Online Feature Selected Semi-Supervised Decision Trees For Network Intrusion Detection
NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium(2016)
摘要
Network intrusion detection systems need to detect abnormal behaviour in network data as soon as possible and with as little user intervention as possible. In this paper, we describe a semi-supervised network anomaly detection system. Our system uses online clustering to summarize the available network data. Clusters are represented using extended cluster features that comprise of not only features related to the original features, but also features that describe the relationships between clusters. Each cluster is labeled by the user as anomaly or normal and then a decision tree is trained based on this information. The incoming new data is labeled according to the output of the decision tree. We show that this system achieves much better performance than an unsupervised anomaly detection system. We also show that using online feature selection on the cluster features reduces the decision tree complexity without hindering the accuracy.
更多查看译文
关键词
online feature selected semisupervised decision trees,network intrusion detection,network data,online clustering,decision tree complexity
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络