Machine learning based intrusion detection systems monitor network data streams for cyber attacks. Challenges in this space include detecting unknown attacks, adapting to changes the stream such as underlying behaviour, human cost of labeling retrain machine model and processing memory constraints a real-time stream. Failure manage aforementioned factors could result missed degraded performance, unnecessary expense or delayed times. This research proposes new semi-supervised anomaly method, Split Active Learning Anomaly Detector (SALAD), which combines our novel Adaptive Threshold Stochastic with Fading Factor methods. A Reconstruction Error Distance from strategy is proposed evaluated part an active framework demonstrate reduction costs. The methods are KDD Cup 1999, UNSW-NB15 sets, using scikit-multiflow framework. Results demonstrated that SALAD method offered equivalent performance full labeled alternative Naïve Bayes (NB) Hoeffiding Tree (HAT) methods, budget just 20%, significantly reducing required expertise annotate data. Processing times were be lower than NB HAT allowing greatly improved responsiveness attacks occurring real time.

Load

Load