03-08-2012, 03:47 PM
Extrusion Detection Using Machine Learning
Extrusion Detection Using Machine Learning.pdf (Size: 250.51 KB / Downloads: 27)
ABSTRACT
This paper shows how to detect extrusions using Ma-
chine Learning. Machine learning deals with the is-
sue of how to build programs that improve their perfor-
mance at some task through experience. Machine learn-
ing algorithms have proven to be of great practical value
in a variety of application domains. They are particu-
larly useful for (a) poorly understood problem domains
where little knowledge exists for the humans to develop
eective algorithms; (b) domains where there are large
databases containing valuable implicit regularities to be
discovered; or © domains where programs must adapt
to changing conditions. Not surprisingly, the eld of
cyber space turns out to be a fertile ground where many
software security problems could be formulated as learn-
ing problems and approached in terms of learning algo-
rithms. This paper deals with the subject of applying
machine learning in extraction detection.
INTRODUCTION
In this paper, I present a framework[3] for extrusion de-
tection system for information security using machine
learning. Currently, the problem of information secu-
rity in big companies has become more and more im-
portant. The leaking of condential information and
internal attacks cost a lot of money of these companies
every year. Therefore an eective and ecient solu-
tion is urgently demanded. Extrusion detection system
(EDS)[2] is a good choice for solving this problem and
protecting condential information. However, EDS is
a new research topic and there is not much research
eort focusing on this area. Extrusion detection is a
reverse process of intrusion detection. Intrusion detec-
tion system (IDS)[4] is to protect the system from out-
side attacks, while EDS is to protect the system from
inside attacks. Therefore, there are many similar char-
acteristics between EDS and IDS.
EXTRUSION DETECTION
Extrusion detection[2] or outbound intrusion detection
is a branch of intrusion detection aimed at develop-
ing mechanisms to identify successful and unsuccess-
ful attempts to use the resources of a computer sys-
tem to compromise other systems. Extrusion detection
techniques focus primarily on the analysis of system
activity and outbound trac in order to detect mali-
cious users, malware or network trac that may pose
a threat to the security of neighboring systems.
SYSTEM ARCHITECTURE
Based on the study of both IDS and EDS, I proposed
a combination method[3] which integrates both misuse
detection and anomaly detection and applies data min-
ing techniques for automatically generating detection
rules and selecting proper features.
CONCLUSION
As a conclusion, our research work focuses on design
and implementation of an extrusion detection system
for information security of big companies. We rst
studied both IDS and EDS. By comparing them each
other, there are many similar characteristics between
them. Currently there are two general categories of
intrusion detection techniques, misuse detection and
anomaly detection. These methods can be also ap-
plied to extrusion detection problems. These two main
methods have advantages as well as disadvantages, such
as both of them need much human eort. Therefore,
we proposed another combination method which inte-
grates both misuse detection and anomaly detection
and applies machine learning for automatically gener-
ating detection rules and selecting proper features. In
this method, both user and system activities are rst
recorded as raw data. Then the raw data is processed
and analyzed by dierent machine learning techniques.
Finally, detection rules and proper features will be au-
tomatically generated. And the extrusion detection
and condential information protection can be carried
out based on the detection rules and proper features.
Currently, we have implemented a prototype system
for data collection, which includes four modules, user
monitor, process monitor, le system monitor, and net-
work monitor. In the future work, we plan to extend
the system to deal with the raw data and to automat-
ically generate detection rules, select proper features,
and construct normal proles.