Active Learning for Intrusion Detection

Intrusion detection is one of the most important problems in network security. Its target is to secure internal networks by identifying unusual access or attacks. Machine learning techniques have been playing a significant role in intrusion detection. Considering the large size of training data and time-consuming labeling task, it is wise to select some informative data to train a classifier. Active learning is a family of approaches selecting samples for labeling to build classifier with maximum prediction accuracy. So it is able to improve the performance of intrusion detection while it is not time-costing and labor-consuming. In this paper, definition and some efficient query strategies of active learning are reviewed and suggested. Some popular algorithms of intrusion detection and the combination of active learning and intrusion detection are also introduced. But existing work of active learning for intrusion detection is very limited. We propose more active learning methods should be developed for intrusion detection.

[1]  Daphne Koller,et al.  Support Vector Machine Active Learning with Applications to Text Classification , 2000, J. Mach. Learn. Res..

[2]  Taghi M. Khoshgoftaar,et al.  Active learning with neural networks for intrusion detection , 2010, 2010 IEEE International Conference on Information Reuse & Integration.

[3]  Marius Kloft,et al.  Active learning for network intrusion detection , 2009, AISec '09.

[4]  Jifen Liu,et al.  Unsupervised Classification Algorithm for Intrusion Detection based on Competitive Learning Network , 2008, 2008 International Symposium on Information Science and Engineering.

[5]  David A. Cohn,et al.  Active Learning with Statistical Models , 1996, NIPS.

[6]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[7]  Pietro Perona,et al.  Entropy-based active learning for object recognition , 2008, 2008 IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

[8]  Bo Yuan,et al.  Querying representative points from a pool based on synthesized queries , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[9]  Anthony C. Atkinson,et al.  Optimum Experimental Designs, with SAS , 2007 .

[10]  Grzegorz Chmaj,et al.  Tracker-Node Model for Energy Consumption in Reconfigurable Processing Systems , 2013, ICSS.

[11]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[12]  Yi Yang,et al.  Interactive Video Indexing With Statistical Active Learning , 2012, IEEE Transactions on Multimedia.

[13]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[14]  Allen Y. Yang,et al.  Robust Face Recognition via Sparse Representation , 2009, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[15]  Sethuraman Panchanathan,et al.  Dynamic batch mode active learning , 2011, CVPR 2011.

[16]  Taghi M. Khoshgoftaar,et al.  Resource-sensitive intrusion detection models for network traffic , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[17]  Zhong Jin,et al.  Neighborhood preserving D-optimal design for active learning and its application to terrain classification , 2012, Neural Computing and Applications.

[18]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[19]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[20]  Xiaofei He,et al.  Laplacian Regularized D-Optimal Design for Active Learning and Its Application to Image Retrieval , 2010, IEEE Transactions on Image Processing.

[21]  Jie Tang,et al.  Batch Mode Active Learning for Networked Data , 2012, TIST.

[22]  Meng Wang,et al.  Locally regressive G-optimal design for image retrieval , 2011, ICMR.

[23]  F. Gianfelici,et al.  Nearest-Neighbor Methods in Learning and Vision (Shakhnarovich, G. et al., Eds.; 2006) [Book review] , 2008 .

[24]  Bin Liu,et al.  Accelerating High Performance Computing Applications: Using CPUs, GPUs, Hybrid CPU/GPU, and FPGAs , 2012, 2012 13th International Conference on Parallel and Distributed Computing, Applications and Technologies.

[25]  Chun Chen,et al.  Active Learning Based on Locally Linear Reconstruction , 2011, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[26]  S. O. Falaki,et al.  NETWORK INTRUSION DETECTION BASED ON ROUGH SET AND K-NEAREST NEIGHBOUR , 2008 .

[27]  Li Guo,et al.  An active learning based TCM-KNN algorithm for supervised network intrusion detection , 2007, Comput. Secur..

[28]  Bin Li,et al.  A survey on instance selection for active learning , 2012, Knowledge and Information Systems.

