Nonparametric semi-supervised learning for network intrusion detection: combining performance improvements with realistic in-situ training

Symons, Christopher T; Beaver, Justin M

Javascript is disabled or not supported in your browser. JavaScript must be enabled in order for you to use WIKINDX fully. Enable JavaScript through your browser options then try again, otherwise, try using a different browser.

AI Bibliography

WIKINDX Resources

Symons, C. T., & Beaver, J. M. 2012, Nonparametric semi-supervised learning for network intrusion detection: Combining performance improvements with realistic in-situ training. Paper presented at Proceedings of the 5th ACM workshop on Security and artificial intelligence.

Resource type: Proceedings Article
BibTeX citation key: Symons2012
View all bibliographic details

Categories: Artificial Intelligence, Computer Science, Data Sciences, General
Subcategories: Autonomous systems, Big data, Deep learning, Edge AI, Internet of things, Machine learning, Neural nets
Creators: Beaver, Symons
Publisher:
Collection: Proceedings of the 5th ACM workshop on Security and artificial intelligence

Attachments

Abstract

A barrier to the widespread adoption of learning-based network intrusion detection tools is the in-situ training requirements for effective discrimination of malicious traffic. Supervised learning techniques necessitate a quantity of labeled examples that is often intractable, and at best cost-prohibitive. Recent advances in semi-supervised techniques have demonstrated the ability to generalize well based on a significantly smaller set of labeled samples. In network intrusion detection, placing reasonable requirements on the number of training examples provides realistic expectations that a learning-based system can be trained in the environment where it will be deployed. This in-situ training is necessary to ensure that the assumptions associated with the learning process hold, and thereby support a reasonable belief in the generalization ability of the resulting model. In this paper, we describe the application of a carefully selected nonparametric, semi-supervised learning algorithm to the network intrusion problem, and compare the performance to other model types using feature-based data derived from an operational network. We demonstrate dramatic performance improvements over supervised learning and anomaly detection in discriminating real, previously unseen, malicious network traffic while generating an order of magnitude fewer false alerts than any alternative, including a signature IDS tool deployed on the same network.

WIKINDX 6.7.0 | Total resources: 1621 | Username: -- | Bibliography: WIKINDX Master Bibliography | Style: American Psychological Association (APA)