Active learning for network intrusion detection

Research output: Contributions to collected editions/worksArticle in conference proceedingsResearchpeer-review

Standard

Active learning for network intrusion detection. / Görnitz, Nico; Kloft, Marius; Rieck, Konrad et al.
AISec '09: Proceedings of the ACM Conference on Computer and Communications Security. ed. / Dirk Balfanz; Jessica Staddon. New York: Association for Computing Machinery, Inc, 2009. p. 47-54.

Research output: Contributions to collected editions/worksArticle in conference proceedingsResearchpeer-review

Harvard

Görnitz, N, Kloft, M, Rieck, K & Brefeld, U 2009, Active learning for network intrusion detection. in D Balfanz & J Staddon (eds), AISec '09: Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, Inc, New York, pp. 47-54, 2nd ACM Workshop on Security and Artificial Intelligence, AISec '09, Co-located with the 16th ACM Computer and Communications Security Conference, Chicago, United States, 09.11.09. https://doi.org/10.1145/1654988.1655002

APA

Görnitz, N., Kloft, M., Rieck, K., & Brefeld, U. (2009). Active learning for network intrusion detection. In D. Balfanz, & J. Staddon (Eds.), AISec '09: Proceedings of the ACM Conference on Computer and Communications Security (pp. 47-54). Association for Computing Machinery, Inc. https://doi.org/10.1145/1654988.1655002

Vancouver

Görnitz N, Kloft M, Rieck K, Brefeld U. Active learning for network intrusion detection. In Balfanz D, Staddon J, editors, AISec '09: Proceedings of the ACM Conference on Computer and Communications Security. New York: Association for Computing Machinery, Inc. 2009. p. 47-54 doi: 10.1145/1654988.1655002

Bibtex

@inbook{7b99007d947e499ca831a3484b8a2c28,
title = "Active learning for network intrusion detection",
abstract = "Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.",
keywords = "Informatics, Active learning, Anomaly detection, Intrusion detection, Machine learning, Network security, Support vector data description, Business informatics",
author = "Nico G{\"o}rnitz and Marius Kloft and Konrad Rieck and Ulf Brefeld",
year = "2009",
doi = "10.1145/1654988.1655002",
language = "English",
isbn = "978-1-60558-781-3",
pages = "47--54",
editor = "Dirk Balfanz and Jessica Staddon",
booktitle = "AISec '09",
publisher = "Association for Computing Machinery, Inc",
address = "United States",
note = "2nd ACM Workshop on Security and Artificial Intelligence, AISec '09, Co-located with the 16th ACM Computer and Communications Security Conference ; Conference date: 09-11-2009 Through 13-11-2009",

}

RIS

TY - CHAP

T1 - Active learning for network intrusion detection

AU - Görnitz, Nico

AU - Kloft, Marius

AU - Rieck, Konrad

AU - Brefeld, Ulf

N1 - Conference code: 2

PY - 2009

Y1 - 2009

N2 - Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.

AB - Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.

KW - Informatics

KW - Active learning

KW - Anomaly detection

KW - Intrusion detection

KW - Machine learning

KW - Network security

KW - Support vector data description

KW - Business informatics

U2 - 10.1145/1654988.1655002

DO - 10.1145/1654988.1655002

M3 - Article in conference proceedings

AN - SCOPUS:74049088533

SN - 978-1-60558-781-3

SP - 47

EP - 54

BT - AISec '09

A2 - Balfanz, Dirk

A2 - Staddon, Jessica

PB - Association for Computing Machinery, Inc

CY - New York

T2 - 2nd ACM Workshop on Security and Artificial Intelligence, AISec '09, Co-located with the 16th ACM Computer and Communications Security Conference

Y2 - 9 November 2009 through 13 November 2009

ER -

DOI