An Application of Symbolic Learning to Intrusion Detection: Preliminary Results from the LUS Methodology
Date
2003-06
Authors
Kaufman, Kenneth A.
Cervone, Guido
Michalski, Ryszard S.
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This paper describes briefly a method for applying AQ symbolic learning to problems of computer user modeling and intrusion detection. The method, called LUS (Learning User Signatures), learns models of users’ interaction in the form of sets of rules in attributional calculus, and signals a possible intrusion when a user interaction with a computer violates the model. An important characteristic of LUS is that the generated user signatures are easy to interpret and understand. We describe briefly the LUS method, the machine learning and inference tools developed to support it, and selected initial experimental results from its application to real-world data.
Description
Keywords
Intrusion detection, Symbolic learning, Attributional calculus, Episode classification, Multistate conjunctive patterns
Citation
Kaufman, K., Cervone, G. and Michalski, R. S., "An Application of Symbolic Learning to Intrusion Detection: Preliminary Results From the LUS Methodology," Reports of the Machine Learning and Inference Laboratory, MLI 03-2, George Mason University, Fairfax, VA, June, 2003.