Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(514.88KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
Murat OGUZ, Ihsan Ömür BUCAK
Pages - 9 - 24     |    Revised - 30-04-2016     |    Published - 01-06-2016
Volume - 7   Issue - 2    |    Publication Date - June 2016  Table of Contents
MORE INFORMATION
KEYWORDS
Human Factors, Information Security, Taxonomy, Classification, Behavior-based Intrusion Detection.
ABSTRACT
Humans are consistently referred to as the weakest link in information security. Human factors such as individual differences, cognitive abilities and personality traits can impact on behavior and play a significant role in information security. The purpose of this study is to identify, describe and classify the human factors affecting Information Security and develop a model to reduce the risk of insider misuse and assess the use and performance of the best-suited artificial intelligence techniques in detection of misuse. More specifically, this study provides a comprehensive view of the human related information security risks and threats, classification study of the human related threats in information security, a methodology developed to reduce the risk of human related threats by detecting insider misuse by a behavior-based intrusion detection system using machine learning algorithms, and the comparison of the numerical experiments for analysis of this approach. Specifically, by using the machine learning algorithm with the best learning performance, the detection rates of the attack types defined in the organized five dimensional human threats taxonomy were determined. Lastly, the possible human factors affecting information security as linked to the detection rates were sorted upon the evaluation of the taxonomy.
CITED BY (0)  
1 Google Scholar
2 CiteSeerX
3 refSeek
4 Scribd
5 SlideShare
6 PdfSR
1 Verizon. “The 2013 Data Breach Investigations Report.” Internet: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf, June 20, 2013 [Feb. 18, 2014].
2 Checkpoint. “Checkpoint 2013 Security Report.” Internet: http://sc1.checkpoint.com/documents/security-report/, Jan. 20, 2013 [May 12, 2014].
3 E.E. Schultz. “A framework for understanding and predicting insider attacks.” Proceedings of Computers and Security, 2002, pp. 526-531.
4 W.H. Baker, C.D. Hylender and J.A. Valentine. “2008 Data Breach Investigations Report.” Internet: http://www.verizonenterprise.com/resources/security/databreachreport.pdf, Oct. 20 2008 [May 23 2013].
5 K. Padayachee. “Taxonomy of compliant information security behavior.” Computers and Security, vol. 31, pp. 673-680, Jul. 2012.
6 J.M. Stanton, K.R. Stam, P. Mastrangelo and J. Jolton. “Analysis of end user security behaviors.” Computers and Security, vol. 24, pp. 124-133, Mar. 2004.
7 ISO/IEC 17799. “Information Technology-Security Techniques-Code of practice for information security management.” Internet: http://www.iso.org/iso/catalogue_detail?csnumber=39612, June 15, 2005 [Oct.10, 2013].
8 NVD. “National Vulnerability Database.” Internet: http://nvd.nist.gov, Jan. 18, 2014 [Jan. 20, 2014].
9 CVSS, “Common Vulnerability Scoring System.” Internet: http://www.first.org/cvss, Mar. 19, 2014 [Mar. 21, 2014].
10 CVE. “Common Vulnerabilities and Exposures.” Internet: http://cve.mitre.org, Mar. 20, 2014 [Mar. 21, 2014].
11 Fyodor. “Fyodor’s Exploit Word.” Internet: http://insecure.org/sploits.html, May 18, 2013 [Apr. 2, 2014].
12 S. Mukkamala, A. Sung and A. Abraham. “Intrusion detection using ensemble of soft computing and hard computing paradigms.” Journal of Network and Computer Applications, vol. 28, pp. 167-182, 2005.
13 K. Kendall. A database of computer attacks for the evaluation of intrusion detection systems, Master’s Thesis, MIT, 1999.
14 I.O. Bucak. “An Extended Human Threats Taxonomy To Identify Information Security Breaches,” in Proc. Advances in Computing, Electronics and Communication (ACEC 2015), pp. 31-36, 2015.
