PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

Active Learning for Network Intrusion Detection
Nico Görnitz, Marius Kloft, Konrad Rieck and Ulf Brefeld
In: ACM CCS Workshop on Security and Artificial Intelligence (AISEC), 09-13 Noc 2009, Chicago, USA.


Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hyper-sphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low- confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.

PDF - Requires Adobe Acrobat Reader or other PDF viewer.
EPrint Type:Conference or Workshop Item (Oral)
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Learning/Statistics & Optimisation
Theory & Algorithms
Information Retrieval & Textual Information Access
ID Code:5488
Deposited By:Konrad Rieck
Deposited On:21 November 2009