Abstract
Intrusion detection in computer networks faces the problem of a large number of both false alarms and unrecognized attacks. To improve the precision of detection, various machine learning techniques have been proposed. However, one critical issue is that the amount of reference data that contains serious intrusions is very sparse. In this paper we present an inference process with linear chain conditional random fields that aims to solve this problem by using domain knowledge about the alerts of different intrusion sensors represented in an ontology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, C., Domingos, P., Weld, D.: Relational Markov Models and their Application to Adaptive Web Navigation. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2002)
Anderson, R.: Security Engineering, 2nd edn., p. 664. Wiley Publishing, Chichester (2008)
Wagner, T., Elfers, C.: Learning and Prediction based on a Relational Hidden Markov Model. In: International Conference on Agents and Artificial Intelligence (2010)
Gu, G., Crdenas, A.A., Lee, W.: Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems. In: ASIACCS ’08 (2008)
Gupta, K.K., Nath, B., Ramamohanarao, K.: Conditional Random Fields for Intrusion Detection. In: 21st International Conference on Advanced Information Networking and Applications Workshops, AINAW’07 (2007)
Gupta, K.K., Nath, B., Ramamohanarao, K.: Layered Approach Using Conditional Random Fields for Intrusion Detection. IEEE Transactions on Dependable and Secure Computing (2010)
Lafferty, J., McCallum, A., Pereira, F.: Conditional Random Fields: Probabilistic Models for Segmenting and Labeling Sequence Data. In: 18th International Conf. on Machine Learning (2001)
Lee, D., Kim, D., Jung, J.: Multi-Stage Intrusion Detection System Using Hidden Markov Model Algorithm. In: Proceedings of the 2008 International Conference on Information Science and Security (2008)
Oblinger, D., Castelli, V., Lau, T., Bergman, L.D.: Similarity-Based Alignment and Generalization. In: Machine Learning: ECML (2005)
Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Applications of Hidden Markov Models to Detecting Multi-stage Network Attacks. In: Proceedings of the 36th Hawaii International Conference on System Sciences (2003)
Qin, X., Lee, W.: Attack Plan Recognition and Prediction Using Causal Networks. In: Annual Computer Security Applications Conference (2004)
Garcia-Teodoro, P., Daz-Verdejo, J., Marci-Fernndez, G., Vzquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers and Security (2009)
Wallach, H.M.: Conditional random fields: An introduction. Technical Report MS-CIS-04-21. University of Pennsylvania (2004)
Yu, D., Frincke, D.: Improving the quality of alerts and predicting intruder’s next goal with Hidden Colored Petri-Net. Computer Networks: The International Journal of Computer and Telecommunications Networking (2007)
Zhong, J., Zhu, H., Li, J., Yu, Y.: Conceptual Graph Matching for Semantic Search. In: Proceedings of the 2002 International Conference on Computational Science (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elfers, C., Horstmann, M., Sohr, K., Herzog, O. (2010). Typed Linear Chain Conditional Random Fields and Their Application to Intrusion Detection. In: Fyfe, C., Tino, P., Charles, D., Garcia-Osorio, C., Yin, H. (eds) Intelligent Data Engineering and Automated Learning – IDEAL 2010. IDEAL 2010. Lecture Notes in Computer Science, vol 6283. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15381-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-15381-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15380-8
Online ISBN: 978-3-642-15381-5
eBook Packages: Computer ScienceComputer Science (R0)