Skip to main content
SpringerLink
Log in

Excess-Mass and Mass-Volume Quality Measures Susceptibility to Intrusion Detection System’s Data Dimensionality

  • Conference paper
  • First Online:
Intelligent Information and Database Systems (ACIIDS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13758))

Included in the following conference series:

  • 638 Accesses

Abstract

In spite of ever-increasing volume of network traffic, unsupervised intrusion detection methods are one of most widely researched solutions in the field of network security. One of the key challenges related to development of such solutions is the proper assessment of methods utilized in the process of anomaly detection. Real life cases show that in many situations labeled network data is not available, which effectively excludes possibility to utilized standard criteria for evaluation of anomaly detection algorithms like Receiver Operating Characteristic or Precision-Recall curves. In this paper, an alternative criteria based on Excess-Mass and Mass-Volume curves are analyzed, which can enable anomaly detection algorithms quality assessments without need for labeled datasets. This paper focuses on the assessment of effectiveness of Excess-Mass and Mass-Volume curves-based criteria in relation to intrusion detection system’s data dimensionality. The article discusses these criteria and presents the intrusion detection algorithms and datasets that will be utilized in the analysis of data dimensionality influence on their effectiveness. This discussion is followed by experimental verification of these criteria on various real-life datasets differing in dimensionality and statistical analysis of the results indicating relation between effectiveness of analyzed criteria and dimensionality of data processed in intrusion detection systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Warzyński, A., Falas, Ł., Schauer, P.: Excess-mass and mass-volume anomaly detection algorithms applicability in unsupervised intrusion detection systems. In: 2021 IEEE 30th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 131–136 (2021)

    Google Scholar 

  2. Clémençon, S., Jakubowicz, J.: Scoring anomalies: a M-estimation formulation. In: AISTATS 2013: 16th international conference on Artificial Intelligence and Statistics. Scottsdale, AZ, United States, pp. 659–667. ⟨hal-00839254⟩ (2013)

    Google Scholar 

  3. Clémençon, S., Thomas, A.: Mass volume curves and anomaly ranking. Electron. J. Statist. 12(2), 2806–2872 (2018). https://doi.org/10.1214/18-EJS1474

    Article  MathSciNet  MATH  Google Scholar 

  4. Goix, N., Sabourin, A., Clémençon, S.: On anomaly ranking and excess-mass curves. AISTATS (2015)

    Google Scholar 

  5. Goix, N.: How to evaluate the quality of unsupervised anomaly detection algorithms? ArXiv abs/1607.01152 (2016)

    Google Scholar 

  6. Breunig, M., Kriegel, H.-P., Ng, R., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of ACM SIGMOD International Conference on Management of Data, pp. 93–104 (2000)

    Google Scholar 

  7. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN’02 (Cat. No.02CH37290), pp. 1702–1707 (2002)

    Google Scholar 

  8. Liu, F.T., Ting, K.M., Zhou, Z.: Isolation forest. In: 2008 Eighth IEEE International Conference on Data Mining, pp. 413–422 (2008). https://doi.org/10.1109/ICDM.2008.17

  9. Kriegel, H.-P., et al.: Angle-based outlier detection in high-dimensional data. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 444–452. ACM (2008)

    Google Scholar 

  10. NSL-KDD: NSL-KDD data set for network-based intrusion detection systems (2009). http://iscx.cs.unb.ca/NSL-KDD/

  11. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the 2nd IEEE International Conference on Computational Intelligence for Security and Defense Applications, pp. 53–58. USA: IEEE Press (2009)

    Google Scholar 

  12. Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: UGR ‘16: A new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411–424 (2018)

    Article  Google Scholar 

  13. Nour, M., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS). IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Information and Communication Technology, Department of Computer Science and Systems Engineering, Wrocław University of Science and Technology, Wrocław, Poland

    Arkadiusz Warzyński, Łukasz Falas & Patryk Schauer

Authors
  1. Arkadiusz Warzyński
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Łukasz Falas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patryk Schauer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arkadiusz Warzyński .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Ngoc Thanh Nguyen

  2. Vietnam National University, Ho Chi Minh City, Ho Chi Minh City, Vietnam

    Tien Khoa Tran

  3. Al-Farabi Kazakh National University, Almaty, Kazakhstan

    Ualsher Tukayev

  4. National University of Kaohsiung, Kaohsiung, Taiwan

    Tzung-Pei Hong

  5. Wrocław University of Science and Technology, Wrocław, Poland

    Bogdan Trawiński

  6. University of Newcastle, Newcastle, NSW, Australia

    Edward Szczerbicki

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Warzyński, A., Falas, Ł., Schauer, P. (2022). Excess-Mass and Mass-Volume Quality Measures Susceptibility to Intrusion Detection System’s Data Dimensionality. In: Nguyen, N.T., Tran, T.K., Tukayev, U., Hong, TP., Trawiński, B., Szczerbicki, E. (eds) Intelligent Information and Database Systems. ACIIDS 2022. Lecture Notes in Computer Science(), vol 13758. Springer, Cham. https://doi.org/10.1007/978-3-031-21967-2_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-21967-2_41

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-21966-5

  • Online ISBN: 978-3-031-21967-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation