Active Learning for Network Intrusion Detection
Amir Ziai

TL;DR
This paper proposes an active learning framework to improve network intrusion detection by efficiently selecting labeled data, reducing labeling effort while enhancing anomaly detection accuracy.
Contribution
It introduces a novel active learning methodology tailored for network intrusion detection, optimizing label efficiency and detection performance.
Findings
Active learning reduces labeling effort needed for effective detection.
Sampling strategies significantly impact detection accuracy.
Framework adaptable to various intrusion detection models.
Abstract
Network operators are generally aware of common attack vectors that they defend against. For most networks the vast majority of traffic is legitimate. However new attack vectors are continually designed and attempted by bad actors which bypass detection and go unnoticed due to low volume. One strategy for finding such activity is to look for anomalous behavior. Investigating anomalous behavior requires significant time and resources. Collecting a large number of labeled examples for training supervised models is both prohibitively expensive and subject to obsoletion as new attacks surface. A purely unsupervised methodology is ideal; however, research has shown that even a very small number of labeled examples can significantly improve the quality of anomaly detection. A methodology that minimizes the number of required labels while maximizing the quality of detection is desirable. False…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Anomaly Detection Techniques and Applications · Advanced Malware Detection Techniques
