책 이미지
eBook 미리보기
책 정보
· 제목 : Data Mining Tools for Malware Detection (Hardcover)
· 분류 : 외국도서 > 컴퓨터 > 데이터베이스 관리 > 데이터 마이닝
· ISBN : 9781439854549
· 쪽수 : 450쪽
· 출판일 : 2011-12-07
· 분류 : 외국도서 > 컴퓨터 > 데이터베이스 관리 > 데이터 마이닝
· ISBN : 9781439854549
· 쪽수 : 450쪽
· 출판일 : 2011-12-07
목차
Introduction
Trends
Data Mining and Security Technologies
Data Mining for Email Worm Detection
Data Mining for Malicious Code Detection
Data Mining for Detecting Remote Exploits
Data Mining for Botnet Detection
Stream Data Mining
Emerging Data Mining Tools for Cyber Security Applications
Organization of This Book
Next Steps
Part I: DATA MINING AND SECURITY
Introduction to Part I: Data Mining and Security
Data Mining Techniques
Overview of Data Mining Tasks and Techniques
Artificial Neural Network
Support Vector Machines
Markov Model
Association Rule Mining (ARM)
Multi-class Problem
2.7.1 One-VS-One
2.7.2 One-VS-All
Image Mining
2.8.1 Feature Selection
2.8.2 Automatic Image Annotation
2.8.3 Image Classification
Summary
References
Malware
Viruses
Worms
Trojan Horses
Time and Logic Bombs
Botnet
Spyware
Summary
References
Data Mining for Security Applications
Data Mining for Cyber Security
4.2.1 Overview
4.2.2 Cyber-terrorism, Insider Threats, and External Attacks
4.2.3 Malicious Intrusions
4.2.4 Credit Card Fraud and Identity Theft
4.2.5 Attacks on Critical Infrastructures
4.2.6 Data Mining for Cyber Security
Current Research and Development
Summary
References
Design and Implementation of Data Mining Tools
Intrusion Detection
Web Page Surfing Prediction
Image Classification
Summary and Directions
References
Conclusion to Part I
DATA MINING FOR EMAIL WORM DETECTION
Introduction to Part II
Email Worm Detection
Architecture
Related Work
Overview of Our Approach
Summary
References
Design of the Data Mining Tool
Architecture
Feature Description
7.3.1 Per-Email Features
7.3.2 Per-Window Features
Feature Reduction Techniques
7.4.1 Dimension Reduction
7.4.2 Two-Phase Feature Selection (TPS)
7.4.2.1 Phase I
7.4.2.2 Phase II
Classification Techniques
Summary
References
Evaluation and Results
Dataset
Experimental Setup
Results
8.4.1 Results from Unreduced Data
8.4.2 Results from PCA-Reduced Data
8.4.3 Results from Two-Phase Selection
Summary
References
Conclusion to Part II
Part III: DATA MINING FOR DETECTING MALICIOUS EXECUTABLES
Introduction to Part III
Malicious Executables
Architecture
Related Work
Hybrid Feature Retrieval (HFR) Model
Summary and Directions
References
Design of the Data Mining Tool
Feature Extraction Using n-Gram Analysis
10.2.1 Binary n-Gram Feature
10.2.2 Feature Collection
10.2.3 Feature Selection
10.2.4 Assembly n-Gram Feature
10.2.5 DLL Function Call Feature
The Hybrid Feature Retrieval Model
10.3.1 Description of the Model
10.3.2 The Assembly Feature Retrieval (AFR) Algorithm
10.3.3 Feature Vector Computation and Classification
Summary and Directions
References
Evaluation and Results
Experiments
Dataset
Experimental Setup
Results
11.5.1 Accuracy
11.5.1.1 Dataset1
11.5.1.2 Dataset2
11.5.1.3 Statistical Significance Test
11.5.1.4 DLL Call Feature
11.5.2 ROC Curves
11.5.3 False Positive and False Negative
11.5.4 Running Time
11.5.5 Training and Testing with Boosted J48
Example Run
Summary and Directions
References
Conclusion to Part III
DATA MINING FOR DETECTING REMOTE EXPLOITS
Introduction to Part IV
Detecting Remote Exploits
Architecture
Related Work
Overview of Our Approach
Summary and Directions
References
Design of the Data Mining Tool
DExtor Architecture
Disassembly
Feature Extraction
13.4.1 Useful Instruction Count (UIC)
13.4.2 Instruction Usage Frequencies (IUF)
13.4.3 Code vs. Data Length (CDL)
Combining Features and Compute Combined Feature Vector
Classification
Summary and Directions
References
Evaluation and Results
Dataset
Experimental Setup
14.3.1 Parameter Settings
14.2.2 Baseline Techniques
Results
14.4.1 Running Time
Analysis
Robustness and Limitations
14.6.1 Robustness against Obfuscations
14.6.2 Limitations
Summary and Directions
References
Conclusion to Part IV
Part V: DATA MINING FOR DETECTING BOTNETS
