Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset

Jan Klein, Sandjai Bhulai, Mark Hoogendoorn, Rob Van Der Mei, Raymond Hinfelaar

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

LanguageEnglish
Title of host publicationProceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018
PublisherIEEE
Pages784-787
Number of pages4
ISBN (Electronic)9781538673256
DOIs
Publication statusPublished - 10 Jan 2019
Event18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018 - Santiago, Chile
Duration: 3 Dec 20186 Dec 2018

Conference

Conference18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018
CountryChile
CitySantiago
Period3/12/186/12/18

Fingerprint

Intrusion detection
Learning systems

Keywords

  • Autoencoder
  • Cybersecurity
  • Gradient boosting machine
  • Intrusion detection
  • Partially labeled

Cite this

Klein, J., Bhulai, S., Hoogendoorn, M., Van Der Mei, R., & Hinfelaar, R. (2019). Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. In Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018 (pp. 784-787). [8609692] IEEE. https://doi.org/10.1109/WI.2018.00017
Klein, Jan ; Bhulai, Sandjai ; Hoogendoorn, Mark ; Van Der Mei, Rob ; Hinfelaar, Raymond. / Detecting Network Intrusion beyond 1999 : Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018. IEEE, 2019. pp. 784-787
@inproceedings{2ac2fb7d0d844dedafdd3c31424588a1,
title = "Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset",
abstract = "This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.",
keywords = "Autoencoder, Cybersecurity, Gradient boosting machine, Intrusion detection, Partially labeled",
author = "Jan Klein and Sandjai Bhulai and Mark Hoogendoorn and {Van Der Mei}, Rob and Raymond Hinfelaar",
year = "2019",
month = "1",
day = "10",
doi = "10.1109/WI.2018.00017",
language = "English",
pages = "784--787",
booktitle = "Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018",
publisher = "IEEE",

}

Klein, J, Bhulai, S, Hoogendoorn, M, Van Der Mei, R & Hinfelaar, R 2019, Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. in Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018., 8609692, IEEE, pp. 784-787, 18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018, Santiago, Chile, 3/12/18. https://doi.org/10.1109/WI.2018.00017

Detecting Network Intrusion beyond 1999 : Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. / Klein, Jan; Bhulai, Sandjai; Hoogendoorn, Mark; Van Der Mei, Rob; Hinfelaar, Raymond.

Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018. IEEE, 2019. p. 784-787 8609692.

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Detecting Network Intrusion beyond 1999

T2 - Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset

AU - Klein, Jan

AU - Bhulai, Sandjai

AU - Hoogendoorn, Mark

AU - Van Der Mei, Rob

AU - Hinfelaar, Raymond

PY - 2019/1/10

Y1 - 2019/1/10

N2 - This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

AB - This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

KW - Autoencoder

KW - Cybersecurity

KW - Gradient boosting machine

KW - Intrusion detection

KW - Partially labeled

UR - http://www.scopus.com/inward/record.url?scp=85061911170&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061911170&partnerID=8YFLogxK

U2 - 10.1109/WI.2018.00017

DO - 10.1109/WI.2018.00017

M3 - Conference contribution

SP - 784

EP - 787

BT - Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018

PB - IEEE

ER -

Klein J, Bhulai S, Hoogendoorn M, Van Der Mei R, Hinfelaar R. Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. In Proceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018. IEEE. 2019. p. 784-787. 8609692 https://doi.org/10.1109/WI.2018.00017