A method for partial-memory incremental learning and its application to computer intrusion detection
- 19 November 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10823409,p. 392-397
- https://doi.org/10.1109/tai.1995.479784
Abstract
This paper describes a partial-memory incremental learning method based on the AQ15c inductive learning system. The method maintains a representative set of past training examples that are used together with new examples to appropriately modify the currently held hypotheses. Incremental learning is evoked by feedback from the environment or from the user. Such a method is useful in applications involving intelligent agents acting in a changing environment, active vision, and dynamic knowledge-bases. For this study, the method is applied to the problem of computer intrusion detection in which symbolic profiles are learned for a computer system's users. In the experiments, the proposed method yielded significant gains in terms of learning time and memory requirements at the expense of slightly lower predictive accuracy and higher concept complexity, when compared to batch learning, in which all examples are given at once.Keywords
This publication has 7 references indexed in Scilit:
- Detection of anomalous computer session activityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Knowledge-based intrusion detectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Security audit trail analysis using inductively generated predictive rulesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Agents that reduce work and information overloadCommunications of the ACM, 1994
- Incremental learning from examples using HC-expressionsPattern Recognition, 1991
- An Intrusion-Detection ModelIEEE Transactions on Software Engineering, 1987
- Pattern Recognition as Rule-Guided Inductive InferencePublished by Institute of Electrical and Electronics Engineers (IEEE) ,1980