Purdue ML / Security Alumni
James (Jim) Early obtained his PhD from Purdue University in 2005. He was co-advised by Carla Brodley and Gene Spafford.
Current location: Assistant Professor, SUNY, Oswego
Associated Publications: [+]
Authors: Early, J. P. and Brodley, C. E.
Machine Learning and Data Mining for Computer Security: Methods and Applications
pp. 107-124, Springer
Authors: Early, J. P., Brodley, C.E. and Rosenberg, C.
19th Annual Computer Security Applications Conference
pp. 49-55 2003 December
Abstract: Understanding the nature of the information flowing into and out of a system or network is fundamental to determining if there is adherence to a usage policy. Traditional methods of determining traffic type rely on the port label carried in the packet header. This method can fail, however, in the presence of proxy servers that remap port numbers or host services that have been compromised to act as backdoors or covert channels. We present an approach to classify server traffic based on decision trees learned during a training phase. The trees are constructed from traffic described using a set of features we designed to capture stream behavior. Because our classification of the traffic type is independent of port label, it provides a more accurate classification in the presence of malicious activity. An empirical evaluation illustrates that models of both aggregate protocol behavior and host-specific protocol behavior obtain classification accuracies ranging from 82-100%.