Abstract
Anomaly detection for network intrusion detection is usually considered an unsupervised task. Prominent techniques, such as one-class support vector machines, learn a hypersphere enclosing network data, mapped to a vector space, such that points outside of the ball are considered anomalous. However, this setup ignores relevant information such as expert and background knowledge. In this paper, we rephrase anomaly detection as an active learning task. We propose an effective active learning strategy to query low-confidence observations and to expand the data basis with minimal labeling effort. Our empirical evaluation on network intrusion detection shows that our approach consistently outperforms existing methods in relevant scenarios.
| Originalsprache | Englisch |
|---|---|
| Titel | AISec '09 : Proceedings of the ACM Conference on Computer and Communications Security |
| Redakteure/-innen | Dirk Balfanz, Jessica Staddon |
| Seitenumfang | 8 |
| Erscheinungsort | New York |
| Herausgeber (Verlag) | Association for Computing Machinery, Inc |
| Erscheinungsdatum | 09.11.2009 |
| Seiten | 47-54 |
| ISBN (Print) | 978-1-60558-781-3 |
| DOIs | |
| Publikationsstatus | Erschienen - 09.11.2009 |
| Extern publiziert | Ja |
| Veranstaltung | 2nd ACM Workshop on Security and Artificial Intelligence, AISec '09, Co-located with the 16th ACM Computer and Communications Security Conference - Chicago, USA / Vereinigte Staaten Dauer: 09.11.2009 → 13.11.2009 Konferenznummer: 2 |
Fachgebiete und Schlagwörter
- Informatik
- Wirtschaftsinformatik
Fingerprint
Untersuchen Sie die Forschungsthemen von „Active learning for network intrusion detection“. Zusammen bilden sie einen einzigartigen Fingerprint.Dieses zitieren
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver