Skip to Main content Skip to Navigation
Conference papers

Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic

Abstract : Intrusion detection systems (IDS) analyse network traffic data with the goal to reveal malicious activities and incidents. A general problem with learning within this domain is a lack of relevant ground truth data, i.e. real attacks, capturing malicious behaviors in their full variety. Most of existing solutions thus, up to a certain level, rely on rules designed by network domain experts. Although there are advantages to the use of rules, they lack the basic ability of adapting to traffic data. As a result, we propose an ensemble tree bagging classifier, capable of learning from an extremely small number of true attack representatives, and demonstrate that, incorporating a general background traffic, we are able to generalize from those few representatives to achieve competitive results to the expert designed rules used in existing IDS Camnep.
Complete list of metadatas

Cited literature [28 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Tuesday, December 6, 2016 - 2:44:33 PM
Last modification on : Tuesday, January 5, 2021 - 9:56:02 AM
Long-term archiving on: : Tuesday, March 21, 2017 - 2:42:16 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Gustav Šourek, Ondřej Kuželka, Filip Železný. Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic. 9th Autonomous Infrastructure, Management, and Security (AIMS), Jun 2015, Ghent, Belgium. pp.73-86, ⟨10.1007/978-3-319-20034-7_9⟩. ⟨hal-01410151⟩



Record views


Files downloads