A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection

Ill-Young Weon, Doo-Heon Song, Sung-Bum Ko and Chang-Hoon Lee
Volume: 1, No: 1, Page: 14 ~ 21, Year: 2005

Keywords: Multiple Instance Learning Problem, Network Intrusion Detection, Anomaly Detection
Full Text:

Abstract
Even though mainly statistical methods have been used in anomaly network intrusion detection, to detect various attack types, machine learning based anomaly detection was introduced. Machine learning based anomaly detection started from research applying traditional learning algorithms of artificial intelligence to intrusion detection. However, detection rates of these methods are not satisfactory. Especially, high false positive and repeated alarms about the same attack are problems. The main reason for this is that one packet is used as a basic learning unit. Most attacks consist of more than one packet. In addition, an attack does not lead to a consecutive packet stream. Therefore, with grouping of related packets, a new approach of group-based learning and detection is needed. This type of approach is similar to that of multiple-instance problems in the artificial intelligence community, which cannot clearly classify one instance, but classification of a group is possible. We suggest group generation algorithm grouping related packets, and a learning algorithm based on a unit of such group. To verify the usefulness of the suggested algorithm, 1998 DARPA data was used and the results show that our approach is quite useful.

Article Statistics
Multiple requests among the same broswer session are counted as one view (or download).
If you mouse over a chart, a box will show the data point's value.


Cite this article
IEEE Style
Ill-Young Weon, Doo-Heon Song, Sung-Bum Ko, and Chang-Hoon Lee, "A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection," Journal of Information Processing Systems, vol. 1, no. 1, pp. 14~21, 2005. DOI: .

ACM Style
Ill-Young Weon, Doo-Heon Song, Sung-Bum Ko, and Chang-Hoon Lee, "A Multiple Instance Learning Problem Approach Model to Anomaly Network Intrusion Detection," Journal of Information Processing Systems, 1, 1, (2005), 14~21. DOI: .