Learning Intrusion Detection: Supervised or Unsupervised?

14 years 11 months ago

Download user.cs.tu-berlin.de

Abstract. Application and development of specialized machine learning techniques is gaining increasing attention in the intrusion detection community. A variety of learning techniques proposed for different intrusion detection problems can be roughly classified into two broad categories: supervised (classification) and unsupervised (anomaly detection and clustering). In this contribution we develop an experimental framework for comparative analysis of both kinds of learning techniques. In our framework we cast unsupervised techniques into a special case of classification, for which training and model selection can be performed by means of ROC analysis. We then investigate both kinds of learning techniques with respect to their detection accuracy and ability to detect unknown attacks.

Pavel Laskov, Patrick Düssel, Christin Sch&au

Real-time Traffic

ICIAP 2005 | Image Processing | Intrusion Detection Community | Intrusion Detection Problems | Machine Learning Techniques |

claim paper

Post Info
More Details (n/a)

Added	08 Dec 2009
Updated	08 Dec 2009
Type	Conference
Year	2005
Where	ICIAP
Authors	Pavel Laskov, Patrick Düssel, Christin Schäfer, Konrad Rieck

Comments (0)

Sciweavers

Learning Intrusion Detection: Supervised or Unsupervised?

ICIAP 2005 | Image Processing | Intrusion Detection Community | Intrusion Detection Problems | Machine Learning Techniques |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers