Data Mining and Machine Learning in Cybersecurity  book cover
1st Edition

Data Mining and Machine Learning in Cybersecurity

ISBN 9781439839423
Published April 25, 2011 by Auerbach Publications
256 Pages 69 B/W Illustrations

FREE Standard Shipping
USD $115.00

Prices & shipping based on shipping country


Book Description

With the rapid advancement of information discovery techniques, machine learning and data mining continue to play a significant role in cybersecurity. Although several conferences, workshops, and journals focus on the fragmented research topics in this area, there has been no single interdisciplinary resource on past and current works and possible paths for future research in this area. This book fills this need.

From basic concepts in machine learning and data mining to advanced problems in the machine learning domain, Data Mining and Machine Learning in Cybersecurity provides a unified reference for specific machine learning solutions to cybersecurity problems. It supplies a foundation in cybersecurity fundamentals and surveys contemporary challenges—detailing cutting-edge machine learning and data mining techniques. It also:

  • Unveils cutting-edge techniques for detecting new attacks
  • Contains in-depth discussions of machine learning solutions to detection problems
  • Categorizes methods for detecting, scanning, and profiling intrusions and anomalies
  • Surveys contemporary cybersecurity problems and unveils state-of-the-art machine learning and data mining solutions
  • Details privacy-preserving data mining methods

This interdisciplinary resource includes technique review tables that allow for speedy access to common cybersecurity problems and associated data mining methods. Numerous illustrative figures help readers visualize the workflow of complex techniques and more than forty case studies provide a clear understanding of the design and application of data mining and machine learning techniques in cybersecurity.

Table of Contents

Data Mining
Machine Learning
Review on Cybersecurity Solutions
     Proactive Security Solutions
     Reactive Security Solutions
Further Reading

Classical Machine-Learning Paradigms for Data Mining
Machine Learning
     Fundamentals of Supervised Machine-Learning Methods
     Popular Unsupervised Machine-Learning Methods
Improvements on Machine-Learning Methods
     New Machine-Learning Algorithms
     Feature Selection Methods
     Evaluation Methods
     Cross Validation
     Challenges in Data Mining
     Challenges in Machine Learning (Supervised Learning and Unsupervised Learning)
Research Directions
     Understanding the Fundamental Problems of Machine-Learning Methods in Cybersecurity
     Incremental Learning in Cyberinfrastructures
     Feature Selection/Extraction for Data with Evolving Characteristics
     Privacy-Preserving Data Mining

Supervised Learning for Misuse/Signature Detection
Misuse/Signature Detection
Machine Learning in Misuse/Signature Detection
Machine-Learning Applications in Misuse Detection
     Rule-Based Signature Analysis
     Artificial Neural Network
     Support Vector Machine
     Genetic Programming
     Decision Tree and CART
     Bayesian Network

Machine Learning for Anomaly Detection
Anomaly Detection
Machine Learning in Anomaly Detection Systems
Machine-Learning Applications in Anomaly Detection
     Rule-Based Anomaly Detection (Table 1.3, C.6)
     Fuzzy Rule-Based (Table 1.3, C.6)
     ANN (Table 1.3, C.9)
     Support Vector Machines (Table 1.3, C.12)
     Nearest Neighbor-Based Learning (Table 1.3, C.11)
     Hidden Markov Model
     Kalman Filter
     Unsupervised Anomaly Detection
     Information Theoretic (Table 1.3, C.5)
     Other Machine-Learning Methods Applied in Anomaly Detection (Table 1.3, C.2)

Machine Learning for Hybrid Detection
Hybrid Detection
Machine Learning in Hybrid Intrusion Detection Systems
Machine-Learning Applications in Hybrid Intrusion Detection
     Anomaly–Misuse Sequence Detection System
     Association Rules in Audit Data Analysis and Mining (Table 1.4, D.4)
     Misuse–Anomaly Sequence Detection System
     Parallel Detection System
     Complex Mixture Detection System
     Other Hybrid Intrusion Systems

Machine Learning for Scan Detection
Scan and Scan Detection
Machine Learning in Scan Detection
Machine-Learning Applications in Scan Detection
Other Scan Techniques with Machine-Learning Methods

Machine Learning for Profiling Network Traffic
Network Traffic Profiling and Related Network Traffic Knowledge
Machine Learning and Network Traffic Profiling
Data-Mining and Machine-Learning Applications in Network Profiling
     Other Profiling Methods and Applications.

