Network Security Monitoring by Combining Semi-Supervised Learning and Active Learning

Yun Pan

OAI: oai:igi-global.com:313578 • DOI: 10.4018/IJISMD.313578

In network intrusion and network security monitoring, there is massive data. When using supervised learning method directly, it will cost lots of time to collect labeled samples, which is expensive. In order to solve this issue, this paper adopts an active learning model to detect network intrusion. First, massive unlabeled samples are used to establish a weighted support vector data description model. Then, the most valuable samples are used to improve the performance of network intrusion by combining with active learning, which utilizes labeled samples and unlabeled samples to extend the weighted support data description model in a semi-supervised learning method. The experimental results show that the active learning can utilize minor labeled sample to reduce the cost of manual labeling work, which is more suitable for an actual network intrusion detection environment.

Systems & Software Design Computer Science and Information Technology Systems and Software Engineering