Title :
Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Author :
Juvonen, Antti ; Sipola, Tuomo
Author_Institution :
Dept. of Math. Inf. Technol., Univ. of Jyvaskyla, Jyvaskyla, Finland
Abstract :
Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown attacks. On the other hand, algorithms used for anomaly detection often have black box qualities that are difficult to understand for people who are not algorithm experts. Rule extraction methods create interpretable rule sets that act as classifiers. They have mostly been combined with already labeled data sets. This paper aims to combine unsupervised anomaly detection with rule extraction techniques to create an online anomaly detection framework. Unsupervised anomaly detection uses diffusion maps and clustering for labeling an unknown data set. Rule sets are created using conjunctive rule extraction algorithm. This research suggests that the combination of machine learning methods and rule extraction is a feasible way to implement network intrusion detection that is meaningful to network administrators.
Keywords :
learning (artificial intelligence); pattern classification; pattern clustering; security of data; black box qualities; classifier; clustering; conjunctive rule extraction; data set labeling; diffusion maps; information networks; machine learning methods; network intrusion detection; network security; online anomaly detection framework; unsupervised anomaly detection; Clustering algorithms; Data mining; Feature extraction; Intrusion detection; Labeling; Testing; Training data; Intrusion detection; anomaly detection; data mining; diffusion map; machine learning; n-gram; rule extraction;
Conference_Titel :
Computers and Communications (ISCC), 2013 IEEE Symposium on
Conference_Location :
Split
DOI :
10.1109/ISCC.2013.6754981
