Sciweavers

ICIAP
2005
ACM

Learning Intrusion Detection: Supervised or Unsupervised?

15 years 16 days ago
Learning Intrusion Detection: Supervised or Unsupervised?
Abstract. Application and development of specialized machine learning techniques is gaining increasing attention in the intrusion detection community. A variety of learning techniques proposed for different intrusion detection problems can be roughly classified into two broad categories: supervised (classification) and unsupervised (anomaly detection and clustering). In this contribution we develop an experimental framework for comparative analysis of both kinds of learning techniques. In our framework we cast unsupervised techniques into a special case of classification, for which training and model selection can be performed by means of ROC analysis. We then investigate both kinds of learning techniques with respect to their detection accuracy and ability to detect unknown attacks.
Pavel Laskov, Patrick Düssel, Christin Sch&au
Added 08 Dec 2009
Updated 08 Dec 2009
Type Conference
Year 2005
Where ICIAP
Authors Pavel Laskov, Patrick Düssel, Christin Schäfer, Konrad Rieck
Comments (0)