Active learning for network intrusion detection

Research output: Contributions to collected editions/worksArticle in conference proceedingsResearchpeer-review

Authors

Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.

Original languageEnglish
Title of host publicationAISec '09 : Proceedings of the ACM Conference on Computer and Communications Security
EditorsDirk Balfanz, Jessica Staddon
Number of pages8
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Publication date09.11.2009
Pages47-54
ISBN (print)978-1-60558-781-3
DOIs
Publication statusPublished - 09.11.2009
Externally publishedYes
Event2nd ACM Workshop on Security and Artificial Intelligence, AISec '09, Co-located with the 16th ACM Computer and Communications Security Conference - Chicago, United States
Duration: 09.11.200913.11.2009
Conference number: 2

    Research areas

  • Informatics - Active learning, Anomaly detection, Intrusion detection, Machine learning, Network security, Support vector data description
  • Business informatics

DOI

Recently viewed

Publications

  1. The Lifecycle of "Facts'': A Survey of Social Bias in Knowledge Graphs
  2. Methods in Writing Process Research
  3. Integrating resilience thinking and optimisation for conservation
  4. Entangled – But How?
  5. Depression-specific Costs and their Factors based on SHI Routine data
  6. Development and validation of the Later Life Work Index for successful management of an aging workforce
  7. Microstructural and Mechanical Aspects of Reinforcement Welds for Lightweight Components Produced by Friction Hydro Pillar Processing
  8. Geometric structures using model predictive control for an electromagnetic actuator
  9. New descriptions and typifications of syntaxa within the project 'Plant communities of Mecklenburg-Vorpommern and their vulnerability' - Part II
  10. Influences of RVE topology, discretization and boundary conditions in practical multiscaling - a comparison
  11. (Un)Bestimmtheit
  12. Developmentalities and donor-NGO relations
  13. On-board pneumatic pressure generation methods for soft robotics applications
  14. Modulation After Control
  15. Collaborative design prototyping in transdisciplinary research
  16. Introduction
  17. Science-Related Outcomes
  18. Plastic deformation induced microstructure evolution through gradient enhanced crystal plasticity based on a non-convex Helmholtz energy
  19. Simulations in Science Education - Status Quo
  20. Arc spraying of WCFeCSiMn cored wires.
  21. Weaving values, knowledge and context to care for human–nature relationships in protected areas
  22. Pastorale Agonalität
  23. An experimental approach to the optimisation of customer information at the point of sale
  24. Modeling of a thermomechanical process chain for sheet steels
  25. Pesticide and metabolite fate, release and transport modelling at catchment scale
  26. Synthesis of Room-Temperature Ionic Liquids with the Weakly Coordinating [Al(ORF)(4)](-) Anion (R-F = C(H)(CF3)(2)) and the Determination of Their Principal Physical Properties
  27. Influence of Long-Lasting Static Stretching on Maximal Strength, Muscle Thickness and Flexibility
  28. EURODEMO - Improving the uptake of efficient soil and groundwater remediation technologies
  29. Biodiversity buffers pollination from changes in environmental conditions