A semi-supervised approach for network intrusion detection

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI:10.1145/3407023.3407073

Radoslava Švihrová, Christian Lettner

{"title":"A semi-supervised approach for network intrusion detection","authors":"Radoslava Švihrová, Christian Lettner","doi":"10.1145/3407023.3407073","DOIUrl":null,"url":null,"abstract":"Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the methods, the benchmark dataset NSL-KDD'99 is used. The proposed semi-supervised approach classified 89.71% of samples from KDDTest+ set correctly and hence outperformed the selected supervised methods by at least 7% as well as the recent supervised transfer learning approach by 2.41% in terms of accuracy. The idea of the semi-supervised approach is to distinguish benign and malign observations based on the reconstruction errors obtained from autoencoder, which was trained on benign samples from training set only. The threshold is found as a point where the two Normal distributions of Gaussian mixture model cross. The advantage of this method is that it requires only benign samples for training. This is especially important for the fact that observations containing attacks are usually very expensive to collect or not available at all.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"167 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3407073","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the methods, the benchmark dataset NSL-KDD'99 is used. The proposed semi-supervised approach classified 89.71% of samples from KDDTest+ set correctly and hence outperformed the selected supervised methods by at least 7% as well as the recent supervised transfer learning approach by 2.41% in terms of accuracy. The idea of the semi-supervised approach is to distinguish benign and malign observations based on the reconstruction errors obtained from autoencoder, which was trained on benign samples from training set only. The threshold is found as a point where the two Normal distributions of Gaussian mixture model cross. The advantage of this method is that it requires only benign samples for training. This is especially important for the fact that observations containing attacks are usually very expensive to collect or not available at all.

查看原文本刊更多论文

一种半监督的网络入侵检测方法

计算机网络安全是当今社会的一个重要课题。我们提出了一种新的半监督方法来构建入侵检测系统，并将其与用于二进制分类的选定监督机器学习模型进行比较。为了评估这些方法，使用了基准数据集NSL-KDD'99。所提出的半监督方法对KDDTest+集样本的正确率达到89.71%，因此在准确率上比所选的监督方法高出至少7%，比最近的监督迁移学习方法高出2.41%。半监督方法的思想是基于自编码器获得的重建误差来区分良性和恶性观测值，而自编码器仅在训练集中的良性样本上进行训练。阈值是高斯混合模型的两个正态分布的交叉点。这种方法的优点是只需要良性样本进行训练。这一点尤其重要，因为收集包含攻击的观察结果通常非常昂贵，或者根本无法获得。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量