Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset

Jan Klein; Sandjai Bhulai; Mark Hoogendoorn; Rob Van Der Mei; Raymond Hinfelaar

doi:10.1109/WI.2018.00017

Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset

Jan Klein, Sandjai Bhulai, Mark Hoogendoorn, Rob Van Der Mei, Raymond Hinfelaar

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

451 Downloads (Pure)

Abstract

This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

Original language	English
Title of host publication	2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI)
Subtitle of host publication	[Proceedings]
Publisher	IEEE
Pages	784-787
Number of pages	4
ISBN (Electronic)	9781538673256
ISBN (Print)	9781538673263
DOIs	https://doi.org/10.1109/WI.2018.00017
Publication status	Published - 2018
Event	18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018 - Santiago, Chile Duration: 3 Dec 2018 → 6 Dec 2018

Conference

Conference	18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018
Country/Territory	Chile
City	Santiago
Period	3/12/18 → 6/12/18

Keywords

Autoencoder
Cybersecurity
Gradient boosting machine
Intrusion detection
Partially labeled

Access to Document

10.1109/WI.2018.00017

Detecting Network Intrusion Beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity DatasetFinal published version, 285 KBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{2ac2fb7d0d844dedafdd3c31424588a1,

title = "Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset",

abstract = "This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.",

keywords = "Autoencoder, Cybersecurity, Gradient boosting machine, Intrusion detection, Partially labeled",

author = "Jan Klein and Sandjai Bhulai and Mark Hoogendoorn and \{Van Der Mei\}, Rob and Raymond Hinfelaar",

year = "2018",

doi = "10.1109/WI.2018.00017",

language = "English",

isbn = "9781538673263",

pages = "784--787",

booktitle = "2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI)",

publisher = "IEEE",

note = "18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018 ; Conference date: 03-12-2018 Through 06-12-2018",

}

Klein, J, Bhulai, S , Hoogendoorn, M , Van Der Mei, R & Hinfelaar, R 2018, Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. in 2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI): [Proceedings]., 8609692, IEEE, pp. 784-787, 18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018, Santiago, Chile, 3/12/18. https://doi.org/10.1109/WI.2018.00017

Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset. / Klein, Jan; Bhulai, Sandjai ; Hoogendoorn, Mark et al.
2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI): [Proceedings]. IEEE, 2018. p. 784-787 8609692.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Detecting Network Intrusion beyond 1999

T2 - 18th IEEE/WIC/ACM International Conference on Web Intelligence, WI 2018

AU - Klein, Jan

AU - Bhulai, Sandjai

AU - Hoogendoorn, Mark

AU - Van Der Mei, Rob

AU - Hinfelaar, Raymond

PY - 2018

Y1 - 2018

N2 - This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

AB - This paper demonstrates how different machine learning techniques performed on a recent, partially labeled dataset (based on the Locked Shields 2017 exercise) and which features were deemed important. Moreover, a cybersecurity expert analyzed the results and validated that the models were able to classify the known intrusions as malicious and that they discovered new attacks. In a set of 500 detected anomalies, 50 previously unknown intrusions were found. Given that such observations are uncommon, this indicates how well an unlabeled dataset can be used to construct and to evaluate a network intrusion detection system.

KW - Autoencoder

KW - Cybersecurity

KW - Gradient boosting machine

KW - Intrusion detection

KW - Partially labeled

UR - https://www.scopus.com/pages/publications/85061911170

UR - https://www.scopus.com/inward/citedby.url?scp=85061911170&partnerID=8YFLogxK

U2 - 10.1109/WI.2018.00017

DO - 10.1109/WI.2018.00017

M3 - Conference contribution

AN - SCOPUS:85061911170

SN - 9781538673263

SP - 784

EP - 787

BT - 2018 IEEE/WIC/ACM International Conference on Web Intelligence (WI)

PB - IEEE

Y2 - 3 December 2018 through 6 December 2018

ER -

Detecting Network Intrusion beyond 1999: Applying Machine Learning Techniques to a Partially Labeled Cybersecurity Dataset

Abstract

Conference

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this