There are many ideas and theories on how to combat cybersecurity threats. In a recent IEEE Xplore paper, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” the authors read and analyzed literature about machine learning and data mining methods for application in the cybersecurity field and when it was most effective to use them.
The focus of the survey is on cyber intrusion detection for wired networks. The wired networks prove to have more layers of defense at firewalls, operating systems and networks. This makes them less vulnerable to attacks than wireless networks, but still a target for cybersecurity issues.
Methods of data mining and machine learning are very complex and pose challenges for understanding when and how each should be used. The complexity of algorithms also make it harder to tell which method will be most effective when dealing with cybersecurity attacks.
When determining the effectiveness of the methods, there are many criteria that must be taken into account. They include accuracy, complexity, time for classifying an unknown instance with a trained model, and understandability of the final solution of each machine learning or data mining method.
There are three types of cyber analysis that work with an intrusion detection system: misuse-based, anomaly-based, and hybrid. Misuse-based are used to detect known attacks based on the signatures of those types of attacks. Anomaly-based techniques identify anomalies in normal behavior and can detect zero-day attacks. Hybrid techniques combine misuse and anomaly detection. They can detect both known and unknown attacks while having a small false positive rate.
With the number of hackers on the rise, and cybersecurity incidents a very “real” reality, there will never be “too much” research on this topic for developing safeguards against possible intrusions.
Written by IEEE on April 4, 2017
For More Information
This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in [...]