Semi-supervised Multivariate Statistical Network Monitoring for Learning Security Threats
Metadata
Show full item recordMateria
Multivariate Statistical Network Monitoring Anomaly Detection Intrusion Detection Semi-supervised learning Partial Least Squares regression Principal components analysis
Date
2019-01Referencia bibliográfica
J. Camacho, G. Maciá-Fernández, N. M. Fuentes-García and E. Saccenti, "Semi-supervised Multivariate Statistical Network Monitoring for Learning Security Threats," in IEEE Transactions on Information Forensics and Security. doi: 10.1109/TIFS.2019.2894358
Abstract
This paper presents a semi-supervised approach
for intrusion detection. The method extends the unsupervised
Multivariate Statistical Network Monitoring approach based
on Principal Component Analysis by introducing a supervised
optimization technique to learn the optimum scaling in the input
data. It inherits the advantages of the unsupervised strategy,
capable of uncovering new threats, with that of supervised
strategies, able of learning the pattern of a targeted threat. The
supervised learning is based on an extension of the gradient
descent method based on Partial Least Squares (PLS). Moreover,
we enhance this method by using sparse PLS variants. The
practical application of the system is demonstrated on a recently
published real case study, showing relevant improvements in
detection performance and in the interpretation of the attacks.