{"title":"针对无线局域网入侵检测的网络事件记录标注","authors":"T. Khoshgoftaar, Chris Seiffert, Naeem Seliya","doi":"10.1109/IRI.2006.252413","DOIUrl":null,"url":null,"abstract":"A data mining approach to network intrusion detection requires a training dataset of network event records labeled as either normal or an attack type. Since there are too many events to track, such datasets are typically very large. This is particularly so in a WLAN where number of non-wired devices communicating with the WLAN can be too many and adhoc. This creates a problem for the domain expert in labeling all records in the training dataset which is used to train a machine learner. We present a simple approach by which the number of network records the expert has to examine is a relatively small proportion of the given training dataset. A clustering algorithm is used to form relatively coherent groups which the expert examines as a whole to label records as one of four classes: red (definite intrusion), yellow (possibly intrusion), blue (probably normal), and green (definite normal). An ensemble classifier-based data cleansing approach is then used to detect records that were likely mislabeled by the expert. The proposed approach is investigated with a case study of a real-world WLAN. An ensemble classifier-based intrusion detection model built using the labeled training dataset demonstrates the effectiveness of the labeling approach and the good generalization accuracy","PeriodicalId":402255,"journal":{"name":"2006 IEEE International Conference on Information Reuse & Integration","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Labeling Network Event Records for Intrusion Detection in aWireless LAN\",\"authors\":\"T. Khoshgoftaar, Chris Seiffert, Naeem Seliya\",\"doi\":\"10.1109/IRI.2006.252413\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A data mining approach to network intrusion detection requires a training dataset of network event records labeled as either normal or an attack type. Since there are too many events to track, such datasets are typically very large. This is particularly so in a WLAN where number of non-wired devices communicating with the WLAN can be too many and adhoc. This creates a problem for the domain expert in labeling all records in the training dataset which is used to train a machine learner. We present a simple approach by which the number of network records the expert has to examine is a relatively small proportion of the given training dataset. A clustering algorithm is used to form relatively coherent groups which the expert examines as a whole to label records as one of four classes: red (definite intrusion), yellow (possibly intrusion), blue (probably normal), and green (definite normal). An ensemble classifier-based data cleansing approach is then used to detect records that were likely mislabeled by the expert. The proposed approach is investigated with a case study of a real-world WLAN. An ensemble classifier-based intrusion detection model built using the labeled training dataset demonstrates the effectiveness of the labeling approach and the good generalization accuracy\",\"PeriodicalId\":402255,\"journal\":{\"name\":\"2006 IEEE International Conference on Information Reuse & Integration\",\"volume\":\"57 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE International Conference on Information Reuse & Integration\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IRI.2006.252413\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE International Conference on Information Reuse & Integration","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRI.2006.252413","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Labeling Network Event Records for Intrusion Detection in aWireless LAN
A data mining approach to network intrusion detection requires a training dataset of network event records labeled as either normal or an attack type. Since there are too many events to track, such datasets are typically very large. This is particularly so in a WLAN where number of non-wired devices communicating with the WLAN can be too many and adhoc. This creates a problem for the domain expert in labeling all records in the training dataset which is used to train a machine learner. We present a simple approach by which the number of network records the expert has to examine is a relatively small proportion of the given training dataset. A clustering algorithm is used to form relatively coherent groups which the expert examines as a whole to label records as one of four classes: red (definite intrusion), yellow (possibly intrusion), blue (probably normal), and green (definite normal). An ensemble classifier-based data cleansing approach is then used to detect records that were likely mislabeled by the expert. The proposed approach is investigated with a case study of a real-world WLAN. An ensemble classifier-based intrusion detection model built using the labeled training dataset demonstrates the effectiveness of the labeling approach and the good generalization accuracy
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
