Abstract
When using an intrusion detection system as protection against certain kind of attacks, the impact of classifying normal samples as attacks (False Positives) or attacks as normal traffic (False Negatives) is completely different. In order to prioritize the absence of one kind of error, we use reinforcement learning strategies which allow us to build a cost-sensitive meta-classifier. This classifier has been build using a DQN architecture over a MLP. While the DQN introduces extra effort during the training steps, it does not cause any penalty on the detection system. We show the feasibility of our approach for two different and commonly used datasets, achieving reductions up to 100% in the desired error by changing the rewarding strategies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
NSL-KDD data set for network-based intrusion detection systems, March 2009. http://nsl.cs.unb.ca/NSL-KDD/
Sengupta, N., Sen, J., Sil, J., Saha, M.: Designing of on line intrusion detection system using rough set theory and q-learning algorithm. Neurocomputing 111, 161–168 (2013)
He, H., Garcia, E.A.: Learning from imbalanced data. IEEE Trans. Knowl. Data Eng. 21(9), 1263–1284 (2009)
Kukielka, P., Kotulski, Z.: Analysis of neural networks usage for detection of a new attack in IDS. Ann. UMCS Inf. 10(1), 51–59 (2010)
Kulluk, S., Özbak, L., Tapkan, P.Z., Baykasoğlu, A.: Cost-sensitive meta-learning classifiers. Know.-Based Syst. 98(1), 148–161 (2016)
Mnih, V., et al.: Playing Atari with deep reinforcement learning. CoRR abs/1312.5602 (2013)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE Stream (2015)
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J.: Glob. Perspect. 25, 1–14 (2016)
Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. ESRSA Publications 2(12), 1848–1853 (2013)
Sheng, V.S., Ling, C.X.: Thresholding for making classifiers cost-sensitive. In: Proceedings of the 21st National Conference on Artificial Intelligence, AAAI 2006, vol. 1, pp. 476–481 (2006)
Ting, K.M.: Inducing cost-sensitive trees via instance weighting. In: Żytkow, J.M., Quafafou, M. (eds.) PKDD 1998. LNCS, vol. 1510, pp. 139–147. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0094814
Zhao, H.: Instance weighting versus threshold adjusting for cost-sensitive classification. Knowl. Inf. Syst. 15(3), 321–334 (2008)
Acknowledgements
This work was supported by the Spanish Ministry of Economy and Competitiveness under contracts TIN-2015-65277-R, AYA2015-65973-C3-3-R and RTC-2016-5434-8.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Blanco, R., Cilla, J.J., Briongos, S., Malagón, P., Moya, J.M. (2018). Applying Cost-Sensitive Classifiers with Reinforcement Learning to IDS. In: Yin, H., Camacho, D., Novais, P., Tallón-Ballesteros, A. (eds) Intelligent Data Engineering and Automated Learning – IDEAL 2018. IDEAL 2018. Lecture Notes in Computer Science(), vol 11314. Springer, Cham. https://doi.org/10.1007/978-3-030-03493-1_55
Download citation
DOI: https://doi.org/10.1007/978-3-030-03493-1_55
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03492-4
Online ISBN: 978-3-030-03493-1
eBook Packages: Computer ScienceComputer Science (R0)