SSIDS: Semi-Supervised Intrusion Detection System by Extending the Logical Analysis of Data

Prevention of cyber attacks on the critical network resources has become an important issue as the traditional Intrusion Detection Systems (IDSs) are no longer effective due to the high volume of network traffic and the deceptive patterns of network usage employed by the attackers. Lack of sufficient amount of labeled observations for the training of IDSs makes the semi-supervised IDSs a preferred choice. We propose a semi-supervised IDS by extending a data analysis technique known as Logical Analysis of Data, or LAD in short, which was proposed as a supervised learning approach. LAD uses partially defined Boolean functions (pdBf) and their extensions to find the positive and the negative patterns from the past observations for classification of future observations. We extend the LAD to make it semi-supervised to design an IDS. The proposed SSIDS consists of two phases: offline and online. The offline phase builds the classifier by identifying the behavior patterns of normal and abnormal network usage. Later, these patterns are transformed into rules for classification and the rules are used during the online phase for the detection of abnormal network behaviors. The performance of the proposed SSIDS is far better than the existing semi-supervised IDSs and comparable with the supervised IDSs as evident from the experimental results