Hybrid Isolation Forest - Application to Intrusion Detection

Pierre-François Marteau 1 Saeid Soheily-Khah 1 Nicolas Béchet 1
1 EXPRESSION - Expressiveness in Human Centered Data/Media
UBS - Université de Bretagne Sud, IRISA-D6 - MEDIA ET INTERACTIONS
Abstract : From the identification of a drawback in the Isolation Forest (IF) algorithm that limits its use in the scope of anomaly detection, we propose two extensions that allow to firstly overcome the previously mention limitation and secondly to provide it with some supervised learning capability. The resulting Hybrid Isolation Forest (HIF) that we propose is first evaluated on a synthetic dataset to analyze the effect of the new meta-parameters that are introduced and verify that the addressed limitation of the IF algorithm is effectively overcame. We hen compare the two algorithms on the ISCX benchmark dataset, in the context of a network intrusion detection application. Our experiments show that HIF outperforms IF, but also challenges the 1-class and 2-classes SVM baselines with computational efficiency.
Complete list of metadatas

Cited literature [29 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01520720
Contributor : Pierre-François Marteau <>
Submitted on : Wednesday, May 10, 2017 - 6:01:28 PM
Last modification on : Friday, January 11, 2019 - 4:23:35 PM
Long-term archiving on : Friday, August 11, 2017 - 1:40:13 PM

File

hif (1).pdf
Files produced by the author(s)

Identifiers

Citation

Pierre-François Marteau, Saeid Soheily-Khah, Nicolas Béchet. Hybrid Isolation Forest - Application to Intrusion Detection. 2017. ⟨hal-01520720⟩

Share

Metrics

Record views

999

Files downloads

4657