國立高雄大學圖資館 |

Data mining and machine learning in cybersecurity

Record Type:	Electronic resources : Monograph/item
Title/Author:	Data mining and machine learning in cybersecuritySumeet Dua and Xian Du.
Author:	Dua, Sumeet.
other author:	Du, Xian,
Published:	Boca Raton :CRC Press,c2011.
Description:	1 online resource (1 v.) :ill.
Subject:	Data mining.
Online resource:	http://www.crcnetbase.com/doi/book/10.1201/b10867
ISBN:	9781439839430 (electronic bk.)

Data mining and machine learning in cybersecurity
Dua, Sumeet.

Data mining and machine learning in cybersecurity[electronic resource] /Sumeet Dua and Xian Du. - Boca Raton :CRC Press,c2011. - 1 online resource (1 v.) :ill.

Includes bibliographical references and index.

Machine generated contents note: 1.Introduction -- 1.1.Cybersecurity -- 1.2.Data Mining -- 1.3.Machine Learning -- 1.4.Review of Cybersecurity Solutions -- 1.4.1.Proactive Security Solutions -- 1.4.2.Reactive Security Solutions -- 1.4.2.1.Misuse/Signature Detection -- 1.4.2.2.Anomaly Detection -- 1.4.2.3.Hybrid Detection -- 1.4.2.4.Scan Detection -- 1.4.2.5.Profiling Modules -- 1.5.Summary -- 1.6.Further Reading -- References -- 2.Classical Machine-Learning Paradigms for Data Mining -- 2.1.Machine Learning -- 2.1.1.Fundamentals of Supervised Machine-Learning Methods -- 2.1.1.1.Association Rule Classification -- 2.1.1.2.Artificial Neural Network -- 2.1.1.3.Support Vector Machines -- 2.1.1.4.Decision Trees -- 2.1.1.5.Bayesian Network -- 2.1.1.6.Hidden Markov Model -- 2.1.1.7.Kalman Filter -- 2.1.1.8.Bootstrap, Bagging, and AdaBoost -- 2.1.1.9.Random Forest -- 2.1.2.Popular Unsupervised Machine-Learning Methods -- 2.1.2.1.k-Means Clustering -- 2.1.2.2.Expectation Maximum -- 2.1.2.3.k-Nearest Neighbor -- 2.1.2.4.SOM ANN -- 2.1.2.5.Principal Components Analysis -- 2.1.2.6.Subspace Clustering -- 2.2.Improvements on Machine-Learning Methods -- 2.2.1.New Machine-Learning Algorithms -- 2.2.2.Resampling -- 2.2.3.Feature Selection Methods -- 2.2.4.Evaluation Methods -- 2.2.5.Cross Validation -- 2.3.Challenges -- 2.3.1.Challenges in Data Mining -- 2.3.1.1.Modeling Large-Scale Networks -- 2.3.1.2.Discovery of Threats -- 2.3.1.3.Network Dynamics and Cyber Attacks -- 2.3.1.4.Privacy Preservation in Data Mining -- 2.3.2.Challenges in Machine Learning (Supervised Learning and Unsupervised Learning) -- 2.3.2.1.Online Learning Methods for Dynamic Modeling of Network Data -- 2.3.2.2.Modeling Data with Skewed Class Distributions to Handle Rare Event Detection -- 2.3.2.3.Feature Extraction for Data with Evolving Characteristics -- 2.4.Research Directions -- 2.4.1.Understanding the Fundamental Problems of Machine-Learning Methods in Cybersecurity -- 2.4.2.Incremental Learning in Cyberinfrastructures -- 2.4.3.Feature Selection/Extraction for Data with Evolving Characteristics -- 2.4.4.Privacy-Preserving Data Mining -- 2.5.Summary -- References -- 3.Supervised Learning for Misuse/Signature Detection -- 3.1.Misuse/Signature Detection -- 3.2.Machine Learning in Misuse/Signature Detection -- 3.3.Machine-Learning Applications in Misuse Detection -- 3.3.1.Rule-Based Signature Analysis -- 3.3.1.1.Classification Using Association Rules -- 3.3.1.2.Fuzzy-Rule-Based -- 3.3.2.Artificial Neural Network -- 3.3.3.Support Vector Machine -- 3.3.4.Genetic Programming -- 3.3.5.Decision Tree and CART -- 3.3.5.1.Decision-Tree Techniques -- 3.3.5.2.Application of a Decision Tree in Misuse Detection -- 3.3.5.3.CART -- 3.3.6.Bayesian Network -- 3.3.6.1.Bayesian Network Classifier -- 3.3.6.2.Naive Bayes -- 3.4.Summary -- References -- 4.Machine Learning for Anomaly Detection -- 4.1.Introduction -- 