Article thumbnail

ANALYSIS OF A SEMI-SUPERVISED LEARNING APPROACH TO INTRUSION DETECTION

By Benjamin Harold Klimkowski

Abstract

This thesis addresses the use of a semi-supervised learning (SSL) method in an intrusion detection setting. Specifically, this thesis illustrates the potential benefits and difficulties of using a cluster-then-label (CTL) SSL approach to classify stealth scanning in network flow metadata. A series of controlled tests were performed to show that, in certain situations, a CTL SSL approach could perform comparable to a supervised learner with a fraction of the development effort. This study also balances these findings with pragmatic issues like labeling, noise and feature encoding. While CTL demonstrated accuracy, research is still needed before practical implementations are a reality. The contributions of this work are 1) one of the first studies in the application of SSL in intrusion detection, illustrating the challenges of applying a CTL approach to domain with imbalanced class distributions; 2) the creation of a new intrusion detection dataset; 3) validation of previously established technique

Topics: Computer science, Artificial intelligence, Journalism, Intrusion Detection, Machine learning, Semi-supervised
Year: 2014
OAI identifier: oai:drum.lib.umd.edu:1903/15393
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://hdl.handle.net/1903/153... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.