| |
| |
List of Figures | |
| |
| |
List of Tables | |
| |
| |
Preface | |
| |
| |
Authors | |
| |
| |
| |
Introduction | |
| |
| |
| |
Cybersecurity | |
| |
| |
| |
Data Mining | |
| |
| |
| |
Machine Learning | |
| |
| |
| |
Review of Cybersecurity Solutions | |
| |
| |
| |
Proactive Security Solutions | |
| |
| |
| |
Reactive Security Solutions | |
| |
| |
| |
Misuse/Signature Detection | |
| |
| |
| |
Anomaly Detection | |
| |
| |
| |
Hybrid Detection | |
| |
| |
| |
Scan Detection | |
| |
| |
| |
Profiling Modules | |
| |
| |
| |
Summary | |
| |
| |
| |
Further Reading | |
| |
| |
References | |
| |
| |
| |
Classical Machine-Learning Paradigms for Data Mining | |
| |
| |
| |
Machine Learning | |
| |
| |
| |
Fundamentals of Supervised Machine-Learning Methods | |
| |
| |
| |
Association Rule Classification | |
| |
| |
| |
Artificial Neural Network | |
| |
| |
| |
Support Vector Machines | |
| |
| |
| |
Decision Trees | |
| |
| |
| |
Bayesian Network | |
| |
| |
| |
Hidden Markov Model | |
| |
| |
| |
Kalman Filter | |
| |
| |
| |
Bootstrap, Bagging, and AdaBoost | |
| |
| |
| |
Random Forest | |
| |
| |
| |
Popular Unsupervised Machine-Learning Methods | |
| |
| |
| |
k-Means Clustering | |
| |
| |
| |
Expectation Maximum | |
| |
| |
| |
k-Nearest Neighbor | |
| |
| |
| |
SOM ANN | |
| |
| |
| |
Principal Components Analysis | |
| |
| |
| |
Subspace Clustering | |
| |
| |
| |
Improvements on Machine-Learning Methods | |
| |
| |
| |
New Machine-Learning Algorithms | |
| |
| |
| |
Resampling | |
| |
| |
| |
Feature Selection Methods | |
| |
| |
| |
Evaluation Methods | |
| |
| |
| |
Cross Validation | |
| |
| |
| |
Challenges | |
| |
| |
| |
Challenges in Data Mining | |
| |
| |
| |
Modeling Large-Scale Networks | |
| |
| |
| |
Discovery of Threats | |
| |
| |
| |
Network Dynamics and Cyber Attacks | |
| |
| |
| |
Privacy Preservation in Data Mining | |
| |
| |
| |
Challenges in Machine Learning (Supervised Learning and Unsupervised Learning) | |
| |
| |
| |
Online Learning Methods for Dynamic Modeling of Network Data | |
| |
| |
| |
Modeling Data with Skewed Class Distributions to Handle Rare Event Detection | |
| |
| |
| |
Feature Extraction for Data with Evolving Characteristics | |
| |
| |
| |
Research Directions | |
| |
| |
| |
Understanding the Fundamental Problems of Machine-Learning Methods in Cybersecurity | |
| |
| |
| |
Incremental Learning in Cyberinfrastructures | |
| |
| |
| |
Feature Selection/Extraction for Data with Evolving Characteristics | |
| |
| |
| |
Privacy-Preserving Data Mining | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Supervised Learning for Misuse/Signature Detection | |
| |
| |
| |
Misuse/Signature Detection | |
| |
| |
| |
Machine Learning in Misuse/Signature Detection | |
| |
| |
| |
Machine-Learning Applications in Misuse Detection | |
| |
| |
| |
Rule-Based Signature Analysis | |
| |
| |
| |
Classification Using Association Rules | |
| |
| |
| |
Fuzzy-Rule-Based | |
| |
| |
| |
Artificial Neural Network | |
| |
| |
| |
Support Vector Machine | |
| |
| |
| |
Genetic Programming | |
| |
| |
| |
Decision Tree and CART | |
| |
| |
| |
Decision-Tree Techniques | |
| |
| |
| |
Application of a Decision Tree in Misuse Detection | |
| |
| |
| |
CART | |
| |
| |
| |
Bayesian Network | |
| |
| |
| |
Bayesian Network Classifier | |
| |
| |
| |
Na�ve Bayes | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Machine Learning for Anomaly Detection | |
| |
| |
| |
Introduction | |
| |
| |
| |
Anomaly Detection | |
| |
| |
| |
Machine Learning in Anomaly Detection Systems | |
| |
| |
| |
Machine-Learning Applications in Anomaly Detection | |
| |
| |
| |
Rule-Based Anomaly Detection (Table 1.3, C.6) | |
| |
| |
| |
Fuzzy Rule-Based (Table 1.3, C.6) | |
| |
| |
| |
ANN (Table 1.3, C.9) | |
| |
| |
| |
Support Vector Machines (Table 1.3, C.12) | |
| |
| |
| |