4.2.Anomaly Detection -- 4.3.Machine Learning in Anomaly Detection Systems -- 4.4.Machine-Learning Applications in Anomaly Detection -- 4.4.1.Rule-Based Anomaly Detection (Table 1.3, C.6) -- 4.4.1.1.Fuzzy Rule-Based (Table 1.3, C.6) -- 4.4.2.ANN (Table 1.3, C.9) -- 4.4.3.Support Vector Machines (Table 1.3, C.12) -- 4.4.4.Nearest Neighbor-Based Learning (Table 1.3, C.11) -- 4.4.5.Hidden Markov Model -- 4.4.6.Kalman Filter -- 4.4.7.Unsupervised Anomaly Detection -- 4.4.7.1.Clustering-Based Anomaly Detection -- 4.4.7.2.Random Forests -- 4.4.7.3.Principal Component Analysis/Subspace -- 4.4.7.4.One-Class Supervised Vector Machine -- 4.4.8.Information Theoretic (Table 1.3, C.5) -- 4.4.9.Other Machine-Learning Methods Applied in Anomaly Detection (Table 1.3, C.2) -- 4.5.Summary -- References -- 5.Machine Learning for Hybrid Detection -- 5.1.Hybrid Detection -- 5.2.Machine Learning in Hybrid Intrusion Detection Systems -- 5.3.Machine-Learning Applications in Hybrid Intrusion Detection -- 5.3.1.Anomaly-Misuse Sequence Detection System -- 5.3.2.Association Rules in Audit Data Analysis and Mining (Table 1.4, D.4) -- 5.3.3.Misuse-Anomaly Sequence Detection System -- 5.3.4.Parallel Detection System -- 5.3.5.Complex Mixture Detection System -- 5.3.6.Other Hybrid Intrusion Systems -- 5.4.Summary -- References -- 6.Machine Learning for Scan Detection -- 6.1.Scan and Scan Detection -- 6.2.Machine Learning in Scan Detection -- 6.3.Machine-Learning Applications in Scan Detection -- 6.4.Other Scan Techniques with Machine-Learning Methods -- 6.5.Summary -- References -- 7.Machine Learning for Profiling Network Traffic -- 7.1.Introduction -- 7.2.Network Traffic Profiling and Related Network Traffic Knowledge -- 7.3.Machine Learning and Network Traffic Profiling -- 7.4.Data-Mining and Machine-Learning Applications in Network Profiling -- 7.4.1.Other Profiling Methods and Applications -- 7.5.Summary -- References -- 8.Privacy-Preserving Data Mining -- 8.1.Privacy Preservation Techniques in PPDM -- 8.1.1.Notations -- 8.1.2.Privacy Preservation in Data Mining -- 8.2.Workflow of PPDM -- 8.2.1.Introduction of the PPDM Workflow -- 8.2.2.PPDM Algorithms -- 8.2.3.Performance Evaluation of PPDM Algorithms -- 8.3.Data-Mining and Machine-Learning Applications in PPDM -- 8.3.1.Privacy Preservation Association Rules (Table 1.1, A.4) -- 8.3.2.Privacy Preservation Decision Tree (Table 1.1, A.6) -- 8.3.3.Privacy Preservation Bayesian Network (Table 1.1, A.2) -- 8.3.4.Privacy Preservation KNN (Table 1.1, A.7) -- 8.3.5.Privacy Preservation k-Means Clustering (Table 1.1, A.3) -- 8.3.6.Other PPDM Methods -- 8.4.Summary -- References -- 9.Emerging Challenges in Cybersecurity -- 9.1.Emerging Cyber Threats -- 9.1.1.Threats from Malware -- 9.1.2.Threats from Botnets -- 9.1.3.Threats from Cyber Warfare -- 9.1.4.Threats from Mobile Communication -- 9.1.5.Cyber Crimes -- 9.2.Network Monitoring, Profiling, and Privacy Preservation -- 9.2.1.Privacy Preservation of Original Data -- 9.2.2.Privacy Preservation in the Network Traffic Monitoring and Profiling Algorithms -- 9.2.3.Privacy Preservation of Monitoring and Profiling Data -- 9.2.4.Regulation, Laws, and Privacy Preservation -- 9.2.5.Privacy Preservation, Network Monitoring, and Profiling Example: PRISM -- 9.3.Emerging Challenges in Intrusion Detection -- 9.3.1.Unifying the Current Anomaly Detection Systems -- 9.3.2.Network Traffic Anomaly Detection -- 9.3.3.Imbalanced Learning Problem and Advanced Evaluation Metrics for IDS -- 9.3.4.Reliable Evaluation Data Sets or Data Generation Tools -- 9.3.5.Privacy Issues in Network Anomaly Detection -- 9.4.Summary -- References.

