A semi-supervised approach for network intrusion detection

R. Švihrová, C. Lettner. A semi-supervised approach for network intrusion detection. pages article 93, 1-6, DOI https://doi.org/10.1145/3407023.3407073, 8, 2020.

  • Radoslava Švihrová
  • Christian Lettner
BuchARES'20: Proccedings of the 15th International Conference on Availability, Reliability and Security
Seitenarticle 93, 1-6

Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the methods, the benchmark dataset NSL-KDD'99 is used. The proposed semi-supervised approach classified 89.71% of samples from KDDTest+ set correctly and hence outperformed the selected supervised methods by at least 7% as well as the recent supervised transfer learning approach by 2.41% in terms of accuracy. The idea of the semi-supervised approach is to distinguish benign and malign observations based on the reconstruction errors obtained from autoencoder, which was trained on benign samples from training set only. The threshold is found as a point where the two Normal distributions of Gaussian mixture model cross. The advantage of this method is that it requires only benign samples for training. This is especially important for the fact that observations containing attacks are usually very expensive to collect or not available at all.