Showing papers by "Pavel Laskov published in 2005"
06 Sep 2005
TL;DR: This contribution develops an experimental framework for comparative analysis of unsupervised techniques into a special case of classification, for which training and model selection can be performed by means of ROC analysis.
Abstract: Application and development of specialized machine learning techniques is gaining increasing attention in the intrusion detection community. A variety of learning techniques proposed for different intrusion detection problems can be roughly classified into two broad categories: supervised (classification) and unsupervised (anomaly detection and clustering). In this contribution we develop an experimental framework for comparative analysis of both kinds of learning techniques. In our framework we cast unsupervised techniques into a special case of classification, for which training and model selection can be performed by means of ROC analysis. We then investigate both kinds of learning techniques with respect to their detection accuracy and ability to detect unknown attacks.
234 citations
01 Jan 2005
TL;DR: A novel method for visualization of anomaly detection and feature selection, based on prediction sensitivity, is proposed that allows an expert to discover informative features for separation of normal and attack instances.
Abstract: Visualization of learning-based intrusion detection methods is a challenging problem. In this paper we propose a novel method for visualization of anomaly detection and feature selection, based on prediction sensitivity. The method allows an expert to discover informative features for separation of normal and attack instances. Experiments performed on the KDD Cup dataset show that explanations provided by prediction sensitivity reveal the nature of attacks. Application of prediction sensitivity for feature selection yields a major improvement of detection accuracy.
39 citations