2005
DOI: 10.1007/11553595_6
|View full text |Cite
|
Sign up to set email alerts
|

Learning Intrusion Detection: Supervised or Unsupervised?

Abstract: Abstract. Application and development of specialized machine learning techniques is gaining increasing attention in the intrusion detection community. A variety of learning techniques proposed for different intrusion detection problems can be roughly classified into two broad categories: supervised (classification) and unsupervised (anomaly detection and clustering). In this contribution we develop an experimental framework for comparative analysis of both kinds of learning techniques. In our framework we cast… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

2
113
0
1

Year Published

2006
2006
2020
2020

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 180 publications
(122 citation statements)
references
References 11 publications
2
113
0
1
Order By: Relevance
“…The KDD dataset is the most frequently used dataset to test machine learning algorithms in the intrusion detection domain (e.g. [34][35][36]). Training and testing datasets were created at Columbia University.…”
Section: Methodsmentioning
confidence: 99%
See 1 more Smart Citation
“…The KDD dataset is the most frequently used dataset to test machine learning algorithms in the intrusion detection domain (e.g. [34][35][36]). Training and testing datasets were created at Columbia University.…”
Section: Methodsmentioning
confidence: 99%
“…The former allowed the comparison with previous research whereas the latter focused on a more realistic situation. The filtering process consisted of getting rid of the most common attack types both in training and test datasets in order to get an attack rate under 5% (this filtering rate has also been chosen by [35]). It is important to comment that the detection process becomes a harder task after filtering.…”
Section: Methodsmentioning
confidence: 99%
“…In principle, any unsupervised method applies to the involved representation process; Self-Organizing Maps [1] and Vector Quantization-based methods [5] have had a considerable success in supporting IDS's technology. As compared with those models, projection based approaches offer the crucial advantage of combining compression ability and the support for graphical, intuitive representation.…”
Section: Using Projection Methods For Visual Based Ids'smentioning
confidence: 99%
“…Intrusion Detection Systems (IDS's) [1] monitor traffic in computer networks and take, or suggest, defensive actions when they detect suspect activities. IDS's are common elements in modern infrastructures to enforce network policies.…”
Section: Introductionmentioning
confidence: 99%
“…At the same time, a robust unsupervised classification algorithm could possibly eliminate the need for a human analyst in the assignment of labels to unknown attack types by fully automating the labeling process. Moreover, it is important to realize the two main issues associated with pre-label processing in intrusion detection as was concluded by [6], i.e., it can be extremely difficult or impossible to obtain labels, and one can never be completely sure that a set of available labeled examples reflect all possible existing attacks in a real-world application.…”
Section: Introductionmentioning
confidence: 99%