Decomposing Training Data to Improve Network Intrusion Detection Performance

Roberto Saia; Alessandro Sebastian Podda; Gianni Fenu; Riccardo Balia

doi:10.5220/0010661400003064

Decomposing Training Data to Improve Network Intrusion Detection Performance

Roberto Saia, Alessandro Sebastian Podda, Gianni Fenu, Riccardo Balia

2021

Abstract

Anyone working in the field of network intrusion detection has been able to observe how it involves an ever- increasing number of techniques and strategies aimed to overcome the issues that affect the state-of-the-art solutions. Data unbalance and heterogeneity are only some representative examples of them, and each misclassification made in this context could have enormous repercussions in different crucial areas such as, for instance, financial, privacy, and public reputation. This happens because the current scenario is characterized by a huge number of public and private network-based services. The idea behind the proposed work is decomposing the canonical classification process into several sub-processes, where the final classification depends on all the sub-processes results, plus the canonical one. The proposed Training Data Decomposition (TDD) strategy is applied on the training datasets, where it applies a decomposition into regions, according to a defined number of events and features. The reason that leads this process is related to the observation that the same network event could be evaluated in a different manner, when it is evaluated in different time periods and/or when it involves different features. According to this observation, the proposed approach adopts different classification models, each of them trained in a different data region characterized by different time periods and features, classifying the event both on the basis of all model results, and on the basis of the canonical strategy that involves all data.

Download

Paper Citation

in Harvard Style

Saia R., Podda A., Fenu G. and Balia R. (2021). Decomposing Training Data to Improve Network Intrusion Detection Performance. In Proceedings of the 13th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management (IC3K 2021) - Volume 1: KDIR; ISBN 978-989-758-533-3, SciTePress, pages 241-248. DOI: 10.5220/0010661400003064

in Bibtex Style

@conference{kdir21,
author={Roberto Saia and Alessandro Sebastian Podda and Gianni Fenu and Riccardo Balia},
title={Decomposing Training Data to Improve Network Intrusion Detection Performance},
booktitle={Proceedings of the 13th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management (IC3K 2021) - Volume 1: KDIR},
year={2021},
pages={241-248},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010661400003064},
isbn={978-989-758-533-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 13th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management (IC3K 2021) - Volume 1: KDIR
TI - Decomposing Training Data to Improve Network Intrusion Detection Performance
SN - 978-989-758-533-3
AU - Saia R.
AU - Podda A.
AU - Fenu G.
AU - Balia R.
PY - 2021
SP - 241
EP - 248
DO - 10.5220/0010661400003064
PB - SciTePress