%0 Conference Proceedings
%T Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic
%+ Czech Technical University in Prague (CTU)
%+ Cardiff University
%A Šourek, Gustav
%A Kuželka, Ondřej
%A Železný, Filip
%Z Part 3: Security, Privacy, and Measurements
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 9th Autonomous Infrastructure, Management, and Security (AIMS)
%C Ghent, Belgium
%Y Steven Latré
%Y Marinos Charalambides
%Y Jérôme François
%Y Corinna Schmitt
%Y Burkhard Stiller
%I Springer
%3 Intelligent Mechanisms for Network Configuration and Security
%V LNCS-9122
%P 73-86
%8 2015-06-22
%D 2015
%R 10.1007/978-3-319-20034-7_9
%K Intrusion detection
%K Random forests
%K NetFlow
%K Camnep
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Intrusion detection systems (IDS) analyse network traffic data with the goal to reveal malicious activities and incidents. A general problem with learning within this domain is a lack of relevant ground truth data, i.e. real attacks, capturing malicious behaviors in their full variety. Most of existing solutions thus, up to a certain level, rely on rules designed by network domain experts. Although there are advantages to the use of rules, they lack the basic ability of adapting to traffic data. As a result, we propose an ensemble tree bagging classifier, capable of learning from an extremely small number of true attack representatives, and demonstrate that, incorporating a general background traffic, we are able to generalize from those few representatives to achieve competitive results to the expert designed rules used in existing IDS Camnep.
%G English
%Z TC 6
%Z WG 6.6
%2 https://hal.science/hal-01410151/document
%2 https://hal.science/hal-01410151/file/978-3-319-20034-7_9_Chapter.pdf
%L hal-01410151
%U https://hal.science/hal-01410151
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-AIMS
%~ IFIP-WG6-6
%~ IFIP-LNCS-9122