A semi-supervised learning model for intrusion detection

The Internet, e-commerce and telecommunication networks have become a driving force for modern economic growth and development throughout the world. They have also made the underlying network infrastructure the backbone of contemporary life, which enables us to connect to global flows of information, people and goods. Unfortunately, hostile attacks on various network infrastructures by malicious predators have grown significantly over recent years. In this paper, we propose a semi-supervised learning approach, STBoost, which is based on a self-training process and the standard boosting algorithm, for network intrusion detection. The approach has its unique features and can be used with a small set of labeled training data to build up initial models of normal and anomalous network activity behaviors, and then it employs additional unlabeled audit data to further refine the behavior models. We have conducted a number of experiments with the approach on the KDD Cup 99 data set and also compared it with another fuzziness based semi-supervised algorithm and several widely used supervised learning approaches. The experimental results have shown that the proposed semi-supervised approach represents a viable and competitive technique for detecting potential network intrusions.