Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
Murat OGUZ, Ihsan Ömür BUCAK
Pages - 9 - 24     |    Revised - 30-04-2016     |    Published - 01-06-2016
Volume - 7   Issue - 2    |    Publication Date - June 2016  Table of Contents
Human Factors, Information Security, Taxonomy, Classification, Behavior-based Intrusion Detection.
Humans are consistently referred to as the weakest link in information security. Human factors such as individual differences, cognitive abilities and personality traits can impact on behavior and play a significant role in information security. The purpose of this study is to identify, describe and classify the human factors affecting Information Security and develop a model to reduce the risk of insider misuse and assess the use and performance of the best-suited artificial intelligence techniques in detection of misuse. More specifically, this study provides a comprehensive view of the human related information security risks and threats, classification study of the human related threats in information security, a methodology developed to reduce the risk of human related threats by detecting insider misuse by a behavior-based intrusion detection system using machine learning algorithms, and the comparison of the numerical experiments for analysis of this approach. Specifically, by using the machine learning algorithm with the best learning performance, the detection rates of the attack types defined in the organized five dimensional human threats taxonomy were determined. Lastly, the possible human factors affecting information security as linked to the detection rates were sorted upon the evaluation of the taxonomy.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
A. Ali, A. Saleh and T. Ramdan. “Multilayer perceptrons networks for an intelligent adaptive intrusion detection system.” International Journal of Computer Science and Network Security, vol. 10, pp. 275-279, 2010.
Checkpoint. “Checkpoint 2013 Security Report.” Internet: http://sc1.checkpoint.com/documents/security-report/, Jan. 20, 2013 [May 12, 2014].
CVE. “Common Vulnerabilities and Exposures.” Internet: http://cve.mitre.org, Mar. 20, 2014 [Mar. 21, 2014].
CVSS, “Common Vulnerability Scoring System.” Internet: http://www.first.org/cvss, Mar. 19, 2014 [Mar. 21, 2014].
D.A. Zilberbrand. “Efficient Hybrid Algorithms for Plan Recognition and Detection of Suspicious and Anomalous Behavior.” Ph.D. Thesis, Bar-Ilan University, Ramat-Gan, 2009.
E.E. Schultz. “A framework for understanding and predicting insider attacks.” Proceedings of Computers and Security, 2002, pp. 526-531.
Fyodor. “Fyodor’s Exploit Word.” Internet: http://insecure.org/sploits.html, May 18, 2013 [Apr. 2, 2014].
G.B. Magklaras and S. M. Furnell. "Insider Threat Prediction Tool: Evaluating the probability of IT misuse." Computers & Security, vol. 21, pp. 62-73, Feb. 2002.
I. Chairunnisa, I. Lukas and H.D. Widiputra. “Clustering base intrusion detection for network profiling using k-means, ecm and k-nearest neighbor algorithms.” Konferensi Nasional Sistem dan Informatika, 2009, pp. 247-251.
I.O. Bucak. “An Extended Human Threats Taxonomy To Identify Information Security Breaches,” in Proc. Advances in Computing, Electronics and Communication (ACEC 2015), pp. 31-36, 2015.
ISO/IEC 17799. “Information Technology-Security Techniques-Code of practice for information security management.” Internet: http://www.iso.org/iso/catalogue_detail?csnumber=39612, June 15, 2005 [Oct.10, 2013].
J. R. Koza. Genetic Programming. Massachusetts: MIT Press, 1992, pp. 17-120.
J.M. Stanton, K.R. Stam, P. Mastrangelo and J. Jolton. “Analysis of end user security behaviors.” Computers and Security, vol. 24, pp. 124-133, Mar. 2004.
K. Kendall. A database of computer attacks for the evaluation of intrusion detection systems, Master’s Thesis, MIT, 1999.
K. Padayachee. “Taxonomy of compliant information security behavior.” Computers and Security, vol. 31, pp. 673-680, Jul. 2012.
K. Xu, Z.L. Zhang and S. Bhattacharyya. “Profiling internet backbone traffic: behavior models and applications.” in Proc. SIGCOMM, 2015, pp. 169-180.
K.C. Khor, C.Y. Ting and S.P. Amnuaisuk. “From feature selection to building of Bayesian classifiers: A network intrusion detection perspective.” American Journal of Applied Sciences, vol. 6, pp. 1949-1960, 2009.
K.M. Faraoun and A. Boukelif. “A. Neural networks learning improvement using the k-means clustering algorithm to detect network intrusions.” International Journal of Computational Intelligence, vol. 3, pp. 161-168, 2006.
KDD Cup. KDD Cup 99 task description. Internet: http://kdd.ics.uci.edu/databases/kddcup99/task.html, Nov. 30, 1999, [Jan. 29, 2014].
L. Vatisekhovich. “Intrusion detection in TCP/IP networks using immune systems paradigm and neural network detectors.” XI International PhD Workshop, 2009.
M. Hall, E. Frank, G. Holmes, B. Pfabringer, P. Reutermann and I.H. Witten. “The Weka data mining software: an update.” SIGKDD Explorations, vol. 11, pp. 10-18, 2009.
M. Kearns. “A bound on the error of cross validation using the approximation and estimation rates, with consequences for the training-test split.” Neural Computation, vol. 9, pp. 1143-1161, 1997.
M. Tavallaee, E. Bagheri, W. Lu and A. Ghorbani. “A Detailed Analysis of the KDD CUP 99 Data Set,” in Proc. Computational Intelligence in Security and Defense Applications (CISDA), 2009, pp. 53-58.
NVD. “National Vulnerability Database.” Internet: http://nvd.nist.gov, Jan. 18, 2014 [Jan. 20, 2014].
P.G. Neumann and D. B. Parker. "A Summary of Computer Misuse Techniques." Proceedings of the 12th National Computer Security Conference, 1989, pp. 396-407.
R.P. Lippmann and R.K. Cunningham. “Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks.” Computer Networks, vol. 34, pp. 597-602, 2000.
S. J. Russell and P. Norvig. Artificial Intelligence: A Modern Approach, 2nd Ed. New Jersey: Englewood Cliffs, 2003, pp. 653-663.
S. Mukkamala, A. Sung and A. Abraham. “Intrusion detection using ensemble of soft computing and hard computing paradigms.” Journal of Network and Computer Applications, vol. 28, pp. 167-182, 2005.
Stolfo, W. Fan, W. Lee, A. Prodromius and P.K. Chan. “Cost-based modeling for fraud and intrusion detection: Results from the jam project.” DARPA Information Survivability Conference and Exposition (DISCEX), 2000, pp. 130-144.
T. Tuglular. "A preliminary Structural Approach to Insider Computer Misuse Incidents." EICAR 2000 Best Paper Proceedings, pp. 105-125, Jan. 2000.
Verizon. “The 2013 Data Breach Investigations Report.” Internet: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf, June 20, 2013 [Feb. 18, 2014].
W.H. Baker, C.D. Hylender and J.A. Valentine. “2008 Data Breach Investigations Report.” Internet: http://www.verizonenterprise.com/resources/security/databreachreport.pdf, Oct. 20 2008 [May 23 2013].
W.R. Cheswick and S. M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Boston, MA: Addison-Wesley, 1994, pp. 159-166.
Mr. Murat OGUZ
Meliksah University - Turkey
Associate Professor Ihsan Ömür BUCAK
Meliksah University - Turkey

View all special issues >>