Master Thesis finished

Congratulation

Congratulation! Our colleague, Švihrová Radoslava, finished her Master Thesis. She studied Statistics with focus on Data Science at IFAS at the JKU.

In her Master Thesis "Machine Learning Techniques for Intrusion Detection in Network Security" various selected machine learning approaches for detection of intrusions on computer network were compared. For the evaluation of the models, the state-of-the-art data set NSL-KDD´99 consisting of the labeled simulated network traffic, was used. Mentioned data set consists of pre-defined training and testing set, both labeled and balanced.

In addition to the attack types present in training set, testing set contains also novel attack types with different behaviour. The goal of the thesis was thus to find such a model, which will be able to classify as correctly as possible not only known attack types, but novelties as well.

Binary classification task

The problem was approached as a binary classification task. Based on the results obtained by evaluating on the pre-defined testing set, the semi-supervised approach outperformed all selected supervised techniques, as well as recent transfer-learning based approach, in terms of accuracy. The main idea of the semi-supervised approach is to train an undercomplete autoencoder on the samples consisting of normal traffic only and afterwards to distinguish malicious observations as samples with reconstruction error higher than the selected threshold. The main advantage of the semi-supervised approach is its ability to distinguish not only known attack types but also novel types, which are from different probability distribution and thus problematic for all supervised approaches. Another benefit is requirement of only normal samples for training of the model, as the availability of samples with only normal traffic or highly imbalanced data with low proportion of malicious samples is much more realistic scenario in real-world applications. The thesis is part of the IoT4CPS project and the findings will be used in the future work for building a reliable intrusion detection system.

back