy-Preserving Data Mining

    Supervised Learning for Misuse/Signature Detection
    Misuse/Signature Detection
    Machine Learning in Misuse/Signature Detection
    Machine-Learning Applications in Misuse Detection
         Rule-Based Signature Analysis
         Artificial Neural Network
         Support Vector Machine
         Genetic Programming
         Decision Tree and CART
         Bayesian Network

    Machine Learning for Anomaly Detection
    Anomaly Detection
    Machine Learning in Anomaly Detection Systems
    Machine-Learning Applications in Anomaly Detection
         Rule-Based Anomaly Detection (Table 1.3, C.6)
         Fuzzy Rule-Based (Table 1.3, C.6)
         ANN (Table 1.3, C.9)
         Support Vector Machines (Table 1.3, C.12)
         Nearest Neighbor-Based Learning (Table 1.3, C.11)
         Hidden Markov Model
         Kalman Filter
         Unsupervised Anomaly Detection
         Information Theoretic (Table 1.3, C.5)
         Other Machine-Learning Methods Applied in Anomaly Detection (Table 1.3, C.2)

    Machine Learning for Hybrid Detection
    Hybrid Detection
    Machine Learning in Hybrid Intrusion Detection Systems
    Machine-Learning Applications in Hybrid Intrusion Detection
         Anomaly–Misuse Sequence Detection System
         Association Rules in Audit Data Analysis and Mining (Table 1.4, D.4)
         Misuse–Anomaly Sequence Detection System
         Parallel Detection System
         Complex Mixture Detection System
         Other Hybrid Intrusion Systems

    Machine Learning for Scan Detection
    Scan and Scan Detection
    Machine Learning in Scan Detection
    Machine-Learning Applications in Scan Detection
    Other Scan Techniques with Machine-Learning Methods

    Machine Learning for Profiling Network Traffic
    Network Traffic Profiling and Related Network Traffic Knowledge
    Machine Learning and Network Traffic Profiling
    Data-Mining and Machine-Learning Applications in Network Profiling
         Other Profiling Methods and Applications.

    Privacy-Preserving Data Mining
    Privacy Preservation Techniques in PPDM
         Privacy Preservation in Data Mining
    Workflow of PPDM
         Introduction of the PPDM Workflow
         PPDM Algorithms
         Performance Evaluation of PPDM Algorithms
    Data-Mining and Machine-Learning Applications in PPDM
         Privacy Preservation Association Rules (Table 1.1, A.4)
         Privacy Preservation Decision Tree (Table 1.1, A.6)
         Privacy Preservation Bayesian Network (Table 1.1, A.2)
         Privacy Preservation KNN (Table 1.1, A.7)
         Privacy Preservation k-Means Clustering (Table 1.1, A.3)
         Other PPDM Methods

    Emerging Challenges in Cybersecurity
    Emerging Cyber Threats
         Threats from Malware
         Threats from Botnets
         Threats from Cyber Warfare
         Threats from Mobile Communication
         Cyber Crimes
    Network Monitoring, Profiling, and Privacy Preservation
         Privacy Preservation of Original Data
         Privacy Preservation in the Network Traffic Monitoring and Profiling Algorithms
         Privacy Preservation of Monitoring and Profiling Data 
         Regulation, Laws, and Privacy Preservation
         Privacy Preservation, Network Monitoring, and Profiling Example: PRISM
    Emerging Challenges in Intrusion Detection
         Unifying the Current Anomaly Detection Systems
         Network Traffic Anomaly Detection
         Imbalanced Learning Problem and Advanced Evaluation Metrics for IDS
         Reliable Evaluation Data Sets or Data Generation Tools
         Privacy Issues in Network Anomaly Detection


    Each chapter includes a Summary and References


    Dr. Sumeet Dua is currently an upchurch endowed associate professor and the coordinator of IT research at Louisiana Tech University, Ruston, USA. He received his PhD in computer science from Louisiana State University, Baton Rouge, Louisiana.

    His areas of expertise include data mining, image processing and computational decision support, pattern recognition, data warehousing, biomedical informatics, and heterogeneous distributed data integration. The National Science Foundation (NSF), the National Institutes of Health (NIH), the Air Force Research Laboratory (AFRL), the Air Force Office of Sponsored Research (AFOSR), the National Aeronautics and Space Administration (NASA), and the Louisiana Board of Regents (LA-BoR) have funded his research with over $2.8 million. He frequently serves as a study section member (expert panelist) for the National Institutes of Health (NIH) and panelist for the National Science Foundation (NSF)/CISE Directorate. Dr. Dua has chaired several conference sessions in the area of data mining and is the program chair for the Fifth International Conference on Information Systems, Technology, and Management (ICISTM-2011). He has given more than 26 invited talks on data mining and its applications at international academic and industry arenas, has advised more than 25 graduate theses, and currently advises several graduate students in the discipline. Dr. Dua is a coinventor of two issued U.S. patents, has (co-)authored more than 50 publications and book chapters, and has authored or edited four books. Dr. Dua has received the Engineering and Science Foundation Award for Faculty Excellence (2006) and the Faculty Research Recognition Award (2007), has been recognized as a distinguished researcher (2004–2010) by the Louisiana Biomedical Research Network (NIH-sponsored), and has won the Outstanding Poster Award at the NIH/NCI caBIG—NCRI Informatics Joint Conference; Biomedical Informatics without Borders: From Collaboration to Implementation. Dr. Dua is a senior member of the IEEE Computer Society, a senior member of the ACM, and a member of SPIE and the American Association for Advancement of Science.

    Dr. Xian Du is a research associate and postdoctoral fellow at Louisiana Tech University, Ruston, USA. He worked as a postdoctoral researcher at the Centre National de la Recherche Scientifique (CNRS) in the CREATIS Lab, Lyon, France, from 2007 to 2008 and served as a software engineer in Kikuze Solutions Pte. Ltd., Singapore, in 2006. He received his PhD from the Singapore–MIT Alliance (SMA) Programme at the National University of Singapore in 2006.

    Dr. Xian Du’s current research focus is on high-performance computing using machine-learning and data-mining technologies, data-mining applications for cybersecurity, software in multiple computer operational environments, and clustering theoretical research. He has broad experience in machine-learning applications in industry and academic research at high-level research institutes. During his work in the CREATIS Lab in France, he developed a 3D smooth active contour technology for knee cartilage MRI image segmentation. He led a small research and development group to develop color control plug-ins for an RGB color printer to connect to the Windows system through image processing GDI functions for Kikuze Solutions.

    He helped to build an intelligent e-diagnostics system for reducing mean time to repair wire-bonding machines at National Semiconductor Ltd., Singapore (NSC). During his PhD dissertation research at the SMA, he developed an intelligent color print process control system for color printers. Dr. Du’s major research interests are machine-learning and data-mining applications, heterogeneous data integration and visualization, cybersecurity, and clustering theoretical research.