Sage Journals: Discover world-class research

Abstract

The Internet, e-commerce and telecommunication networks have become a driving force for modern economic growth and development throughout the world. They have also made the underlying network infrastructure the backbone of contemporary life, which enables us to connect to global flows of information, people and goods. Unfortunately, hostile attacks on various network infrastructures by malicious predators have grown significantly over recent years. In this paper, we propose a semi-supervised learning approach, STBoost, which is based on a self-training process and the standard boosting algorithm, for network intrusion detection. The approach has its unique features and can be used with a small set of labeled training data to build up initial models of normal and anomalous network activity behaviors, and then it employs additional unlabeled audit data to further refine the behavior models. We have conducted a number of experiments with the approach on the KDD Cup 99 data set and also compared it with another fuzziness based semi-supervised algorithm and several widely used supervised learning approaches. The experimental results have shown that the proposed semi-supervised approach represents a viable and competitive technique for detecting potential network intrusions.

Keywords

Network security intrusion detection systems feature selection semi-supervised learning

Get full access to this article

View all access options for this article.

References

Saasawi

Jordan

. Cyber infrastructure protection. Strategic Studies Institute. 2011.

Patcha

Park

. An overview of anomaly detection techniques: existing solutions and latest technological trends. Computer Networks. 2007; 51(21): 3448-3470.

Ashfag

, et al. Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences. 2017; 378: 484-197.

Verwoerd

Hunt

. Intrusion detection techniques and approaches. Computer Communications. 2002; 25: 1356-1365.

Abraham

Jani

Thomasi

Han

. DSCIDS: distributed softcomputing intrusion detection system. Journal of Network and Computer Applications. 2007; 30(1): 381-398.

Cannady

. Artificial neural networks for misuse detection. Proceedings of the 1998 National Information System Security Conference (NISSC’98). 1998; 443-456.

Mukkamala

Janoski

Sung

. Intrusion detection using support vector machines. Proceedings of Advanced Simulation Technologies Conference. 2002; 178-183.

Abraham

Grosan

Martin-Vide

. Evolutionary design of intrusion detection programs. International Journal of Network Security. 2007; 4(3): 328-339.

Kruegel

Toth

. Using decision trees to improve signature-based intrusion detection models. Proceedings of the 6th International Workshop on the Recent Advances in Intrusion Detection. 2003: 173-191.

10.

Liao

Vermuri

. Robust support vector machines for anomaly detection in computer security. Proceedings of International Conference on Machine Learning and Applications. 2003.

11.

Lee

Stolfo

. Data mining approaches for intrusion detection. Proceedings of the 7th USENIX Security Symposium. 1998.

12.

Liu

Flores

Bridge

. A comparison of input representations in neural networks: a case study in intrusion detection. Proceedings of the 2002 International Joint Conference on Neural Networks. 2002.

13.

Chen

Hsu

Shen

. Applications of SVM and ANN for intrusion detection. Computer & Operations Research. 2005; 32(10): 2617-2634.

14.

Liao

Vemuri

. Use of k-nearest neighbor classifier for intrusion detection. Computer & Security. 2002; 21(5): 439-448.

15.

Warrender

Forrest

Pearmutter

. Detecting intrusions using system calls: alternative data models. Proceedings of IEEE Symposium on Security and Privacy. 1999; 133-145.

16.

Jiang

Song

Wang

Han

Li Q.

. A cluster-based method for unsupervised intrusion detections. Pattern Recognition Letters. 2006; 27: 802-810.

17.

Eskin

, et al. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. Application of Data Mining in Computer Security. 2002; 4.

18.

Jiang

. Automatic text classification from labeled and unlabeled data. Intelligent Data Analysis for Real-Life Applications: Theory and Practic. 2012.

19.

Chen

Gong

Tian

. Semi-supervised learning methods for network intrusion detection. Proceedings of the 2008 International Conference on Systems, Man and Cybernetics. 2008.

20.

The international knowledge discovery and data mining tools competition dataset KDD-cup. http://kdd.ics.uci.edu/datasets/kddcup99/kddcup99.html.

21.

Freund

Schapire

. Experiments with a new boosting algorithm. Proceedings of the 13th International Conference in Machine Learning. 1996; 148-156.

22.

Tavallaee

Bagheri

Ghorbani

. A detailed analysis of the KDD CUP 99 data set. Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. 2009.

23.

Ruck

, et al. The multilayer perceptron as an approximation to a bayes optimal discriminant function. IEEE Transactions on Neural Networks. 1990; 1(4): 296-298.

24.

Christianini

Shawe-Taylor

. An introduction to support vector machines and other kernel-based learning methods. Cambridge University Press. 2000.

25.

Quinlan

. C4.5: programs for machine learning. Morgan Kaufmann. 1993.

26.

Breiman

. Random forest. Machine Learning. 2001; 45(1): 5-12.

27.

Galar

, et al. A review on ensembles for the class imbalance problem: bagging-, boosting-, and hybrid-based approaches. IEEE Transaction on Systems, Man and Cybernetics, Part C (Applications and Reviews). 2012; 42(4): 463-484.

A semi-supervised learning model for intrusion detection

Abstract

Keywords

Get full access to this article

References