Overview

Data mining is becoming a pervasive technology in activities as diverse as using historical data to predict the success of a marketing campaign, looking for patterns in financial transactions to discover illegal activities or analyzing genome sequences. From this perspective, it was just a matter of time for the discipline to reach the important area of computer security. This text presents a collection of research efforts on the use of data mining in computer security. Data mining has been loosely defined as the process of extracting information from large amounts of data. In the context of security, the information we are seeking is the knowledge of whether a security breach has been experienced, and if the answer is yes, who is the perpetrator. This information could be collected in the context of discovering intrusions that aim to breach the privacy of services, data in a computer system or alternatively, in the context of discovering evidence left in a computer system as part of criminal activity. The book concentrates heavily on the use of data mining in the area of intrusion detection. The reason for this is twofold. First, the volume of data dealing with both network and host activity is so large that it makes it an ideal candidate for using data mining techniques. Second, intrusion detection is an extremely critical activity. The text also addresses the application of data mining to computer forensics. This is a crucial area that seeks to address the needs of law enforcement in analyzing the digital evidence.

Full Product Details

Author:   Daniel Barbará ,  Sushil Jajodia
Publisher:   Springer-Verlag New York Inc.
Imprint:   Springer-Verlag New York Inc.
Edition:   2002 ed.
Volume:   6
Dimensions:   Width: 15.50cm , Height: 1.70cm , Length: 23.50cm
Weight:   1.250kg
ISBN:  

9781402070549

ISBN 10:   1402070543
Pages:   252
Publication Date:   31 May 2002
Audience:   College/higher education ,  Professional and scholarly ,  Postgraduate, Research & Scholarly ,  Professional & Vocational
Format:   Hardback
Publisher's Status:   Active
Availability:   In Print  
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

1 Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt.- 1. Introduction.- 2. Detection Strategies.- 3. Data Sources.- 4. Degrees of Attack Guilt.- 5. Conclusion.- References.- 2 Data Mining for Intrusion Detection.- 1. Introduction.- 2. Data Mining Basics.- 3. Data Mining Meets Intrusion Detection.- 4. Observations on the State of the Art.- 5. Future Research Directions.- 6. Summary.- References.- 3 An Architecture for Anomaly Detection.- 1. Introduction.- 2. Architecture.- 3. ADAM: an implementation of the architecture.- 4. Experiences.- 5. Breaking the dependency on training data.- 6. Future.- References.- 4 A Geometric Framework for Unsupervised Anomaly Detection.- 1. Introduction.- 2. Unsupervised Anomaly Detection.- 3. A Geometric Framework for Unsupervised Anomaly Detection.- 4. Detecting Outliers in Feature Spaces.- 5. Algorithm 1: Cluster-based Estimation.- 6. Algorithm 2: K-nearest neighbor.- 7. Algorithm 3: One Class SVM.- 8. Feature Spaces for Intrusion Detection.- 9. Experiments.- 10. Discussion.- References.- 5 Fusing a Heterogeneous Alert Stream into Scenarios.- 1. Introduction.- 2. Fusion Approach.- 3. Architecture.- 4. Definitions.- 5. Probability Assignment.- 6. Experimental Results.- 7. System Benefits.- 8. Discussion and Summary.- References.- 6 Using MIB II Variables for Network Intrusion Detection.- 1. Introduction.- 2. Background.- 3. Model Construction.- 4. Experiments and Performance Evaluation.- 5. Discussion.- 6. Related Work.- 7. Conclusions and Future Work.- References.- 7 Adaptive Model Generation.- 1. Introduction.- 2. Components of Adaptive Model Generation.- 3. Capabilities of Adaptive Model Generation.- 4. Model Generation Algorithms.- 5. Model Generation Example: SVM.- 6. System Example 1: Registry Anomaly Detection.- 7. System Example 2: HAUNT.- 8. Conclusion.- References.- 8 Proactive Intrusion Detection.- 1. Introduction.- 2. Information Assurance, Data Mining, and Proactive Intrusion Detection.- 3. A methodology for discovering precursors - Assumptions, Ob-jectives, Procedure and Analysis.- 4. A Case Study - Precursor Rules for Distributed Denial of Ser-vice Attacks.- 5. Conclusions.- References.- 9 E-mail Authorship Attribution for Computer Forensics.- 1. Introduction and Motivation.- 2. Authorship Attribution.- 3. E-mail Authorship Attribution.- 4. Support Vector Machine Classifier.- 5. E-mail Corpus and Methodology.- 6. Results and Discussion.- 7. Conclusions.- References.

Reviews

Author Information

Dr. Sushil Jajodia is Professor and Chairman of the Dept. of Information and Software Engineering, and Director of the Center for Secure Information Systems at the George Mason University, Fairfax, Virginia, USA

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions