TY - GEN
T1 - Intrusion detection using disagreement-based semi-supervised learning
T2 - 4th International Symposium on Cyberspace Safety and Security, CSS 2012
AU - Meng, Yuxin
AU - Kwok, Lam-For
PY - 2012
Y1 - 2012
N2 - With the development of intrusion detection systems (IDSs), a number of machine learning approaches have been applied to intrusion detection. For a traditional supervised learning algorithm, training examples with ground-truth labels should be given in advance. However, in real applications, the number of labeled examples is limited whereas a lot of unlabeled data is widely available, because labeling data requires a large amount of human efforts and is thus very expensive. To mitigate this issue, several semi-supervised learning algorithms, which aim to label data automatically without human intervention, have been proposed to utilize unlabeled data in improving the performance of IDSs. In this paper, we attempt to apply disagreement-based semi-supervised learning algorithm to anomaly detection. Based on our previous work, we further apply this approach to constructing a false alarm filter and investigate its performance of alarm reduction in a network environment. The experimental results show that the disagreement-based scheme is very effective in detecting intrusions and reducing false alarms by automatically labeling unlabeled data, and that its performance can further be improved by co-working with active learning. © 2012 Springer-Verlag.
AB - With the development of intrusion detection systems (IDSs), a number of machine learning approaches have been applied to intrusion detection. For a traditional supervised learning algorithm, training examples with ground-truth labels should be given in advance. However, in real applications, the number of labeled examples is limited whereas a lot of unlabeled data is widely available, because labeling data requires a large amount of human efforts and is thus very expensive. To mitigate this issue, several semi-supervised learning algorithms, which aim to label data automatically without human intervention, have been proposed to utilize unlabeled data in improving the performance of IDSs. In this paper, we attempt to apply disagreement-based semi-supervised learning algorithm to anomaly detection. Based on our previous work, we further apply this approach to constructing a false alarm filter and investigate its performance of alarm reduction in a network environment. The experimental results show that the disagreement-based scheme is very effective in detecting intrusions and reducing false alarms by automatically labeling unlabeled data, and that its performance can further be improved by co-working with active learning. © 2012 Springer-Verlag.
KW - Active Learning
KW - False Alarm Reduction
KW - Intrusion Detection
KW - Network Security and Performance
KW - Semi-Supervised Learning
UR - https://www.scopus.com/pages/publications/84871387623
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-84871387623&origin=recordpage
U2 - 10.1007/978-3-642-35362-8_36
DO - 10.1007/978-3-642-35362-8_36
M3 - RGC 32 - Refereed conference paper (with host publication)
SN - 9783642353611
VL - 7672 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 483
EP - 497
BT - Cyberspace Safety and Security
PB - Springer Verlag
Y2 - 12 December 2012 through 13 December 2012
ER -