ALADIN: Active Learning for Statistical Intrusion Detection

Jack W. Stokes; John C. Platt; Joseph Kravis; Michael Shilman

ALADIN: Active Learning for Statistical Intrusion Detection

Jack W. Stokes ,
John C. Platt ,
Joseph Kravis ,
Michael Shilman

Neural Information Processing Systems Workshop on Machine Learning in Adversarial Environments for Computer Security | December 2007

Organized by Neural Information Processing Systems

Related File | Related File

Download BibTex

To create host-based or network-based intrusion detection systems, we propose ALADIN which stands for “Active Learning of Anomalies to Detect INtrusions”. ALADIN uses active learning combined with rare class discovery and uncertainty identification to statistically train an intrusion detection or prevention system (IDS/IPS). Active learning selects “interesting traffic” to be shown to a security expert for labeling to substantially reduce the number of labels required from an expert to reach an acceptable level of accuracy and coverage.