Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Learning Intrusion Detection: Supervised or Unsupervised?

: Laskov, P.; Düssel, P.; Schäfer, C.; Rieck, K.


Roli, F.:
Image analysis and processing - ICIAP 2005. 13th international conference : Cagliari, Italy, September 6-8, 2005; Proceedings
Berlin: Springer, 2005 (Lecture Notes in Computer Science 3617)
ISBN: 3-540-28869-4
International Conference on Image Analysis and Processing (ICIAP) <13, 2005, Cagliari>
Conference Paper
Fraunhofer FIRST ()

Application and development of specialized machine learning techniques is gaining increasing attention in the intrusion detection community. A variety of learning techniques proposed for different intrusion detection problems can be roughly classified into two broad categories: supervised (classification) and unsupervised (anomaly detection and clustering). In this contribution we develop an experimental framework for comparative analysis of both kinds of learning techniques. In our framework we cast unsupervised techniques into a special case of classification, for which training and model selection can be performed by means of ROC analysis. We then investigate both kinds of learning techniques with respect to their detection accuracy and ability to detect unknown attacks.