ISBN: 9781439839430 (electronic bk.)Subjects--Topical Terms:

184440
Data mining.

LC Class. No.: QA76.9.D343 / D825 2011

Dewey Class. No.: 005.8

Data mining and machine learning in cybersecurity
LDR:07430cmm a2200253Ia 4500 001 442671
003 OCoLC
005 20141103113419.0
006 m o d
007 cr |n|||||||||
008 150128s2011 flua ob 001 0 eng d
020 $a 9781439839430 (electronic bk.)
020 $a 1439839433 (electronic bk.)
020 $z 9781439839423 (hardback)
035 $a (OCoLC)740893011 $z (OCoLC)879853963
035 $a ocn740893011
040 $a UPM $c UPM $d B24X7 $d COO $d GZM $d OCLCQ $d YDXCP $d OCLCF $d UMI $d DEBBG $d DEBSZ
050 4 $a QA76.9.D343 $b D825 2011
082 0 4 $a 005.8 $2 22
100 1 $a Dua, Sumeet. $3 511116
245 1 0 $a Data mining and machine learning in cybersecurity $h [electronic resource] / $c Sumeet Dua and Xian Du.
260 $a Boca Raton : $b CRC Press, $c c2011.
300 $a 1 online resource (1 v.) : $b ill.
504 $a Includes bibliographical references and index.
505 0 $a Machine generated contents note: 1.Introduction -- 1.1.Cybersecurity -- 1.2.Data Mining -- 1.3.Machine Learning -- 1.4.Review of Cybersecurity Solutions -- 1.4.1.Proactive Security Solutions -- 1.4.2.Reactive Security Solutions -- 1.4.2.1.Misuse/Signature Detection -- 1.4.2.2.Anomaly Detection -- 1.4.2.3.Hybrid Detection -- 1.4.2.4.Scan Detection -- 1.4.2.5.Profiling Modules -- 1.5.Summary -- 1.6.Further Reading -- References -- 2.Classical Machine-Learning Paradigms for Data Mining -- 2.1.Machine Learning -- 2.1.1.Fundamentals of Supervised Machine-Learning Methods -- 2.1.1.1.Association Rule Classification -- 2.1.1.2.Artificial Neural Network -- 2.1.1.3.Support Vector Machines -- 2.1.1.4.Decision Trees -- 2.1.1.5.Bayesian Network -- 2.1.1.6.Hidden Markov Model -- 2.1.1.7.Kalman Filter -- 2.1.1.8.Bootstrap, Bagging, and AdaBoost -- 2.1.1.9.Random Forest -- 2.1.2.Popular Unsupervised Machine-Learning Methods -- 2.1.2.1.k-Means Clustering -- 2.1.2.2.Expectation Maximum -- 2.1.2.3.k-Nearest Neighbor -- 2.1.2.4.SOM ANN -- 2.1.2.5.Principal Components Analysis -- 2.1.2.6.Subspace Clustering -- 2.2.Improvements on Machine-Learning Methods -- 2.2.1.New Machine-Learning Algorithms -- 2.2.2.Resampling -- 2.2.3.Feature Selection Methods -- 2.2.4.Evaluation Methods -- 2.2.5.Cross Validation -- 2.3.Challenges -- 2.3.1.Challenges in Data Mining -- 2.3.1.1.Modeling Large-Scale Networks -- 2.3.1.2.Discovery of Threats -- 2.3.1.3.Network Dynamics and Cyber Attacks -- 2.3.1.4.Privacy Preservation in Data Mining -- 2.3.2.Challenges in Machine Learning (Supervised Learning and Unsupervised Learning) -- 