Semi-supervised multivariate statistical network monitoring for learning security threats

Jose Camacho*, Gabriel Macia-Fernandez, Noemi Marta Fuentes-Garcia, Edoardo Saccenti

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

3 Citations (Scopus)

Abstract

This paper presents a semi-supervised approach for intrusion detection. The method extends the unsupervised multivariate statistical network monitoring approach based on the principal component analysis by introducing a supervised optimization technique to learn the optimum scaling in the input data. It inherits the advantages of the unsupervised strategy, capable of uncovering new threats, with that of supervised strategies, capable of learning the pattern of a targeted threat. The supervised learning is based on an extension of the gradient descent method based on partial least squares (PLS). Moreover, we enhance this method by using sparse PLS variants. The practical application of the system is demonstrated on a recently published real case study, showing relevant improvements in detection performance and in the interpretation of the attacks.

Original languageEnglish
Article number8628992
Pages (from-to)2179-2189
JournalIEEE Transactions on Information Forensics and Security
Volume14
Issue number8
DOIs
Publication statusPublished - 1 Aug 2019

    Fingerprint

Keywords

  • anomaly detection
  • intrusion detection
  • Multivariate statistical network monitoring
  • partial least squares regression
  • principal components analysis
  • semi-supervised learning

Cite this