A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
Snort 2.0 Intrusion Detection
Novelty detection: a review—part 2: neural network based approaches
Signal Processing
Intrusion detection using hierarchical neural networks
Pattern Recognition Letters
Dempster-Shafer Theory for Intrusion Detection in Ad Hoc Networks
IEEE Internet Computing
An introduction to ROC analysis
Pattern Recognition Letters - Special issue: ROC analysis in pattern recognition
Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory
Proceedings of the 43rd annual Southeast regional conference - Volume 2
A multi-stage classification system for detecting intrusions in computer networks
Pattern Analysis & Applications
Learning intrusion detection: supervised or unsupervised?
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Analyzing TCP traffic patterns using self organizing maps
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Improving the efficiency of misuse detection
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Switching between selection and fusion in combining classifiers: anexperiment
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Hi-index | 0.00 |
Many approaches have been proposed so far to tackle computer network security. Among them, several systems exploit Machine Learning and Pattern Recognition techniques, by regarding malicious behavior detection as a classification problem. Supervised and unsupervised algorithms have been used in this context, each one with its own benefits and shortcomings. When using supervised techniques, a representative training set is required, which reliably indicates what a human expert wants the system to learn and recognize, by means of suitably labeled samples. In real environments there is a significant difficulty in collecting a representative dataset of correctly labeled traffic traces. In adversarial environments such a task is made even harder by malicious attackers, trying to make their actions' evidences stealthy. In order to overcome this problem, a self-training system is presented in this paper, building a dataset of labeled network traffic based on raw tcpdump traces and no prior knowledge on data. Results on both emulated and real traffic traces have shown that intrusion detection systems trained on such a dataset perform as well as the same systems trained on correctly hand-labeled data.