Active Learning for Intrusion Detection Systems

Intrusion Detection Systems (IDSs) play a vital role in the modern cyber-security system. The main task of an IDS is to distinguish between benign and malicious network flows. Hence, the researchers and practitioners usually utilize the power of machine learning techniques by considering an IDS as a binary-classifier. Recent research works demonstrate that an ensemble learning algorithm like xgboost can achieve almost perfect classification in the offline configuration. On the other hand, the performance of a simple and lightweight classification algorithm like Naive Bayes can be improved significantly if we can select a proper sub-training set. In this paper, we discuss the usage of active learning in online configuration to reduce the labeling cost but maintaining the classification performance. We evaluate our approach using the popular real-world datasets and showed that our approach outperformed state-of-the-art results.