Journal ArticleDOI
A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection
Anna L. Buczak,Erhan Guven +1 more
TLDR
The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/ DM for cyber security is presented, and some recommendations on when to use a given method are provided.Abstract:
This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection. Short tutorial descriptions of each ML/DM method are provided. Based on the number of citations or the relevance of an emerging method, papers representing each method were identified, read, and summarized. Because data are so important in ML/DM approaches, some well-known cyber data sets used in ML/DM are described. The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/DM for cyber security is presented, and some recommendations on when to use a given method are provided.read more
Citations
More filters
Journal ArticleDOI
A Double-Layered Hybrid Approach for Network Intrusion Detection System Using Combined Naive Bayes and SVM
TL;DR: In this paper, the authors proposed a Double-Layered Hybrid Approach (DLHA) designed specifically to address the aforementioned problem, which deploys Naive Bayes classifier as Layer 1 to detect DoS and Probe, and adopts SVM as Layer 2 to distinguish R2L and U2R from normal instances.
Journal ArticleDOI
Architectural Tactics for Big Data Cybersecurity Analytics Systems: A Review
Faheem Ullah,Muhammad Ali Babar +1 more
TL;DR: A systematic review aimed at identifying the most frequently reported quality attributes and architectural tactics for Big Data Cybersecurity Analytic Systems revealed that despite the significance of interoperability, modifiability, adaptability, generality, stealthiness, and privacy assurance, these quality attributes lack explicit architectural support in the literature.
Journal ArticleDOI
A New Method for Flow-Based Network Intrusion Detection Using the Inverse Potts Model
TL;DR: Energy-based flow classifier (EFC) as discussed by the authors uses inverse statistics to infer a statistical model based on labeled benign examples, which is more adaptable to different data distributions than classical ML-based classifiers.
Journal ArticleDOI
A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment
TL;DR: A number of potential research challenges and opportunities, such as scalability and the need for real-time identification of exploitable vulnerabilities, are identified by the systematic literature review performed in this paper.
Journal ArticleDOI
TIDCS: A Dynamic Intrusion Detection and Classification System Based Feature Selection
TL;DR: Two models for intrusion detection and classification scheme Trust-based Intrusion Detection and Classification System- Accelerated and TIDCS-A are proposed and shown that both models can detect malicious behaviors providing higher accuracy, detection rates, and lower false alarm than state-of-art techniques.
References
More filters
Journal ArticleDOI
Random Forests
TL;DR: Internal estimates monitor error, strength, and correlation and these are used to show the response to increasing the number of features used in the forest, and are also applicable to regression.
Book
Fuzzy sets
TL;DR: A separation theorem for convex fuzzy sets is proved without requiring that the fuzzy sets be disjoint.
Journal ArticleDOI
Maximum likelihood from incomplete data via the EM algorithm
Book
The Nature of Statistical Learning Theory
TL;DR: Setting of the learning problem consistency of learning processes bounds on the rate of convergence ofLearning processes controlling the generalization ability of learning process constructing learning algorithms what is important in learning theory?
Journal ArticleDOI
Collective dynamics of small-world networks
TL;DR: Simple models of networks that can be tuned through this middle ground: regular networks ‘rewired’ to introduce increasing amounts of disorder are explored, finding that these systems can be highly clustered, like regular lattices, yet have small characteristic path lengths, like random graphs.
Related Papers (5)
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
Robin Sommer,Vern Paxson +1 more