A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection


Ill-Young Weon, Doo-Heon Song, Sung-Bum Ko, Chang-Hoon Lee, Journal of Information Processing Systems Vol. 1, No. 1, pp. 14-21, Dec. 2005  


Keywords: Multiple Instance Learning Problem, Network Intrusion Detection, Anomaly Detection
Fulltext:

Abstract

Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.




Cite this article
[APA Style]
Weon, I., Song, ., Ko, ., & Lee, . (2005). A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection. Journal of Information Processing Systems, 1(1), 14-21. DOI: .

[IEEE Style]
I. Weon, , , , "A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection," Journal of Information Processing Systems, vol. 1, no. 1, pp. 14-21, 2005. DOI: .

[ACM Style]
Ill-Young Weon, Doo-Heon Song, Sung-Bum Ko, and Chang-Hoon Lee. 2005. A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection. Journal of Information Processing Systems, 1, 1, (2005), 14-21. DOI: .