Reconstructing Classification to Enhance Machine-Learning Based Network Intrusion Detection by Embracing Ambiguity

Chungsik Song, Wenjun Fan, Sang Yoon Chang, Younghee Park*

*Corresponding author for this work

Research output: Chapter in Book or Report/Conference proceedingConference Proceedingpeer-review

3 Citations (Scopus)

Abstract

Network intrusion detection systems (IDS) has efficiently identified the profiles of normal network activities, extracted intrusion patterns, and constructed generalized models to evaluate (un)known attacks using a wide range of machine learning approaches. In spite of the effectiveness of machine learning-based IDS, it has been still challenging to reduce high false alarms due to data misclassification. In this paper, by using multiple decision mechanisms, we propose a new classification method to identify misclassified data and then to classify them into three different classes, called a malicious, benign, and ambiguous dataset. In other words, the ambiguous dataset contains a majority of the misclassified dataset and is thus the most informative for improving the model and anomaly detection because of the lack of confidence for the data classification in the model. We evaluate our approach with the recent real-world network traffic data, Kyoto2006+ datasets, and show that the ambiguous dataset contains 77.2% of the previously misclassified data. Re-evaluating the ambiguous dataset effectively reduces the false prediction rate with minimal overhead and improves accuracy by 15%.

Original languageEnglish
Title of host publicationSilicon Valley Cybersecurity Conference - First Conference, SVCC 2020, Revised Selected Papers
EditorsYounghee Park, Divyesh Jadav, Thomas Austin
PublisherSpringer Science and Business Media Deutschland GmbH
Pages169-187
Number of pages19
ISBN (Print)9783030727246
DOIs
Publication statusPublished - 2021
Externally publishedYes
Event1st Silicon Valley Cybersecurity Conference, SVCC 2020 - San Jose, United States
Duration: 17 Dec 202019 Dec 2020

Publication series

NameCommunications in Computer and Information Science
Volume1383 CCIS
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

Conference1st Silicon Valley Cybersecurity Conference, SVCC 2020
Country/TerritoryUnited States
CitySan Jose
Period17/12/2019/12/20

Keywords

  • Ensemble classifiers
  • Machine learning
  • Network intrusion detection

Fingerprint

Dive into the research topics of 'Reconstructing Classification to Enhance Machine-Learning Based Network Intrusion Detection by Embracing Ambiguity'. Together they form a unique fingerprint.

Cite this