1 research outputs found
SSIDS: Semi-Supervised Intrusion Detection System by Extending the Logical Analysis of Data
Prevention of cyber attacks on the critical network resources has become an
important issue as the traditional Intrusion Detection Systems (IDSs) are no
longer effective due to the high volume of network traffic and the deceptive
patterns of network usage employed by the attackers. Lack of sufficient amount
of labeled observations for the training of IDSs makes the semi-supervised IDSs
a preferred choice. We propose a semi-supervised IDS by extending a data
analysis technique known as Logical Analysis of Data, or LAD in short, which
was proposed as a supervised learning approach. LAD uses partially defined
Boolean functions (pdBf) and their extensions to find the positive and the
negative patterns from the past observations for classification of future
observations. We extend the LAD to make it semi-supervised to design an IDS.
The proposed SSIDS consists of two phases: offline and online. The offline
phase builds the classifier by identifying the behavior patterns of normal and
abnormal network usage. Later, these patterns are transformed into rules for
classification and the rules are used during the online phase for the detection
of abnormal network behaviors. The performance of the proposed SSIDS is far
better than the existing semi-supervised IDSs and comparable with the
supervised IDSs as evident from the experimental results