Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset

Jan Klein, Sandjai Bhulai, Mark Hoogendoorn, Rob Van Der Mei, Raymond Hinfelaar

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

229 Downloads (Pure)

Abstract

This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

Original languageEnglish
Title of host publicationProceedings - 2018 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018
PublisherIEEE
Pages784-787
Number of pages4
ISBN (Electronic)9781538673256
DOIs
Publication statusPublished - 10 Jan 2019
Event18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018 - Santiago, Chile
Duration: 3 Dec 20186 Dec 2018

Conference

Conference18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018
CountryChile
CitySantiago
Period3/12/186/12/18

Keywords

  • Autoencoder
  • Cybersecurity
  • Gradient boosting machine
  • Intrusion detection
  • Partially labeled

Fingerprint Dive into the research topics of 'Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset'. Together they form a unique fingerprint.

Cite this