2.3.2.1.Online Learning Methods for Dynamic Modeling of Network Data -- 2.3.2.2.Modeling Data with Skewed Class Distributions to Handle Rare Event Detection -- 2.3.2.3.Feature Extraction for Data with Evolving Characteristics -- 2.4.Research Directions -- 2.4.1.Understanding the Fundamental Problems of Machine-Learning Methods in Cybersecurity -- 2.4.2.Incremental Learning in Cyberinfrastructures -- 2.4.3.Feature Selection/Extraction for Data with Evolving Characteristics -- 2.4.4.Privacy-Preserving Data Mining -- 2.5.Summary -- References -- 3.Supervised Learning for Misuse/Signature Detection -- 3.1.Misuse/Signature Detection -- 3.2.Machine Learning in Misuse/Signature Detection -- 3.3.Machine-Learning Applications in Misuse Detection -- 3.3.1.Rule-Based Signature Analysis -- 3.3.1.1.Classification Using Association Rules -- 3.3.1.2.Fuzzy-Rule-Based -- 3.3.2.Artificial Neural Network -- 3.3.3.Support Vector Machine -- 3.3.4.Genetic Programming -- 3.3.5.Decision Tree and CART -- 3.3.5.1.Decision-Tree Techniques -- 3.3.5.2.Application of a Decision Tree in Misuse Detection -- 3.3.5.3.CART -- 3.3.6.Bayesian Network -- 3.3.6.1.Bayesian Network Classifier -- 3.3.6.2.Naive Bayes -- 3.4.Summary -- References -- 4.Machine Learning for Anomaly Detection -- 4.1.Introduction -- 4.2.Anomaly Detection -- 4.3.Machine Learning in Anomaly Detection Systems -- 4.4.Machine-Learning Applications in Anomaly Detection -- 4.4.1.Rule-Based Anomaly Detection (Table 1.3, C.6) -- 4.4.1.1.Fuzzy Rule-Based (Table 1.3, C.6) -- 4.4.2.ANN (Table 1.3, C.9) -- 4.4.3.Support Vector Machines (Table 1.3, C.12) -- 4.4.4.Nearest Neighbor-Based Learning (Table 1.3, C.11) -- 4.4.5.Hidden Markov Model -- 4.4.6.Kalman Filter -- 4.4.7.Unsupervised Anomaly Detection -- 4.4.7.1.Clustering-Based Anomaly Detection -- 4.4.7.2.Random Forests -- 4.4.7.3.Principal Component Analysis/Subspace -- 4.4.7.4.One-Class Supervised Vector Machine -- 4.4.8.Information Theoretic (Table 1.3, C.5) -- 4.4.9.Other Machine-Learning Methods Applied in Anomaly Detection (Table 1.3, C.2) -- 4.5.Summary -- References -- 5.Machine Learning for Hybrid Detection -- 5.1.Hybrid Detection -- 5.2.Machine Learning in Hybrid Intrusion Detection Systems -- 5.3.Machine-Learning Applications in Hybrid Intrusion Detection -- 5.3.1.Anomaly-Misuse Sequence Detection System -- 5.3.2.Association Rules in Audit Data Analysis and Mining (Table 1.4, D.4) -- 5.3.3.Misuse-Anomaly Sequence Detection System -- 5.3.4.Parallel Detection System -- 5.3.5.Complex Mixture Detection System -- 5.3.6.Other Hybrid Intrusion