Nearest Neighbor-Based Learning (Table 1.3, C.ll) | |
| |
| |
| |
Hidden Markov Model | |
| |
| |
| |
Kalman Filter | |
| |
| |
| |
Unsupervised Anomaly Detection | |
| |
| |
| |
Clustering-Based Anomaly Detection | |
| |
| |
| |
Random Forests | |
| |
| |
| |
Principal Component Analysis/Subspace | |
| |
| |
| |
One-Class Supervised Vector Machine | |
| |
| |
| |
Information Theoretic (Table 1.3, C.5) | |
| |
| |
| |
Other Machine-Learning Methods Applied in Anomaly Detection (Table 1.3, C.2) | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Machine Learning for Hybrid Detection | |
| |
| |
| |
Hybrid Detection | |
| |
| |
| |
Machine Learning in Hybrid Intrusion Detection Systems | |
| |
| |
| |
Machine-Learning Applications in Hybrid Intrusion Detection | |
| |
| |
| |
Anomaly-Misuse Sequence Detection System | |
| |
| |
| |
Association Rules in Audit Data Analysis and Mining (Table 1.4, D.4) | |
| |
| |
| |
Misuse-Anomaly Sequence Detection System | |
| |
| |
| |
Parallel Detection System | |
| |
| |
| |
Complex Mixture Detection System | |
| |
| |
| |
Other Hybrid Intrusion Systems | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Machine Learning for Scan Detection | |
| |
| |
| |
Scan and Scan Detection | |
| |
| |
| |
Machine Learning in Scan Detection | |
| |
| |
| |
Machine-Learning Applications in Scan Detection | |
| |
| |
| |
Other Scan Techniques with Machine-Learning Methods | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Machine Learning for Profiling Network Traffic | |
| |
| |
| |
Introduction | |
| |
| |
| |
Network Traffic Profiling and Related Network Traffic Knowledge | |
| |
| |
| |
Machine Learning and Network Traffic Profiling | |
| |
| |
| |
Data-Mining and Machine-Learning Applications in Network Profiling | |
| |
| |
| |
Other Profiling Methods and Applications | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Privacy-Preserving Data Mining | |
| |
| |
| |
Privacy Preservation Techniques in PPDM | |
| |
| |
| |
Notations | |
| |
| |
| |
Privacy Preservation in Data Mining | |
| |
| |
| |
Workflow of PPDM | |
| |
| |
| |
Introduction of the PPDM Workflow | |
| |
| |
| |
PPDM Algorithms | |
| |
| |
| |
Performance Evaluation of PPDM Algorithms | |
| |
| |
| |
Data-Mining and Machine-Learning Applications in PPDM | |
| |
| |
| |
Privacy Preservation Association Rules (Table 1.1, A.4) | |
| |
| |
| |
Privacy Preservation Decision Tree (Table 1.1, A.6) | |
| |
| |
| |
Privacy Preservation Bayesian Network (Table 1.1, A.2) | |
| |
| |
| |
Privacy Preservation KNN (Table 1.1, A.7) | |
| |
| |
| |
Privacy Preservation k-Means Clustering (Table 1.1, A.3) | |
| |
| |
| |
Other PPDM Methods | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
| |
Emerging Challenges in Cybersecurity | |
| |
| |
| |
Emerging Cyber Threats | |
| |
| |
| |
Threats from Malware | |
| |
| |
| |
Threats from Botnets | |
| |
| |
| |
Threats from Cyber Warfare | |
| |
| |
| |
Threats from Mobile Communication | |
| |
| |
| |
Cyber Crimes | |
| |
| |
| |
Network Monitoring, Profiling, and Privacy Preservation | |
| |
| |
| |
Privacy Preservation of Original Data | |
| |
| |
| |
Privacy Preservation in the Network Traffic Monitoring and Profiling Algorithms | |
| |
| |
| |
Privacy Preservation of Monitoring and Profiling Data | |
| |
| |
| |
Regulation, Laws, and Privacy Preservation | |
| |
| |
| |
Privacy Preservation, Network Monitoring, and Profiling Example: PRISM | |
| |
| |
| |
Emerging Challenges in Intrusion Detection | |
| |
| |
| |
Unifying the Current Anomaly Detection Systems | |
| |
| |
| |
Network Traffic Anomaly Detection | |
| |
| |
| |
Imbalanced Learning Problem and Advanced Evaluation Metrics for IDS | |
| |
| |
| |
Reliable Evaluation Data Sets or Data Generation Tools | |
| |
| |
| |
Privacy Issues in Network Anomaly Detection | |
| |
| |
| |
Summary | |
| |
| |
References | |
| |
| |
Index | |