15 P.G. Neumann and D. B. Parker. "A Summary of Computer Misuse Techniques." Proceedings of the 12th National Computer Security Conference, 1989, pp. 396-407.
16 W.R. Cheswick and S. M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Boston, MA: Addison-Wesley, 1994, pp. 159-166.
17 T. Tuglular. "A preliminary Structural Approach to Insider Computer Misuse Incidents." EICAR 2000 Best Paper Proceedings, pp. 105-125, Jan. 2000.
18 G.B. Magklaras and S. M. Furnell. "Insider Threat Prediction Tool: Evaluating the probability of IT misuse." Computers & Security, vol. 21, pp. 62-73, Feb. 2002.
19 Stolfo, W. Fan, W. Lee, A. Prodromius and P.K. Chan. “Cost-based modeling for fraud and intrusion detection: Results from the jam project.” DARPA Information Survivability Conference and Exposition (DISCEX), 2000, pp. 130-144.
20 R.P. Lippmann and R.K. Cunningham. “Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks.” Computer Networks, vol. 34, pp. 597-602, 2000.
21 M. Tavallaee, E. Bagheri, W. Lu and A. Ghorbani. “A Detailed Analysis of the KDD CUP 99 Data Set,” in Proc. Computational Intelligence in Security and Defense Applications (CISDA), 2009, pp. 53-58.
22 KDD Cup. KDD Cup 99 task description. Internet: http://kdd.ics.uci.edu/databases/kddcup99/task.html, Nov. 30, 1999, [Jan. 29, 2014].
23 M. Kearns. “A bound on the error of cross validation using the approximation and estimation rates, with consequences for the training-test split.” Neural Computation, vol. 9, pp. 1143-1161, 1997.
24 M. Hall, E. Frank, G. Holmes, B. Pfabringer, P. Reutermann and I.H. Witten. “The Weka data mining software: an update.” SIGKDD Explorations, vol. 11, pp. 10-18, 2009.
25 K. Xu, Z.L. Zhang and S. Bhattacharyya. “Profiling internet backbone traffic: behavior models and applications.” in Proc. SIGCOMM, 2015, pp. 169-180.
26 K.C. Khor, C.Y. Ting and S.P. Amnuaisuk. “From feature selection to building of Bayesian classifiers: A network intrusion detection perspective.” American Journal of Applied Sciences, vol. 6, pp. 1949-1960, 2009.
27 K.M. Faraoun and A. Boukelif. “A. Neural networks learning improvement using the k-means clustering algorithm to detect network intrusions.” International Journal of Computational Intelligence, vol. 3, pp. 161-168, 2006.
28 I. Chairunnisa, I. Lukas and H.D. Widiputra. “Clustering base intrusion detection for network profiling using k-means, ecm and k-nearest neighbor algorithms.” Konferensi Nasional Sistem dan Informatika, 2009, pp. 247-251.
29 A. Ali, A. Saleh and T. Ramdan. “Multilayer perceptrons networks for an intelligent adaptive intrusion detection system.” International Journal of Computer Science and Network Security, vol. 10, pp. 275-279, 2010.
30 L. Vatisekhovich. “Intrusion detection in TCP/IP networks using immune systems paradigm and neural network detectors.” XI International PhD Workshop, 2009.
31 D.A. Zilberbrand. “Efficient Hybrid Algorithms for Plan Recognition and Detection of Suspicious and Anomalous Behavior.” Ph.D. Thesis, Bar-Ilan University, Ramat-Gan, 2009.
32 J. R. Koza. Genetic Programming. Massachusetts: MIT Press, 1992, pp. 17-120.
33 S. J. Russell and P. Norvig. Artificial Intelligence: A Modern Approach, 2nd Ed. New Jersey: Englewood Cliffs, 2003, pp. 653-663.
Mr. Murat OGUZ
Meliksah University - Turkey
Associate Professor Ihsan Ömür BUCAK
Meliksah University - Turkey
iobucak@meliksah.edu.tr