ABSTRACT
With the developing of Internet, network intrusion has become more and more common. Quickly identifying and preventing network attacks is getting increasingly more important and difficult. Machine learning techniques have already proven to be robust methods in detecting malicious activities and network threats. Ensemble-based and semi-supervised learning methods are some of the areas that receive most attention in machine learning today. However relatively little attention has been given in combining these methods. To overcome such limitations, this paper proposes a novel network anomaly detection method by using a combination of a tri-training approach with Adaboost algorithms. The bootstrap samples of tri-training are replaced by three different Adaboost algorithms to create the diversity. We run 30 iteration for every simulation to obtain the average results. Simulations indicate that our proposed semi-supervised Adaboost algorithm is reproducible and consistent over a different number of runs. It outperforms other state-of-the-art learning algorithms, even with a small part of labeled data in the training phase. Specifically, it has a very short execution time and a good balance between the detection rate as well as the false-alarm rate.
- D. M. Farid, M. Z. Rahman, and C. M. Rahman. Adaptive intrusion detection based on boosting and naïve bayesian classifier. International Journal of Computer Applications, 24(3):12--19, 2011.Google ScholarCross Ref
- R. C. Holte. Very simple classification rules perform well on most commonly used datasets. Machine learning, 11(1):63--90, 1993. Google ScholarDigital Library
- W. Hu, W. Hu, and S. Maybank. Adaboost-based algorithm for network intrusion detection. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 38(2):577--583, 2008. Google ScholarDigital Library
- J. Li, W. Zhang, and K. Li. A novel semi-supervised svm based on tri-training for intrusition detection. Journal of computers, 5(4):638--645, 2010.Google ScholarCross Ref
- M. Lichman. UCI machine learning repository, 2013.Google Scholar
- R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. The 1999 darpa off-line intrusion detection evaluation. Computer networks, 34(4):579--595, 2000. Google ScholarDigital Library
- S. Mukkamala, A. H. Sung, and A. Abraham. Intrusion detection using an ensemble of intelligent paradigms. Journal of network and computer applications, 28(2):167--182, 2005. Google ScholarDigital Library
- T. P. Tran, L. Cao, D. Tran, and C. D. Nguyen. Novel intrusion detection using probabilistic neural network and adaptive boosting. arXiv preprint arXiv:0911.0485, 2009.Google Scholar
- S. X. Wu and W. Banzhaf. The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 10(1):1--35, 2010. Google ScholarDigital Library
- Z.-H. Zhou and M. Li. Tri-training: Exploiting unlabeled data using three classifiers. IEEE Transactions on knowledge and Data Engineering, 17(11):1529--1541, 2005. Google ScholarDigital Library
Index Terms
- A Novel Semi-Supervised Adaboost Technique for Network Anomaly Detection
Recommendations
Semi-supervised Deep Learning for Network Anomaly Detection
Algorithms and Architectures for Parallel ProcessingAbstractDeep learning promotes the fields of image processing, machine translation and natural language processing etc. It also can be used in network anomaly detection. In practice, it is not hard to obtain normal instances. However, it is always ...
The base-rate fallacy and the difficulty of intrusion detection
Many different demands can be made of intrusion detection systems. An important requirement is that an intrusion detection system be effective; that is, it should detect a substantial percentage of intrusions into the supervised system, while still ...
Using Naive Bayes with AdaBoost to Enhance Network Anomaly Intrusion Detection
ICINIS '10: Proceedings of the 2010 Third International Conference on Intelligent Networks and Intelligent SystemsClassical intrusion detection system tends to identify attacks by using a set of rules known as signatures defined before the attack, this kind of detection is known as misuse intrusion detection. But reality is not always quantifiable, and this drives ...
Comments