Using active learning in intrusion detection

Proceedings of the Computer Security Foundations Workshop

Volumn 17, Issue , 2004, Pages 88-98

  Almgren, Magnus ^a   Jonsson, Erland ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

Active learning; Intrusion detection

Indexed keywords

ALGORITHMS; COMPUTATIONAL COMPLEXITY; COMPUTER SYSTEMS; DATA ACQUISITION; SECURITY OF DATA;

ACTIVE LEARNING; DETECTION ACCURACY; INTRUSION DETECTION; POOL-BASED ACTIVE LEARNING;

LEARNING SYSTEMS;

EID: 4944242926     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (25)

1. D. Andersen, T. Frivold, and A. Valdes. Next-generation intrusion-detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, Menlo Park, California, May 1995.
2. T. U. K. Archive. Kdd cup 1999 data: Intrusion detection. Internet, http://kdd.les.uci.edu/databases/kddcup99/kddcup99.html.
3. S. Axelsson. Research in intrusion-detection systems: A survey. Technical Report 98-17, Department of Computer Engineering, Chalmers University of Technology, Göteborg, Sweden, Dec. 15, 1998.
4. F.G. Cozman and I. Cohen. Unlabeled data can degrade classification performance of generative classifiers. In Fifteenth International Florida Artificial Intelligence Society Conference, pages 327-331, 2002.
5. N. Cristianini and J. Shawe-Taylor. An Introduction to Support Vector Machines and other kernel-based learning methods. Cambridge University Press, 2000.
6. O. M. Dain and R. K. Cunningham. Building scenarios from a heterogeneous alert stream. In IEEE Workshop on Information Assurance and Security, 2001.
7. A. P. Dempster, N. M. Laird, and D. B. Rubin. Maximum likelihood from incomplete data via the em algorithm. Journal of the Royal Statistical Society, Series B, 39(1):1-38, 1977.
8. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo. A geometric framework for unsupervised anomaly detection. In D. Barbará and S. Jajodia, editors, Applications of Data Mining in Computer Security, Advances in Information Security, pages 77-101. Kluwer Academic Publishers, Boston, 2002.
9. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for Unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 120-128, Oakland, California, May 6-8, 1996.
10. C.-W. Hsu, C.-C. Chang, and C.-J. Lin. A practical guide to support vector classification. Internet. http://www.csie.ntu.edu.tw/~cjlin/papers/guide/ guide.pdf.
11. T. Joachims. Text categorization with support vector machines: Learning with many relevant features. In Proceedings of the European Conference on Machine Learning (ECML). Springer-Verlag, 1998.
12. T. Joachims. Making large-scale SVM learning practical. In B. Schölkopf, C. Burges, and A. Smola, editors, Advances in Kernel Methods - Support Vector Learning. The MIT Press, 1999.
13. W. Lee, S. J. Stolfo, and K. W. Mok. A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 120-132, Oakland, California, May 9-12, 1999.
14. DARPA intrusion detection evaluation. Internet. http://www.ll.mit.edu/ IST/ideval/data/data_index.html.
15. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In DARPA Information Survivability Conference and Exposition (DISCEX), volume 2, pages 12-26, Hilton Head, South Carolina, Jan. 25-27 2000.
16. E. Lundin, H. Kvarnström, and E. Jonsson. A synthetic fraud data generation methodology. In R. H. Deng, S. Qing, F. Bao, and J. Zhou, editors, Proceedings of the 4th International Conference on Information and Communications Security (ICICS 2002), volume 2513 of Lecture Notes in Computer Science. Springer-Verlag, 2002.
17. J. McHugh. The 1998 Lincoln Laboratory IDS evaluation: A critique. In Recent Advances in Intrusion Detection (RAID 2000), pages 145-161, Toulouse, France, Oct. 2-4 2000. Lecture Notes in Computer Science #1907, Springer-Verlag, Berlin.
18. P. A. Porras and R. A. Kemmerer. Penetration state transition analysis: A rule-based intrusion detection approach. In Proceedings of the Eighth Annual Computer Security Applications Conference, pages 220-229, San Antonio, Texas, Nov. 30-Dec. 4, 1992.
19. P. A. Porras and P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the 20th National Information Systems Security Conference, pages 353-365, Baltimore, Maryland, Oct 7-10, 1997. National Institute of Standards and Technology/National Computer Security Center.
20. M. Roesch. Snort: Lightweight intrusion detection for networks. Is. Proceedings of LISA '99:13th Systems Administration Conference, pages 229-238, Seattle, Washington, Nov. 7-12, 1999.
21. S. Sarawagi and A. Bhamidipaty. Interactive deduplication using active learning. In Proceedings of the Eighth ACM SIGKDD international conference on Knowledge Discovery and Data Mining (SIGKDD 02), pages 269-278, Edmonton, Alberta, Canada, July 23-26, 2002. ACM Press, New York, NY, USA.
22. S. Tong. Active Learning: Theory and Applications. PhD thesis, Stanford University, California, August 2001.
23. S. Tong and D. Koller. Support vector machine active learning with applications to text classification. Machine Learning Research, 2(11):45-66, Nov 2001.
24. A. Valdes and K. Skinner. Adaptive, model-based monitoring for cyber attack detection. In H. Debar, L. Mé, and S. F. Wu, editors, Recent Advances in Intrusion Detection (RAID 2000), volume 1907 of LNCS, pages 80-92, Toulouse, France, Oct. 2-4, 2000. Springer-Verlag.
25. M. K. Warmuth, G. Rätsch, M. Mathieson, I. Liao, and C. Lemmen. Active learning in the drug discovery process. In Neural Information Processing Systems (NIPS01), 2001.