Learning intrusion detection: supervised or unsupervised?

Authors:
Pavel Laskov;Patrick Düssel;Christin Schäfer;Konrad Rieck
Affiliations:
Fraunhofer-FIRST.IDA, Berlin, Germany;Fraunhofer-FIRST.IDA, Berlin, Germany;Fraunhofer-FIRST.IDA, Berlin, Germany;Fraunhofer-FIRST.IDA, Berlin, Germany
Venue:
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Year:
2005

Citing 9
Cited 24

C4.5: programs for machine learning

C4.5: programs for machine learning
Neural networks: a systematic introduction

Neural networks: a systematic introduction
Intrusion detection

Intrusion detection
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Learning Program Behavior Profiles for Intrusion Detection

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
From outliers to prototypes: Ordering data

Neurocomputing

Letters: A hierarchical intrusion detection model based on the PCA neural networks

Neurocomputing
Autonomous decision on intrusion detection with trained BDI agents

Computer Communications
Protocol-based classification for intrusion detection

ACACOS'08 Proceedings of the 7th WSEAS International Conference on Applied Computer and Applied Computational Science
Traffic Data Preparation for a Hybrid Network IDS

HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Protocol-based classification for intrusion detection

WSEAS Transactions on Computer Research
IDS Based on Bio-inspired Models

KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
MOVIH-IDS: A mobile-visualization hybrid intrusion detection system

Neurocomputing
Neural projection techniques for the visual inspection of network traffic

Neurocomputing
Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies

Applied Soft Computing
On the versatility of radial basis function neural networks: A case study in the field of intrusion detection

Information Sciences: an International Journal
Intrusion detection at packet level by unsupervised architectures

IDEAL'07 Proceedings of the 8th international conference on Intelligent data engineering and automated learning
Combining heterogeneous classifiers for network intrusion detection

ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Using unsupervised learning for network alert correlation

Canadian AI'08 Proceedings of the Canadian Society for computational studies of intelligence, 21st conference on Advances in artificial intelligence
Building a qualitative recruitment system via SVM with MCDM approach

Applied Intelligence
Using confusion matrices and confusion graphs to design ensemble classification models from large datasets

DaWaK'11 Proceedings of the 13th international conference on Data warehousing and knowledge discovery
Empirical comparison of four classifier fusion strategies for positive-versus-negative ensembles

Proceedings of the South African Institute of Computer Scientists and Information Technologists Conference on Knowledge, Innovation and Leadership in a Diverse, Multidisciplinary Environment
Using OVA modeling to improve classification performance for large datasets

Expert Systems with Applications: An International Journal
Effectiveness evaluation of data mining based IDS

ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
Automatically building datasets of labeled IP traffic traces: A self-training approach

Applied Soft Computing
Base Model Combination Algorithm for Resolving Tied Predictions for K-Nearest Neighbor OVA Ensemble Models

INFORMS Journal on Computing
Towards learning normality for anomaly detection in industrial control networks

AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
Effects-based feature identification for network intrusion detection

Neurocomputing
A single-domain, representation-learning model for big data classification of network intrusion

MLDM'13 Proceedings of the 9th international conference on Machine Learning and Data Mining in Pattern Recognition
Positive-versus-Negative Classification for Model Aggregation in Predictive Data Mining

INFORMS Journal on Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Application and development of specialized machine learning techniques is gaining increasing attention in the intrusion detection community. A variety of learning techniques proposed for different intrusion detection problems can be roughly classified into two broad categories: supervised (classification) and unsupervised (anomaly detection and clustering). In this contribution we develop an experimental framework for comparative analysis of both kinds of learning techniques. In our framework we cast unsupervised techniques into a special case of classification, for which training and model selection can be performed by means of ROC analysis. We then investigate both kinds of learning techniques with respect to their detection accuracy and ability to detect unknown attacks.