Fast Learning Neural Network Intrusion Detection System
AIMS '09 Proceedings of the 3rd International Conference on Autonomous Infrastructure, Management and Security: Scalability of Networks and Services
Active and Semi-supervised Data Domain Description
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Active learning for network intrusion detection
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Unsupervised active learning based on hierarchical graph-theoretic clustering
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Application classification through monitoring and learning of resource consumption patterns
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Intrusion detection system based on support vector machine active learning and data fusion
ISICA'10 Proceedings of the 5th international conference on Advances in computation and intelligence
Tracking malicious hosts on a 10gbps backbone link
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Toward supervised anomaly detection
Journal of Artificial Intelligence Research
Hi-index | 0.00 |
Intrusion Detection Systems (IDSs) have become an importantpart of operational computer security. They are thelast line of defense against malicious hackers and help detectongoing attacks as well as mitigate their damage. However,intrusion detection systems are not turnkey solutionsbut are heavily dependent on expensive and scarce securityexperts for successful operation. By emphasizing self-learningalgorithms, we can reduce dependence on the domainexpert but instead require massive amounts of labeledtraining data, another scarce resource in intrusion detection.In this paper we investigate whether an active learningalgorithm can perform on a par with a traditional self-learningalgorithm in terms of detection accuracy but usingsignificantly less labeled data. Our preliminary findingsindicate that the active learning algorithm generally performsbetter than the traditional learning algorithm giventhe same amount of training data. Moreover, the reductionof labeled data needed can be as much as 80 times, shownby comparing an active learner with a traditional learnerwith similar detection accuracy. Thus, active learning algorithmsseem promising in that they can reduce the dependenceon security experts in the development of new detectionrules by better leveraging the knowledge and time of the expert.