Privacy-Preserving Data Mining
Privacy Preservation Techniques in PPDM
     Privacy Preservation in Data Mining
Workflow of PPDM
     Introduction of the PPDM Workflow
     PPDM Algorithms
     Performance Evaluation of PPDM Algorithms
Data-Mining and Machine-Learning Applications in PPDM
     Privacy Preservation Association Rules (Table 1.1, A.4)
     Privacy Preservation Decision Tree (Table 1.1, A.6)
     Privacy Preservation Bayesian Network (Table 1.1, A.2)
     Privacy Preservation KNN (Table 1.1, A.7)
     Privacy Preservation k-Means Clustering (Table 1.1, A.3)
     Other PPDM Methods

Emerging Challenges in Cybersecurity
Emerging Cyber Threats
     Threats from Malware
     Threats from Botnets
     Threats from Cyber Warfare
     Threats from Mobile Communication
     Cyber Crimes
Network Monitoring, Profiling, and Privacy Preservation
     Privacy Preservation of Original Data
     Privacy Preservation in the Network Traffic Monitoring and Profiling Algorithms
     Privacy Preservation of Monitoring and Profiling Data 
     Regulation, Laws, and Privacy Preservation
     Privacy Preservation, Network Monitoring, and Profiling Example: PRISM
Emerging Challenges in Intrusion Detection
     Unifying the Current Anomaly Detection Systems
     Network Traffic Anomaly Detection
     Imbalanced Learning Problem and Advanced Evaluation Metrics for IDS
     Reliable Evaluation Data Sets or Data Generation Tools
     Privacy Issues in Network Anomaly Detection


Each chapter includes a Summary and References

View More



Dr. Sumeet Dua is currently an upchurch endowed associate professor and the coordinator of IT research at Louisiana Tech University, Ruston, USA. He received his PhD in computer science from Louisiana State University, Baton Rouge, Louisiana.

His areas of expertise include data mining, image processing and computational decision support, pattern recognition, data warehousing, biomedical informatics, and heterogeneous distributed data integration. The National Science Foundation (NSF), the National Institutes of Health (NIH), the Air Force Research Laboratory (AFRL), the Air Force Office of Sponsored Research (AFOSR), the National Aeronautics and Space Administration (NASA), and the Louisiana Board of Regents (LA-BoR) have funded his research with over $2.8 million. He frequently serves as a study section member (expert panelist) for the National Institutes of Health (NIH) and panelist for the National Science Foundation (NSF)/CISE Directorate. Dr. Dua has chaired several conference sessions in the area of data mining and is the program chair for the Fifth International Conference on Information Systems, Technology, and Management (ICISTM-2011). He has given more than 26 invited talks on data mining and its applications at international academic and industry arenas, has advised more than 25 graduate theses, and currently advises several graduate students in the discipline. Dr. Dua is a coinventor of two issued U.S. patents, has (co-)authored more than 50 publications and book chapters, and has authored or edited four books. Dr. Dua has received the Engineering and Science Foundation Award for Faculty Excellence (2006) and the Faculty Research Recognition Award (2007), has been recognized as a distinguished researcher (2004–2010) by the Louisiana Biomedical Research Network (NIH-sponsored), and has won the Outstanding Poster Award at the NIH/NCI caBIG—NCRI Informatics Joint Conference; Biomedical Informatics without Borders: From Collaboration to Implementation. Dr. Dua is a senior member of the IEEE Computer Society, a senior member of the ACM, and a member of SPIE and the American Association for Advancement of Science.

Dr. Xian Du is a research associate and postdoctoral fellow at Louisiana Tech University, Ruston, USA. He worked as a postdoctoral researcher at the Centre National de la Recherche Scientifique (CNRS) in the CREATIS Lab, Lyon, France, from 2007 to 2008 and served as a software engineer in Kikuze Solutions Pte. Ltd., Singapore, in 2006. He received his PhD from the Singapore–MIT Alliance (SMA) Programme at the National University of Singapore in 2006.

Dr. Xian Du’s current research focus is on high-performance computing using machine-learning and data-mining technologies, data-mining applications for cybersecurity, software in multiple computer operational environments, and clustering theoretical research. He has broad experience in machine-learning applications in industry and academic research at high-level research institutes. During his work in the CREATIS Lab in France, he developed a 3D smooth active contour technology for knee cartilage MRI image segmentation. He led a small research and development group to develop color control plug-ins for an RGB color printer to connect to the Windows system through image processing GDI functions for Kikuze Solutions.

He helped to build an intelligent e-diagnostics system for reducing mean time to repair wire-bonding machines at National Semiconductor Ltd., Singapore (NSC). During his PhD dissertation research at the SMA, he developed an intelligent color print process control system for color printers. Dr. Du’s major research interests are machine-learning and data-mining applications, heterogeneous data integration and visualization, cybersecurity, and clustering theoretical research.