RE: How do behavioral/anomaly detection systems learn?

[Konrad Rieck <kr () roqe org>]

Hi, 

On Thu, 2004-02-05 at 09:10, Tarek Amr Abdullah wrote:
> Any ways, if anyone has some white papers to descuss this into more the
> technical details it will be very greatful to send them.

I'll try. I have been doing research on machine learning in IDS for the
last year. Following is a list of interesting papers focusing on machine
learning in HIDS and NIDS. 

* HIDS
    A Sense of Self for Unix Processes
    http://cs.unm.edu/~forrest/publications/ieee-sp-96-unix.pdf

    Learning Program Behavior Profiles for Intrusion Detection   
    http://www.cigital.com/papers/download/usenix_id99.pdf

    Using Program Behavior Profiles for Intrusion Detection    
    http://www.cigital.com/papers/download/sans_id99.pdf

    Two State-based Approaches to Program-based anomaly detection
    http://www.acsac.org/2000/papers/96.pdf

* NIDS
    Intrusion Detection using Neural Networks and SVM
    http://www.cs.nmt.edu/~IT/papers/hawaii7.pdf

    Intrusion Detection Systems Using Adaptive Regression Splines
    http://www.cs.okstate.edu/~aa/iceis-saav.pdf
   
    Modeling IDS Using Linear Genetic Programming Approach
    http://www.cs.okstate.edu/~aa/wsc8.pdf
 
There are many more interesting papers and evaluations. Google is your
friend, if you look for IDS and artificial intelligence algorithms.

Have fun,
Konrad

-- 
Konrad Rieck <kr () roqe org> ------------ http://people.roqe.org/kr
Fingerprint - 7D55 5896 834A A1C8 303C - 8BC5 4C53 3611 C1FA 82F2

Attachment: signature.asc
Description: This is a digitally signed message part