Marcus A. Maloof, «Machine Learning and Data Mining for Computer Security»

Intrusion detection and analysis has received a lot of criticism and publicity over the last several years. The Gartner report took a shot saying Intrusion Detection Systems are dead, while others believe Intrusion Detection is just reaching its maturity. The problem that few want to admit is that the current public methods of intrusion detection, while they might be mature, based solely on the fact they have been around for a while, are not extremely sophisticated and do not work very well. While there is no such thing as 100% security, people always expect a technology to accomplish more than it currently does, and this is clearly the case with intrusion detection. It needs to be taken to the next level with more advanced analysis being done by the computer and less by the human.

The current area of Intrusion Detection is begging for Machine Learning to be applied to it. Convergence of these two key areas is critical for it to be taken to the next level. The problem is that I have seen little research focusing on this, until now.

After reading Machine Learning and Data Mining for Computer Security, I feel Dr Maloof has hit the target dead centre. While much research has been done across Computer Security independently and Machine Learning independently, for some reason no one wanted to cross-breed the two topics.

Dr Maloof not only did a masterful job of focusing the book on a critical area that was in dire need of research, but he also strategically picked papers that complemented each other in a productive manner. Usually reading an edited volume like this, the chapters are very disjointed with no connection between them. While these chapters cover different areas of research, there is a hidden flow that complements the previous chapter with the next.

While Dr Maloof points out in his Preface the intended audience, I feel that there are two additional critical groups. Firstly, I feel that any vendor or solution provider that is looking to provide a competitive advantage for their product should read this book and see exactly what the potential of next generation intrusion detection can provide. Secondly, I feel that any Computer Science student should read this book to understand the power of convergence across technologies. Everyone is searching for new solutions to intrusion detection within Computer Science and more specifically within Computer Security. But until they are willing to take a step back and provide insight and knowledge from another domain, like Dr Maloof has done, they will not find suitable answers.