A semi-supervised approach for network intrusion detection

Authors Radoslava Švihrová
Christian Lettner
Title A semi-supervised approach for network intrusion detection
Booktitle ARES'20: Proccedings of the 15th International Conference on Availability, Reliability and Security
Type in proceedings
Publisher ACM
ISBN 978-1-4503-8833-7
DOI 10.1145/3407023.3407073
Month August
Year 2020
Pages article 93, 1-6
SCCH ID# 20047

Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the methods, the benchmark dataset NSL-KDD'99 is used. The proposed semi-supervised approach classified 89.71% of samples from KDDTest+ set correctly and hence outperformed the selected supervised methods by at least 7% as well as the recent supervised transfer learning approach by 2.41% in terms of accuracy. The idea of the semi-supervised approach is to distinguish benign and malign observations based on the reconstruction errors obtained from autoencoder, which was trained on benign samples from training set only. The threshold is found as a point where the two Normal distributions of Gaussian mixture model cross. The advantage of this method is that it requires only benign samples for training. This is especially important for the fact that observations containing attacks are usually very expensive to collect or not available at all.