[29]  H. Sebastian Seung,et al.  Query by committee , 1992, COLT '92.

[30]  Chun Chen,et al.  Convex experimental design using manifold structure for image retrieval , 2009, MM '09.

[31]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[32]  David Haussler,et al.  Proceedings of the fifth annual workshop on Computational learning theory , 1992, COLT 1992.

[33]  Nikolaos Papanikolopoulos,et al.  Scalable Active Learning for Multiclass Image Classification , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[34]  Dong Seong Kim,et al.  Network-Based Intrusion Detection with Support Vector Machines , 2003, ICOIN.

[35]  Burr Settles,et al.  Active Learning Literature Survey , 2009 .

[36]  Ahmed K. Elmagarmid,et al.  Active Learning With Optimal Instance Subset Selection , 2013, IEEE Transactions on Cybernetics.

[37]  政子 鶴岡,et al.  1998 IEEE International Conference on SMCに参加して , 1998 .

[38]  Radu Popescu-Zeletin,et al.  Proceedings of the ninth ACM international conference on Multimedia , 2001, MM 2001.

[39]  Steven L. Scott,et al.  A Bayesian paradigm for designing intrusion detection systems , 2004, Computational Statistics & Data Analysis.

[40]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[41]  Nikolaos Papanikolopoulos,et al.  Multi-class active learning for image classification , 2009, CVPR.

[42]  I. Ramesh Babu Intrusion Detection Using Data Mining Along Fuzzy Logic and Genetic Algorithms , 2008 .

[43]  Snehal A. Mulay,et al.  Intrusion Detection System using Support Vector Machine and Decision Tree , 2010 .

[44]  Dan Roth,et al.  Learning a Sparse Representation for Object Detection , 2002, ECCV.

[45]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[46]  Lorenzo Bruzzone,et al.  A cluster-assumption based batch mode active learning technique , 2012, Pattern Recognit. Lett..

[47]  Su-Ping Chen,et al.  INTRUSION DETECTION USING A HYBRID SUPPORT VECTOR MACHINE BASED ON ENTROPY AND TF-IDF , 2008 .

[48]  Erland Jonsson,et al.  Using active learning in intrusion detection , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[49]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[50]  Tao Jiang,et al.  Column subset selection for active learning in image classification , 2011, Neurocomputing.

[51]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[52]  Shahram Latifi,et al.  Decentralization of a Multi Data Source Distributed Processing System Using a Distributed Hash Table , 2013 .

[53]  Grzegorz Chmaj,et al.  Software Development Approach for Discrete Simulators , 2011, 2011 21st International Conference on Systems Engineering.

[54]  Heidar A. Malki,et al.  Network Intrusion Detection System Using Neural Networks , 2008, 2008 Fourth International Conference on Natural Computation.

[55]  Lixin Shi,et al.  Batch Mode Sparse Active Learning , 2010, 2010 IEEE International Conference on Data Mining Workshops.

[56]  Edward Y. Chang,et al.  Support vector machine active learning for image retrieval , 2001, MULTIMEDIA '01.

[57]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[58]  Jiawei Han,et al.  A Variance Minimization Criterion to Active Learning on Graphs , 2012, AISTATS.

[59]  Lihi Zelnik-Manor,et al.  Approximate Nearest Subspace Search with Applications to Pattern Recognition , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[60]  Robert P. W. Duin,et al.  Support vector domain description , 1999, Pattern Recognit. Lett..

[61]  Naftali Tishby,et al.  Query by Committee Made Real , 2005, NIPS.

[62]  Edwin Lughofer,et al.  Hybrid active learning for reducing the annotation effort of operators in classification systems , 2012, Pattern Recognit..

[63]  Shawn Ostermann,et al.  Detecting network intrusions via a statistical analysis of network packet characteristics , 2001, Proceedings of the 33rd Southeastern Symposium on System Theory (Cat. No.01EX460).

[64]  Trevor Darrell,et al.  Nearest-Neighbor Methods in Learning and Vision , 2008, IEEE Trans. Neural Networks.