Fast training of support vector machines using sequential minimal optimization
Advances in kernel methods
A vector space model for automatic indexing
Communications of the ACM
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Support Vector Data Description
Machine Learning
Using Active Learning in Intrusion Detection
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
IEEE Security and Privacy
Estimating the Support of a High-Dimensional Distribution
Neural Computation
MisleadingWorm Signature Generators Using Deliberate Noise Injection
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Minimum Enclosing and Maximum Excluding Machine for Pattern Description and Discrimination
ICPR '06 Proceedings of the 18th International Conference on Pattern Recognition - Volume 03
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Transductive support vector machines for structured variables
Proceedings of the 24th international conference on Machine learning
On the infeasibility of modeling polymorphic shellcode
Proceedings of the 14th ACM conference on Computer and communications security
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Pattern classification via single spheres
DS'05 Proceedings of the 8th international conference on Discovery Science
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Hi-index | 0.00 |
Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.