short-paper

A Novel Semi-Supervised Adaboost Technique for Network Anomaly Detection

Authors:
Yali Yuan

Institute of Computer Science, Goettingen, Germany

Institute of Computer Science, Goettingen, Germany
View Profile

,
Georgios Kaklamanos

Gesellschaft für wissenschaftliche Datenverarbeitung mbH Goettingen (GWDG), Goettingen, Germany

Gesellschaft für wissenschaftliche Datenverarbeitung mbH Goettingen (GWDG), Goettingen, Germany
View Profile

,
Dieter Hogrefe

Institute of Computer Science, Goettingen, Germany

Institute of Computer Science, Goettingen, Germany
View Profile

MSWiM '16: Proceedings of the 19th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile SystemsNovember 2016Pages 111–114https://doi.org/10.1145/2988287.2989177

Published:13 November 2016Publication History

MSWiM '16: Proceedings of the 19th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems

Pages 111–114

ABSTRACT

With the developing of Internet, network intrusion has become more and more common. Quickly identifying and preventing network attacks is getting increasingly more important and difficult. Machine learning techniques have already proven to be robust methods in detecting malicious activities and network threats. Ensemble-based and semi-supervised learning methods are some of the areas that receive most attention in machine learning today. However relatively little attention has been given in combining these methods. To overcome such limitations, this paper proposes a novel network anomaly detection method by using a combination of a tri-training approach with Adaboost algorithms. The bootstrap samples of tri-training are replaced by three different Adaboost algorithms to create the diversity. We run 30 iteration for every simulation to obtain the average results. Simulations indicate that our proposed semi-supervised Adaboost algorithm is reproducible and consistent over a different number of runs. It outperforms other state-of-the-art learning algorithms, even with a small part of labeled data in the training phase. Specifically, it has a very short execution time and a good balance between the detection rate as well as the false-alarm rate.

References

D. M. Farid, M. Z. Rahman, and C. M. Rahman. Adaptive intrusion detection based on boosting and naïve bayesian classifier. International Journal of Computer Applications, 24(3):12--19, 2011.Google ScholarCross Ref
R. C. Holte. Very simple classification rules perform well on most commonly used datasets. Machine learning, 11(1):63--90, 1993. Google ScholarDigital Library
W. Hu, W. Hu, and S. Maybank. Adaboost-based algorithm for network intrusion detection. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 38(2):577--583, 2008. Google ScholarDigital Library
J. Li, W. Zhang, and K. Li. A novel semi-supervised svm based on tri-training for intrusition detection. Journal of computers, 5(4):638--645, 2010.Google ScholarCross Ref
M. Lichman. UCI machine learning repository, 2013.Google Scholar
R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. The 1999 darpa off-line intrusion detection evaluation. Computer networks, 34(4):579--595, 2000. Google ScholarDigital Library
S. Mukkamala, A. H. Sung, and A. Abraham. Intrusion detection using an ensemble of intelligent paradigms. Journal of network and computer applications, 28(2):167--182, 2005. Google ScholarDigital Library
T. P. Tran, L. Cao, D. Tran, and C. D. Nguyen. Novel intrusion detection using probabilistic neural network and adaptive boosting. arXiv preprint arXiv:0911.0485, 2009.Google Scholar
S. X. Wu and W. Banzhaf. The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 10(1):1--35, 2010. Google ScholarDigital Library
Z.-H. Zhou and M. Li. Tri-training: Exploiting unlabeled data using three classifiers. IEEE Transactions on knowledge and Data Engineering, 17(11):1529--1541, 2005. Google ScholarDigital Library

Index Terms

A Novel Semi-Supervised Adaboost Technique for Network Anomaly Detection
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

Semi-supervised Deep Learning for Network Anomaly Detection
Algorithms and Architectures for Parallel Processing
Abstract
Deep learning promotes the fields of image processing, machine translation and natural language processing etc. It also can be used in network anomaly detection. In practice, it is not hard to obtain normal instances. However, it is always ...
Read More
The base-rate fallacy and the difficulty of intrusion detection

Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be effective; that is, it should detect a substantial percentage of intrusions into the supervised system, while still ...
Read More
Using Naive Bayes with AdaBoost to Enhance Network Anomaly Intrusion Detection
ICINIS '10: Proceedings of the 2010 Third International Conference on Intelligent Networks and Intelligent Systems

Classical intrusion detection system tends to identify attacks by using a set of rules known as signatures defined before the attack, this kind of detection is known as misuse intrusion detection. But reality is not always quantifiable, and this drives ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MSWiM '16: Proceedings of the 19th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems
November 2016
370 pages
ISBN:9781450345026
DOI:10.1145/2988287
General Chair:
Albert Zomaya
University of Sydney, Australia
,
Program Chairs:
Geyong Min
University of Exeter, UK
,
Antonio F. Loureiro
Federal University of Minas Gerais, Brazil
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 November 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
adaboost algorithms
detection rate
execution time
false alarm rate
network anomaly detection
tri-training approach
Qualifiers
- short-paper
Conference

Acceptance Rates
MSWiM '16 Paper Acceptance Rate36of138submissions,26%Overall Acceptance Rate398of1,577submissions,25%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 15
  Total Citations
  View Citations
- 297
  Total Downloads
- Downloads (Last 12 months)20
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A Novel Semi-Supervised Adaboost Technique for Network Anomaly Detection

MSWiM '16: Proceedings of the 19th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Semi-supervised Deep Learning for Network Anomaly Detection

The base-rate fallacy and the difficulty of intrusion detection

Using Naive Bayes with AdaBoost to Enhance Network Anomaly Intrusion Detection