Title :
An Anomaly Intrusion Detection Model Based on Limited Labeled Instances
Author :
Guo, Shan-Qing ; Zhao, Zhong-Hua
Author_Institution :
Sch. of Comput. Sci. & Technol., Shandong Univ., Jinan
Abstract :
Unsupervised or supervised anomaly intrusion detection techniques have great utility with the context of network intrusion detection system. However, large amount of labeled attack instances used by supervised approaches are difficult to obtain. And this makes most existing supervised techniques hardly be implemented in the real world. Unsupervised methods are superior in their independency on prior knowledge, but it is also very difficult for these methods to achieve high detection rate as well as low false positive rate. In this paper, we proposed an anomaly intrusion detection model based on small labeled instances that outperform existing unsupervised methods with a detection performance very close to that of the supervised one. We evaluated our methods by conducting experiments with network records from the KDD CUP 1999 data set. The results showed that our algorithm is an efficient method in detecting both known and unknown attacks.
Keywords :
security of data; KDD CUP 1999 data set; anomaly intrusion detection model; network intrusion detection system; Clustering algorithms; Computer science; Computer security; Context modeling; Costs; Electronic commerce; Information processing; Internet; Intrusion detection; Shape; Intrusion detection; density-based clustering algorithm; k-means;
Conference_Titel :
Electronic Commerce and Security, 2008 International Symposium on
Conference_Location :
Guangzhou City
Print_ISBN :
978-0-7695-3258-5
DOI :
10.1109/ISECS.2008.26
