Abstract
Network intrusion detection is an important network security infrastructure. Although numerous studies based on machine learning have explored how to enable intrusion detection to detect unknown novel attack types, so called anomaly detection, little work focuses on using attribute learning methods. An important application of attribute learning is zero-shot learning, which can be used to solve the anomaly detection problem. In this paper, we propose an attribute learning method. A pipeline framework using random forest feature selection and DBSCAN clustering attribute conversion is introduced to convert raw network data into attributes. A comprehensive empirical evaluation demonstrates that our proposed framework sustains the data information effectively and outperforms the state-of-the-art approaches. An extra zero-shot learning experiment show that our attribute approach works well in zero-shot learning scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akata, Z., Perronnin, F., Harchaoui, Z., Schmid, C.: Label-embedding for image classification. IEEE Trans. Pattern Anal. Mach. Intell. 38(7), 1425–1438 (2016)
Akata, Z., Reed, S., Walter, D., Lee, H., Schiele, B.: Evaluation of output embeddings for fine-grained image classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2927–2936 (2015)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Changpinyo, S., Chao, W.L., Gong, B., Sha, F.: Synthesized classifiers for zero-shot learning. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 5327–5336 (2016)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)
Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn. 58, 121–134 (2016)
Farhadi, A., Endres, I., Hoiem, D., Forsyth, D.: Describing objects by their attributes. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2009, pp. 1778–1785. IEEE (2009)
Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013)
Frome, A., Corrado, G.S., Shlens, J., Bengio, S., Dean, J., Mikolov, T., et al.: Devise: a deep visual-semantic embedding model. In: Advances in Neural Information Processing Systems, pp. 2121–2129 (2013)
Heberlein, T.: Network Security Monitor (NSM)-final Report. UC Davis, Davis (1995)
Lampert, C.H., Nickisch, H., Harmeling, S.: Attribute-based classification for zero-shot visual object categorization. IEEE Trans. Pattern Anal. Mach. Intell. 36(3), 453–465 (2014)
Li, Z., Qin, Z.: A semantic parsing based LSTM model for intrusion detection. In: Cheng, L., Leung, A.C.S., Ozawa, S. (eds.) ICONIP 2018. LNCS, vol. 11304, pp. 600–609. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04212-7_53
Li, Z., Qin, Z., Huang, K., Yang, X., Ye, S.: Intrusion detection using convolutional neural networks for representation learning. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 858–866. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_87
Norouzi, M., et al.: Zero-shot learning by convex combination of semantic embeddings. arXiv preprint. arXiv:1312.5650 (2013)
Parikh, D., Grauman, K.: Interactively building a discriminative vocabulary of nameable attributes. In: 2011 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1681–1688. IEEE (2011)
Pérez, J.L.R., Ribeiro, B.: Attribute learning for network intrusion detection. In: Angelov, P., Manolopoulos, Y., Iliadis, L., Roy, A., Vellasco, M. (eds.) INNS 2016. AISC, vol. 529, pp. 39–49. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-47898-2_5
Rivero, J., Ribeiro, B., Chen, N., Leite, F.S.: A Grassmannian approach to zero-shot learning for network intrusion detection. In: International Conference on Neural Information Processing, pp. 565–575. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70087-8_59
Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, pp. 229–238 (1999)
Rohrbach, M., Stark, M., Schiele, B.: Evaluating knowledge transfer and zero-shot learning in a large-scale setting. In: 2011 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1641–1648. IEEE (2011)
Socher, R., Ganjoo, M., Manning, C.D., Ng, A.: Zero-shot learning through cross-modal transfer. In: Advances in Neural Information Processing Systems, pp. 935–943 (2013)
Souri, Y., Noury, E., Adeli, E.: Deep relative attributes. In: Lai, S.-H., Lepetit, V., Nishino, K., Sato, Y. (eds.) ACCV 2016. LNCS, vol. 10115, pp. 118–133. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54193-8_8
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)
Welinder, P., et al.: Caltech-UCSD birds 200 (2010)
Xian, Y., Akata, Z., Sharma, G., Nguyen, Q., Hein, M., Schiele, B.: Latent embeddings for zero-shot classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 69–77 (2016)
Zhang, Z., Saligrama, V.: Zero-shot learning via semantic similarity embedding. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 4166–4174 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, Z., Qin, Z., Shen, P., Jiang, L. (2019). Zero-Shot Learning for Intrusion Detection via Attribute Representation. In: Gedeon, T., Wong, K., Lee, M. (eds) Neural Information Processing. ICONIP 2019. Lecture Notes in Computer Science(), vol 11953. Springer, Cham. https://doi.org/10.1007/978-3-030-36708-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-36708-4_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36707-7
Online ISBN: 978-3-030-36708-4
eBook Packages: Computer ScienceComputer Science (R0)