Attribute Learning for Network Intrusion Detection
This work addresses the challenge of classifying unseen attack types in network intrusion detection, which is an incremental improvement for cybersecurity applications.
The authors tackled the problem of detecting new network attacks with insufficient labeled examples by proposing a new attribute learning algorithm for Zero-Shot Learning based on decision trees, resulting in a better distribution of attribute values as shown in their experimental setup for network intrusion detection.
Network intrusion detection is one of the most visible uses for Big Data analytics. One of the main problems in this application is the constant rise of new attacks. This scenario, characterized by the fact that not enough labeled examples are available for the new classes of attacks is hardly addressed by traditional machine learning approaches. New findings on the capabilities of Zero-Shot learning (ZSL) approach makes it an interesting solution for this problem because it has the ability to classify instances of unseen classes. ZSL has inherently two stages: the attribute learning and the inference stage. In this paper we propose a new algorithm for the attribute learning stage of ZSL. The idea is to learn new values for the attributes based on decision trees (DT). Our results show that based on the rules extracted from the DT a better distribution for the attribute values can be found. We also propose an experimental setup for the evaluation of ZSL on network intrusion detection (NID).