Active learning intrusion detection using k-means clustering selection

Abstract

Intrusion detection is an important method for identifying attacks and compromises of computer systems, but it is complicated by rapid changes in technology, the increasing interconnectedness of devices on the internet, the growing use of cyberattacks, and more sophisticated and automated attack methods and tools used by adversaries. The challenge of intrusion detection is further complicated because, as advances are made in the ability to detect attacks, similar advances are made by adversaries to thwart those detective measures. Although numerous machine learning algorithms and approaches have proven effective in detecting cyberattacks, these algorithms have limitations, especially in dealing with adversarial environments. This study addresses the problem that there is not an effective machine learning algorithm that minimizes human interaction to train and evolve the learner to adapt to changing cyberattacks and evasive tactics. This research concludes that selective sampling of unlabeled data for classification by a human expert can result in more efficient labeling for large datasets and demonstrates a more resilient approach to machine learning that utilizes active learning to interact with human subject matter experts and that adapts to changing data, thus addressing issues related to data tampering and evasion.