Abstract
In spite of ever-increasing volume of network traffic, unsupervised intrusion detection methods are one of most widely researched solutions in the field of network security. One of the key challenges related to development of such solutions is the proper assessment of methods utilized in the process of anomaly detection. Real life cases show that in many situations labeled network data is not available, which effectively excludes possibility to utilized standard criteria for evaluation of anomaly detection algorithms like Receiver Operating Characteristic or Precision-Recall curves. In this paper, an alternative criteria based on Excess-Mass and Mass-Volume curves are analyzed, which can enable anomaly detection algorithms quality assessments without need for labeled datasets. This paper focuses on the assessment of effectiveness of Excess-Mass and Mass-Volume curves-based criteria in relation to intrusion detection system’s data dimensionality. The article discusses these criteria and presents the intrusion detection algorithms and datasets that will be utilized in the analysis of data dimensionality influence on their effectiveness. This discussion is followed by experimental verification of these criteria on various real-life datasets differing in dimensionality and statistical analysis of the results indicating relation between effectiveness of analyzed criteria and dimensionality of data processed in intrusion detection systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Warzyński, A., Falas, Ł., Schauer, P.: Excess-mass and mass-volume anomaly detection algorithms applicability in unsupervised intrusion detection systems. In: 2021 IEEE 30th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 131–136 (2021)
Clémençon, S., Jakubowicz, J.: Scoring anomalies: a M-estimation formulation. In: AISTATS 2013: 16th international conference on Artificial Intelligence and Statistics. Scottsdale, AZ, United States, pp. 659–667. ⟨hal-00839254⟩ (2013)
Clémençon, S., Thomas, A.: Mass volume curves and anomaly ranking. Electron. J. Statist. 12(2), 2806–2872 (2018). https://doi.org/10.1214/18-EJS1474
Goix, N., Sabourin, A., Clémençon, S.: On anomaly ranking and excess-mass curves. AISTATS (2015)
Goix, N.: How to evaluate the quality of unsupervised anomaly detection algorithms? ArXiv abs/1607.01152 (2016)
Breunig, M., Kriegel, H.-P., Ng, R., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of ACM SIGMOD International Conference on Management of Data, pp. 93–104 (2000)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN’02 (Cat. No.02CH37290), pp. 1702–1707 (2002)
Liu, F.T., Ting, K.M., Zhou, Z.: Isolation forest. In: 2008 Eighth IEEE International Conference on Data Mining, pp. 413–422 (2008). https://doi.org/10.1109/ICDM.2008.17
Kriegel, H.-P., et al.: Angle-based outlier detection in high-dimensional data. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 444–452. ACM (2008)
NSL-KDD: NSL-KDD data set for network-based intrusion detection systems (2009). http://iscx.cs.unb.ca/NSL-KDD/
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the 2nd IEEE International Conference on Computational Intelligence for Security and Defense Applications, pp. 53–58. USA: IEEE Press (2009)
Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: UGR ‘16: A new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411–424 (2018)
Nour, M., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS). IEEE (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Warzyński, A., Falas, Ł., Schauer, P. (2022). Excess-Mass and Mass-Volume Quality Measures Susceptibility to Intrusion Detection System’s Data Dimensionality. In: Nguyen, N.T., Tran, T.K., Tukayev, U., Hong, TP., Trawiński, B., Szczerbicki, E. (eds) Intelligent Information and Database Systems. ACIIDS 2022. Lecture Notes in Computer Science(), vol 13758. Springer, Cham. https://doi.org/10.1007/978-3-031-21967-2_41
Download citation
DOI: https://doi.org/10.1007/978-3-031-21967-2_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21966-5
Online ISBN: 978-3-031-21967-2
eBook Packages: Computer ScienceComputer Science (R0)