1st Edition
Network Anomaly Detection A Machine Learning Perspective
With the rapid rise in the ubiquity and sophistication of Internet technology and the accompanying growth in the number of network attacks, network intrusion detection has become increasingly important. Anomaly-based network intrusion detection refers to finding exceptional or nonconforming patterns in network traffic data compared to normal behavior. Finding these anomalies has extensive applications in areas such as cyber security, credit card and insurance fraud detection, and military surveillance for enemy activities. Network Anomaly Detection: A Machine Learning Perspective presents machine learning techniques in depth to help you more effectively detect and counter network intrusion.
In this book, you’ll learn about:
- Network anomalies and vulnerabilities at various layers
- The pros and cons of various machine learning techniques and algorithms
- A taxonomy of attacks based on their characteristics and behavior
- Feature selection algorithms
- How to assess the accuracy, performance, completeness, timeliness, stability, interoperability, reliability, and other dynamic aspects of a network anomaly detection system
- Practical tools for launching attacks, capturing packet or flow traffic, extracting features, detecting attacks, and evaluating detection performance
- Important unresolved issues and research challenges that need to be overcome to provide better protection for networks
Examining numerous attacks in detail, the authors look at the tools that intruders use and show how to use this knowledge to protect networks. The book also provides material for hands-on development, so that you can code on a testbed to implement detection methods toward the development of your own intrusion detection system. It offers a thorough introduction to the state of the art in network anomaly detection using machine learning approaches and systems.
Introduction
The Internet and Modern Networks
Network Vulnerabilities
Anomalies and Anomalies in Networks
Machine Learning
Prior Work on Network Anomaly Detection
Contributions of This Book
Organization
Networks and Anomalies
Networking Basics
Anomalies in a Network
An Overview of Machine Learning Methods
Introduction
Types of Machine Learning Methods
Supervised Learning: Some Popular Methods
Unsupervised Learning
Probabilistic Learning
Soft Computing
Reinforcement Learning
Hybrid Learning Methods
Discussion
Detecting Anomalies in Network Data
Detection of Network Anomalies
Aspects of Network Anomaly Detection
Datasets
Discussion
Feature Selection
Feature Selection vs. Feature Extraction
Feature Relevance
Advantages
Applications of Feature Selection
Prior Surveys on Feature Selection
Problem Formulation
Steps in Feature Selection
Feature Selection Methods: A Taxonomy
Existing Methods of Feature Selection
Subset Evaluation Measures
Systems and Tools for Feature Selection
Discussion
Approaches to Network Anomaly Detection
Network Anomaly Detection Methods
Types of Network Anomaly Detection Methods
Anomaly Detection Using Supervised Learning
Anomaly Detection Using Unsupervised Learning
Anomaly Detection Using Probabilistic Learning
Anomaly Detection Using Soft Computing
Knowledge in Anomaly Detection
Anomaly Detection Using Combination Learners
Discussion
Evaluation Methods
Accuracy
Performance
Completeness
Timeliness
Stability
Interoperability
Data Quality, Validity and Reliability
Alert Information
Unknown Attacks Detection
Updating References
Discussion
Tools and Systems
Introduction
Attack Related Tools
Attack Detection Systems
Discussion
Open Issues, Challenges and Concluding Remarks
Runtime Limitations for Anomaly Detection Systems
Reducing the False Alarm Rate
Issues in Dimensionality Reduction
Computational Needs of Network Defense Mechanisms
Designing Generic Anomaly Detection Systems
Handling Sophisticated Anomalies
Adaptability to Unknown Attacks
Detecting and Handling Large-Scale Attacks
Infrastructure Attacks
High Intensity Attacks
More Inventive Attacks
Concluding Remarks
References
Index
Biography
Dhruba Kumar Bhattacharyya is a professor in computer science and engineering at Tezpur University. Professor Bhattacharyya's research areas include network security, data mining, and bioinformatics. He has published more than 180 research articles in leading international journals and peer-reviewed conference proceedings. Dr. Bhattacharyya has written or edited seven technical books in English and two technical reference books in Assamese. He is on the editorial board of several international journals and has also been associated with several international conferences. For more about Dr. Bhattacharyya, see his profile at Tezpur University.
Jugal Kumar Kalita teaches computer science at the University of Colorado, Colorado Springs. His expertise is in the areas of artificial intelligence and machine learning, and the application of techniques in machine learning to network security, natural language processing, and bioinformatics. He has published 115 papers in journals and refereed conferences, and is the author of a book on Perl. He received the Chancellor's Award at the University of Colorado in 2011, in recognition of lifelong excellence in teaching, research, and service. For more about Dr. Kalita, see his profile at the University of Colorado.