An Anomaly Intrusion Detection Model Based on Limited Labeled Instances

Unsupervised or supervised anomaly intrusion detection techniques have great utility with the context of network intrusion detection system. However, large amount of labeled attack instances used by supervised approaches are difficult to obtain. And this makes most existing supervised techniques hardly be implemented in the real world. Unsupervised methods are superior in their independency on prior knowledge, but it is also very difficult for these methods to achieve high detection rate as well as low false positive rate. In this paper, we proposed an anomaly intrusion detection model based on small labeled instances that outperform existing unsupervised methods with a detection performance very close to that of the supervised one. We evaluated our methods by conducting experiments with network records from the KDD CUP 1999 data set. The results showed that our algorithm is an efficient method in detecting both known and unknown attacks.