Systems -- 5.4.Summary -- References -- 6.Machine Learning for Scan Detection -- 6.1.Scan and Scan Detection -- 6.2.Machine Learning in Scan Detection -- 6.3.Machine-Learning Applications in Scan Detection -- 6.4.Other Scan Techniques with Machine-Learning Methods -- 6.5.Summary -- References -- 7.Machine Learning for Profiling Network Traffic -- 7.1.Introduction -- 7.2.Network Traffic Profiling and Related Network Traffic Knowledge -- 7.3.Machine Learning and Network Traffic Profiling -- 7.4.Data-Mining and Machine-Learning Applications in Network Profiling -- 7.4.1.Other Profiling Methods and Applications -- 7.5.Summary -- References -- 8.Privacy-Preserving Data Mining -- 8.1.Privacy Preservation Techniques in PPDM -- 8.1.1.Notations -- 8.1.2.Privacy Preservation in Data Mining -- 8.2.Workflow of PPDM -- 8.2.1.Introduction of the PPDM Workflow -- 8.2.2.PPDM Algorithms -- 8.2.3.Performance Evaluation of PPDM Algorithms -- 8.3.Data-Mining and Machine-Learning Applications in PPDM -- 8.3.1.Privacy Preservation Association Rules (Table 1.1, A.4) -- 8.3.2.Privacy Preservation Decision Tree (Table 1.1, A.6) -- 8.3.3.Privacy Preservation Bayesian Network (Table 1.1, A.2) -- 8.3.4.Privacy Preservation KNN (Table 1.1, A.7) -- 8.3.5.Privacy Preservation k-Means Clustering (Table 1.1, A.3) -- 8.3.6.Other PPDM Methods -- 8.4.Summary -- References -- 9.Emerging Challenges in Cybersecurity -- 9.1.Emerging Cyber Threats -- 9.1.1.Threats from Malware -- 9.1.2.Threats from Botnets -- 9.1.3.Threats from Cyber Warfare -- 9.1.4.Threats from Mobile Communication -- 9.1.5.Cyber Crimes -- 9.2.Network Monitoring, Profiling, and Privacy Preservation -- 9.2.1.Privacy Preservation of Original Data -- 9.2.2.Privacy Preservation in the Network Traffic Monitoring and Profiling Algorithms -- 9.2.3.Privacy Preservation of Monitoring and Profiling Data -- 9.2.4.Regulation, Laws, and Privacy Preservation -- 9.2.5.Privacy Preservation, Network Monitoring, and Profiling Example: PRISM -- 9.3.Emerging Challenges in Intrusion Detection -- 9.3.1.Unifying the Current Anomaly Detection Systems -- 9.3.2.Network Traffic Anomaly Detection -- 9.3.3.Imbalanced Learning Problem and Advanced Evaluation Metrics for IDS -- 9.3.4.Reliable Evaluation Data Sets or Data Generation Tools -- 9.3.5.Privacy Issues in Network Anomaly Detection -- 9.4.Summary -- References.
650 0 $a Data mining. $3 184440
650 0 $a Machine learning. $3 188639
650 0 $a Computer security. $3 184416
700 1 $a Du, Xian, $c Ph.D. $3 697176
856 4 0 $u http://www.crcnetbase.com/doi/book/10.1201/b10867