Active learning for network intrusion detection
Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet
Standard
AISec '09: Proceedings of the ACM Conference on Computer and Communications Security. Hrsg. / Dirk Balfanz; Jessica Staddon. New York: Association for Computing Machinery, Inc, 2009. S. 47-54.
Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet
Harvard
APA
Vancouver
Bibtex
}
RIS
TY - CHAP
T1 - Active learning for network intrusion detection
AU - Görnitz, Nico
AU - Kloft, Marius
AU - Rieck, Konrad
AU - Brefeld, Ulf
N1 - Conference code: 2
PY - 2009
Y1 - 2009
N2 - Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.
AB - Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.
KW - Informatics
KW - Active learning
KW - Anomaly detection
KW - Intrusion detection
KW - Machine learning
KW - Network security
KW - Support vector data description
KW - Business informatics
U2 - 10.1145/1654988.1655002
DO - 10.1145/1654988.1655002
M3 - Article in conference proceedings
AN - SCOPUS:74049088533
SN - 978-1-60558-781-3
SP - 47
EP - 54
BT - AISec '09
A2 - Balfanz, Dirk
A2 - Staddon, Jessica
PB - Association for Computing Machinery, Inc
CY - New York
T2 - 2nd ACM Workshop on Security and Artificial Intelligence, AISec '09, Co-located with the 16th ACM Computer and Communications Security Conference
Y2 - 9 November 2009 through 13 November 2009
ER -