Introduction to Part V
Detecting Botnets
Introduction
Botnet Architecture
Related Work
Our Approach
Summary and Directions
References
Design of the Data Mining Tool
Architecture
System Setup
Data Collection
Bot Command Categorization
Feature Extraction
16.6.1 Packet-level Features
16.6.2 Flow-level Features
Log File Correlation
Classification
Packet Filtering
Summary and Directions
References
Evaluation and Results
17.1.1 Baseline Techniques
17.1.2 Classifiers
Performance on Different Datasets
Comparison with Other Techniques
Further Analysis
Summary and Directions
References
Conclusion to Part V
STREAM MINING FOR SECURITY APPLICATIONS
Introduction to Part VI
Stream Mining
Architecture
Related Work
Our Approach
Overview of the Novel Class Detection Algorithm
Classifiers Used
Security Applications
Summary
References
Design of the Data Mining Tool
Definitions
Novel Class Detection
19.3.1 Saving the Inventory of Used Spaces during Training
19.3.1.1 Clustering
19.3.1.2 Storing the Cluster Summary Information
19.3.2 Outlier Detection and Filtering
19.3.2.1 Filtering
19.3.2.2 Detecting Novel Class
Security Applications
Summary and Directions
Reference
Evaluation and Results
Datasets
20.2.1 Synthetic Data with Only Concept-Drift (SynC)
20.2.2 Synthetic Data with Concept-Drift and Novel Class (SynCN)
20.2.3 Real Data?KDDCup 99 Network Intrusion Detection
20.2.4 Real Data?Forest Cover (UCI Repository)
Experimental Setup
20.3.1 Baseline Method
Performance Study
20.4.1 Evaluation Approach
20.4.2 Results
20.4.3 Running Time
Summary and Directions
References
Conclusion for Part VI
EMERGING APPLICATIONS
Introduction to Part VII
Data Mining For Active Defense
Related Work
Architecture
A Data Mining?Based Malware Detection Model
21.4.1 Our Framework
21.4.2 Feature Extraction
21.4.2.1 Binary n-Gram Feature Extraction
21.4.2.2 Feature Selection
21.4.2.3 Feature Vector Computation
21.4.3 Training
21.4.4 Testing
Model-Reversing Obfuscations
21.5.1 Path Selection
21.5.2 Feature Insertion
21.5.3 Feature Removal
Experiments
Summary and Directions
References
Data Mining for Insider Threat Detection
The Challenges, Related Work, and Our Approach
Data Mining for Insider Threat Detection
22.3.1 Our Solution Architecture
22.3.2 Feature Extraction and Compact Representation
22.3.3 RDF Repository Architecture
22.3.4 Data Storage
22.3.4.1 File Organization
22.3.4.2 Predicate Split (PS)
22.3.4.3 Predicate Object Split (POS)
22.3.5 Answering Queries Using Hadoop MapReduce
22.3.6 Data Mining Applications
Comprehensive Framework
Summary and Directions
References
Dependable Real-Time Data Mining
Issues in Real-Time Data Mining
Real-Time Data Mining Techniques
Parallel, Distributed, Real-Time Data Mining
Dependable Data Mining
Mining Data Streams
Summary and Directions
References
Firewall Policy Analysis
Related Work
Firewall Concepts
24.3.1 Representation of Rules
24.3.2 Relationship between Two Rules
24.3.3 Possible Anomalies between Two Rules
Anomaly Resolution Algorithms
24.4.1 Algorithms for Finding and Resolving Anomalies
24.4.1.1 Illustrative Example
24.4.2 Algorithms for Merging Rules
24.4.2.1 Illustrative Example of the Merge Algorithm
Summary and Directions
References
Conclusion to Part VII
Summary and Directions
Summary of This Book
Directions for Data Mining Tools for Malware Detection
Where Do We Go from Here?
Appendix A: Data Management Systems: Developments and Trends
Overview
Developments in Database Systems
Status, Vision, and Issues
Data Management Systems Framework
Building Information Systems from the Framework
Relationship between the Texts
Summary and Directions
References
Appendix B: Trustworthy Systems
Secure Systems
B.2.1 Overview
B.2.2 Access Control and Other Security Concepts
B.2.3 Types of Secure Systems
B.2.4 Secure Operating Systems
B.2.5 Secure Database Systems
B.2.6 Secure Networks
B.2.7 Emerging Trends
B.2.8 Impact of the Web
B.2.9 Steps to Building Secure Systems
Web Security
Building Trusted Systems from Untrusted Components
Dependable Systems
B.5.1 Overview
B.5.2 Trust Management
B.5.3 Digital Rights Management
