Abstract
This paper shows that AI-methods can improve detection of malicious network traffic. A novel method based on Conditional Random Fields combined with Tolerant Pattern Matching is presented. The proposed method uses background knowledge represented in a description logic ontology, user modeled patterns build on-top of this ontology and training examples from the application domain to improve the detection accuracy of IT incidents, particularly addressing the problem of incomplete information.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley Publishing, Inc. (2008)
Batista, G.E.A.P.A., Prati, R.C., Monard, M.C.: A study of the behavior of several methods for balancing machine learning training data. SIGKDD Explor. 6 (2004)
Berger, A.: The improved iterative scaling algorithm: A gentle introduction (1997)
Chawla, N.V., Japkowicz, N., Kotcz, A.: Editorial: special issue on learning from imbalanced data sets. SIGKDD Explor. Newsl. 6, 1–6 (2004)
Elfers, C., Edelkamp, S., Herzog, O.: Efficient tolerant pattern matching with constraint abstractions in description logic. In: Intern. Conf. on Agents and Artificial Intelligence (ICAART), pp. 256–261 (2012)
Elfers, C., Edelkamp, S., Messerschmidt, H., Sohr, K.: Advanced event correlation in security information and event management systems. Technical Report 71, TZI, Universität Bremen (2013)
Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Symposium on Research in Security and Privacy, pp. 202–212 (1994)
Gonzalez, J.M., Paxson, V., Weaver, N.: Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention. In: ACM Conference on Computer and Communications Security, pp. 139–149 (2007)
Gu, Q., Cai, Z., Zhu, L., Huang, B.: Data mining on imbalanced data sets. In: Intern. Conf. on Advanced Computer Theory and Engineering, pp. 1020–1024 (December 2008)
Krügel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: ACM Symposium on Applied Computing, pp. 201–208 (2002)
Kumar, S., Spafford, E.H.: A Software Architecture to support Misuse Intrusion Detection. In: National Information Security Conference, pp. 194–204 (1995)
Lafferty, J., Zhu, X., Liu, Y.: Kernel conditional random fields: representation and clique selection. In: Intern. Conf. on Machine Learning (2004)
Laskov, P., Schaefer, C., Kotenko, I.: Intrusion detection in unlabeled data with quarter-sphere support vector machines. In: DIMVA, pp. 71–82 (2004)
Nicolett, M., Kavanagh, K.M.: Magic quadrant for security information and event management. Gartner Research document G00176034 (2010)
Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Computer Networks, pp. 2435–2463 (1999)
Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology 2, 243–256 (2007)
Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: Building Analysis Datasets and Gathering Experience Returns for Security, pp. 78–88 (2011)
Smith, A., Osborne, M.: Regularisation techniques for conditional random fields: Parameterised versus parameter-free. In: Dale, R., Wong, K.-F., Su, J., Kwong, O.Y. (eds.) IJCNLP 2005. LNCS (LNAI), vol. 3651, pp. 896–907. Springer, Heidelberg (2005)
Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 262–271 (2003)
Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: A review. Expert Systems with Applications 36(10), 11994–12000 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elfers, C., Edelkamp, S., Messerschmidt, H. (2013). Combining Conditional Random Fields and Background Knowledge for Improved Cyber Security. In: Timm, I.J., Thimm, M. (eds) KI 2013: Advances in Artificial Intelligence. KI 2013. Lecture Notes in Computer Science(), vol 8077. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40942-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-40942-4_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40941-7
Online ISBN: 978-3-642-40942-4
eBook Packages: Computer ScienceComputer Science (R0)