Skip to main content
SpringerLink
Log in

Combining Conditional Random Fields and Background Knowledge for Improved Cyber Security

  • Conference paper
KI 2013: Advances in Artificial Intelligence (KI 2013)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 8077))

Included in the following conference series:

  • 1473 Accesses

Abstract

This paper shows that AI-methods can improve detection of malicious network traffic. A novel method based on Conditional Random Fields combined with Tolerant Pattern Matching is presented. The proposed method uses background knowledge represented in a description logic ontology, user modeled patterns build on-top of this ontology and training examples from the application domain to improve the detection accuracy of IT incidents, particularly addressing the problem of incomplete information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley Publishing, Inc. (2008)

    Google Scholar 

  2. Batista, G.E.A.P.A., Prati, R.C., Monard, M.C.: A study of the behavior of several methods for balancing machine learning training data. SIGKDD Explor. 6 (2004)

    Google Scholar 

  3. Berger, A.: The improved iterative scaling algorithm: A gentle introduction (1997)

    Google Scholar 

  4. Chawla, N.V., Japkowicz, N., Kotcz, A.: Editorial: special issue on learning from imbalanced data sets. SIGKDD Explor. Newsl. 6, 1–6 (2004)

    Article  Google Scholar 

  5. Elfers, C., Edelkamp, S., Herzog, O.: Efficient tolerant pattern matching with constraint abstractions in description logic. In: Intern. Conf. on Agents and Artificial Intelligence (ICAART), pp. 256–261 (2012)

    Google Scholar 

  6. Elfers, C., Edelkamp, S., Messerschmidt, H., Sohr, K.: Advanced event correlation in security information and event management systems. Technical Report 71, TZI, Universität Bremen (2013)

    Google Scholar 

  7. Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Symposium on Research in Security and Privacy, pp. 202–212 (1994)

    Google Scholar 

  8. Gonzalez, J.M., Paxson, V., Weaver, N.: Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention. In: ACM Conference on Computer and Communications Security, pp. 139–149 (2007)

    Google Scholar 

  9. Gu, Q., Cai, Z., Zhu, L., Huang, B.: Data mining on imbalanced data sets. In: Intern. Conf. on Advanced Computer Theory and Engineering, pp. 1020–1024 (December 2008)

    Google Scholar 

  10. Krügel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: ACM Symposium on Applied Computing, pp. 201–208 (2002)

    Google Scholar 

  11. Kumar, S., Spafford, E.H.: A Software Architecture to support Misuse Intrusion Detection. In: National Information Security Conference, pp. 194–204 (1995)

    Google Scholar 

  12. Lafferty, J., Zhu, X., Liu, Y.: Kernel conditional random fields: representation and clique selection. In: Intern. Conf. on Machine Learning (2004)

    Google Scholar 

  13. Laskov, P., Schaefer, C., Kotenko, I.: Intrusion detection in unlabeled data with quarter-sphere support vector machines. In: DIMVA, pp. 71–82 (2004)

    Google Scholar 

  14. Nicolett, M., Kavanagh, K.M.: Magic quadrant for security information and event management. Gartner Research document G00176034 (2010)

    Google Scholar 

  15. Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Computer Networks, pp. 2435–2463 (1999)

    Google Scholar 

  16. Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology 2, 243–256 (2007)

    Article  Google Scholar 

  17. Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: Building Analysis Datasets and Gathering Experience Returns for Security, pp. 78–88 (2011)

    Google Scholar 

  18. Smith, A., Osborne, M.: Regularisation techniques for conditional random fields: Parameterised versus parameter-free. In: Dale, R., Wong, K.-F., Su, J., Kwong, O.Y. (eds.) IJCNLP 2005. LNCS (LNAI), vol. 3651, pp. 896–907. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 262–271 (2003)

    Google Scholar 

  20. Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: A review. Expert Systems with Applications 36(10), 11994–12000 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Neusta Software Development GmbH, 28217, Bremen, Germany

    Carsten Elfers

  2. Universität Bremen, 28359, Bremen, Germany

    Stefan Edelkamp & Hartmut Messerschmidt

Authors
  1. Carsten Elfers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Edelkamp
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hartmut Messerschmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Business Informatics I, University of Trier, 54286, Trier, Germany

    Ingo J. Timm

  2. Institute for Web Science and Technologies, University of Koblenz, Universitätsstr. 1, 56070, Koblenz, Germany

    Matthias Thimm

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Elfers, C., Edelkamp, S., Messerschmidt, H. (2013). Combining Conditional Random Fields and Background Knowledge for Improved Cyber Security. In: Timm, I.J., Thimm, M. (eds) KI 2013: Advances in Artificial Intelligence. KI 2013. Lecture Notes in Computer Science(), vol 8077. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40942-4_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40942-4_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40941-7

  • Online ISBN: 978-3-642-40942-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation