A semi-supervised approach for network intrusion detection

Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the methods, the benchmark dataset NSL-KDD'99 is used. The proposed semi-supervised approach classified 89.71% of samples from KDDTest+ set correctly and hence outperformed the selected supervised methods by at least 7% as well as the recent supervised transfer learning approach by 2.41% in terms of accuracy. The idea of the semi-supervised approach is to distinguish benign and malign observations based on the reconstruction errors obtained from autoencoder, which was trained on benign samples from training set only. The threshold is found as a point where the two Normal distributions of Gaussian mixture model cross. The advantage of this method is that it requires only benign samples for training. This is especially important for the fact that observations containing attacks are usually very expensive to collect or not available at all.

[1]  Takehisa Yairi,et al.  Anomaly Detection Using Autoencoders with Nonlinear Dimensionality Reduction , 2014, MLSDA'14.

[2]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[3]  A. Viera,et al.  Understanding interobserver agreement: the kappa statistic. , 2005, Family medicine.

[4]  Trevor Hastie,et al.  Regularization Paths for Generalized Linear Models via Coordinate Descent. , 2010, Journal of statistical software.

[5]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[6]  Geoffrey J. McLachlan,et al.  Finite Mixture Models , 2019, Annual Review of Statistics and Its Application.

[7]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[8]  Jasper Snoek,et al.  Practical Bayesian Optimization of Machine Learning Algorithms , 2012, NIPS.

[9]  Sepp Hochreiter,et al.  Untersuchungen zu dynamischen neuronalen Netzen , 1991 .

[10]  Boris Polyak Some methods of speeding up the convergence of iteration methods , 1964 .

[11]  Peilun Wu,et al.  A Transfer Learning Approach for Network Intrusion Detection , 2019, 2019 IEEE 4th International Conference on Big Data Analytics (ICBDA).

[12]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[13]  Sepp Hochreiter,et al.  Self-Normalizing Neural Networks , 2017, NIPS.