Terran Lane - Purdue University

Apr 07, 2000

Size: 214.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

"Machine Learning Techniques for Anomaly Detection in Computer Security"


With the recent phenomenal growth of the availability and connectivity of computing resources and the advent of e-commerce, more valuable and private data is being stored online than ever before. But with greater value and availability comes greater threat. In this talk we examine the information security problem of anomaly detection --- recognizing the occurrence of ``out of the ordinary'' events which may prove to be hazardous. We evaluate this problem as a machine learning task and describe the application of two machine learning techniques: instance-based learning (IBL) and hidden Markov models (HMMs). This work focuses on anomaly detection at the user level (as opposed to the network or system call level), which introduces a number of interesting and complex issues from a machine learning standpoint. In particular, we explore privacy, resource constraints, non-stationarity (a.k.a. concept drift), and performance issues and give empirical analyses based on real user data. We close with some thoughts on extensions to this work and on other areas of application.

About the Speaker

graduated from Ballard High School (Louisville, KY) in 1990 and entered the department of Electrical and Computer Engineering (then the department of Electrical Engineering) at Purdue University (West Lafayette, IN) in the fall of that year. I have been here ever since, attaining my bachelor\'s (BSCEE == Bachelor of Science in Computer and Electrical Engineering) in May of 1994. I immediately plunged into the PhD program, and am currently working toward that degree under the direction of Professor Carla Brodley.

Some notes on my Research are available.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...