Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Juvonen, A., & Sipola, T. (2013). Combining conjunctive rule extraction with diffusion maps for network intrusion detection. In The Eighteenth IEEE Symposium on Computers and Communications (pp. 411-416). Piscataway: IEEE. doi:10.1109/ISCC.2013.6754981
Date
2013Discipline
TietotekniikkaCopyright
© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses. This is the authors’ postprint version of the article. The original print version
appeared as: A. Juvonen and T. Sipola, “Combining conjunctive rule extraction
with diffusion maps for network intrusion detection,” in In The Eighteenth
IEEE Symposium on Computers and Communications (ISCC 2013). IEEE
2013.
Network security and intrusion detection are important
in the modern world where communication happens
via information networks. Traditional signature-based intrusion
detection methods cannot find previously unknown attacks. On
the other hand, algorithms used for anomaly detection often
have black box qualities that are difficult to understand for
people who are not algorithm experts. Rule extraction methods
create interpretable rule sets that act as classifiers. They have
mostly been combined with already labeled data sets. This
paper aims to combine unsupervised anomaly detection with
rule extraction techniques to create an online anomaly detection
framework. Unsupervised anomaly detection uses diffusion maps
and clustering for labeling an unknown data set. Rule sets are
created using conjunctive rule extraction algorithm. This research
suggests that the combination of machine learning methods and
rule extraction is a feasible way to implement network intrusion
detec
...
