SSIDS: Semi-Supervised Intrusion Detection System by Extending the Logical Analysis of Data

TL;DR

This paper introduces SSIDS, a semi-supervised intrusion detection system that extends Logical Analysis of Data to effectively identify cyber threats using minimal labeled data, outperforming existing semi-supervised methods.

Contribution

It extends LAD to a semi-supervised framework for intrusion detection, enabling effective classification with limited labeled data and demonstrating superior performance over existing semi-supervised IDSs.

Findings

Performance far better than existing semi-supervised IDSs

Comparable to supervised IDSs in detection accuracy

Effective in identifying abnormal network behaviors

Abstract

Prevention of cyber attacks on the critical network resources has become an important issue as the traditional Intrusion Detection Systems (IDSs) are no longer effective due to the high volume of network traffic and the deceptive patterns of network usage employed by the attackers. Lack of sufficient amount of labeled observations for the training of IDSs makes the semi-supervised IDSs a preferred choice. We propose a semi-supervised IDS by extending a data analysis technique known as Logical Analysis of Data, or LAD in short, which was proposed as a supervised learning approach. LAD uses partially defined Boolean functions (pdBf) and their extensions to find the positive and the negative patterns from the past observations for classification of future observations. We extend the LAD to make it semi-supervised to design an IDS. The proposed SSIDS consists of two phases: offline and online. The offline phase builds the classifier by identifying the behavior patterns of normal and abnormal network usage. Later, these patterns are transformed into rules for classification and the rules are used during the online phase for the detection of abnormal network behaviors. The performance of the proposed SSIDS is far better than the existing semi-supervised IDSs and comparable with the supervised IDSs as evident from the experimental results.