Abstract
Network operators are generally aware of common attack vectors that they defend against. For most networks, the vast majority of traffic is legitimate. However, new attack vectors are continually designed and attempted by bad actors which bypass detection and go unnoticed due to low volume. One strategy for finding such activity is to look for anomalous behavior. Investigating anomalous behavior requires significant time and resources. Collecting a large number of labeled examples for training supervised models is both prohibitively expensive and subject to obsoletion as new attacks surface. A purely unsupervised methodology is ideal; however, research has shown that even a very small number of labeled examples can significantly improve the quality of anomaly detection. A methodology that minimizes the number of required labels while maximizing the quality of detection is desirable. False positives in this context result in wasted effort or blockage of legitimate traffic, and false negatives translate to undetected attacks. We propose a general active learning framework and experiment with different choices of learners and sampling strategies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Mussmann S, Liang P (2018) On the relationship between data efficiency and error for un-certainty sampling. ar**v preprint ar**v:1806.06123
Pimentel T, Monteiro M, Viana J, Veloso A, Ziviani N (2018) A generalized active learning approach for unsupervised anomaly detection. ar**v preprint ar**v:1805.09411
Tuor A, Kaplan S, Hutchinson B, Nichols N, Robinson S (2017) Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. ar**v preprint ar**v:1710.00811
Tuor A, Baerwolf R, Knowles N, Hutchinson B, Nichols N, Jasper R (2018) Recurrent neural network language models for open vocabulary event-level cyber anomaly detection. Workshops at the thirty-second AAAI conference on artificial intelligence
Veeramachaneni K, Arnaldo I, Korrapati V, Bassias C, Li K (2016) AI: training a big data machine to defend. Big Data Security on Cloud (BigDataSecurity), IEEE international conference on high performance and smart computing (HPSC), and IEEE international conference on intelligent data and security (IDS), IEEE 2nd international conference, pp 49–54
Zainal A, Maarof MA, Shamsuddin SM (2009) Ensemble classifiers for network intrusion detection system. J Inf Assur Secur 4(3):217–225
Zhou D, Bousquet O, Lal TN, Weston J, Schölkopf B (2004) Learning with local and global consistency. In: Advances in neural information processing systems, pp 321–328
Zhu J, Wang H, Yao T, Tsou BK (2008) Active learning with sampling by uncertainty and density for word sense disambiguation and text classification. In: Proceedings of the 22nd international conference on computational linguistics, vol 1, pp 1137–1144
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Ziai, A. (2021). Active Learning for Network Intrusion Detection. In: Verma, G.K., Soni, B., Bourennane, S., Ramos, A.C.B. (eds) Data Science. Transactions on Computer Systems and Networks. Springer, Singapore. https://doi.org/10.1007/978-981-16-1681-5_1
Download citation
DOI: https://doi.org/10.1007/978-981-16-1681-5_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-1680-8
Online ISBN: 978-981-16-1681-5
eBook Packages: Computer ScienceComputer Science (R0)