A semi-supervised approach for network intrusion detection

Autoren Radoslava Švihrová
Christian Lettner
Editoren
Titel A semi-supervised approach for network intrusion detection
Buchtitel ARES'20: Proccedings of the 15th International Conference on Availability, Reliability and Security
Typ in Konferenzband
Verlag ACM
ISBN 978-1-4503-8833-7
DOI 10.1145/3407023.3407073
Monat August
Jahr 2020
Seiten article 93, 1-6
SCCH ID# 20047
Abstract

Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the methods, the benchmark dataset NSL-KDD'99 is used. The proposed semi-supervised approach classified 89.71% of samples from KDDTest+ set correctly and hence outperformed the selected supervised methods by at least 7% as well as the recent supervised transfer learning approach by 2.41% in terms of accuracy. The idea of the semi-supervised approach is to distinguish benign and malign observations based on the reconstruction errors obtained from autoencoder, which was trained on benign samples from training set only. The threshold is found as a point where the two Normal distributions of Gaussian mixture model cross. The advantage of this method is that it requires only benign samples for training. This is especially important for the fact that observations containing attacks are usually very expensive to collect or not available at all.