Jove
Visualize
Contact Us

Related Experiment Videos

EM-AUC: A Novel Algorithm for Evaluating Anomaly Based Network Intrusion Detection Systems.

Kevin Z Bai1, John M Fossaceca2

  • 1Independent Researcher, Westwood, MA 02090, USA.

Sensors (Basel, Switzerland)
|January 11, 2025
PubMed
Summary
This summary is machine-generated.

Related Concept Videos

Receiver Operating Characteristic Plot01:15

Receiver Operating Characteristic Plot

74
A ROC (Receiver Operating Characteristic) plot is a graphical tool used to assess the performance of a binary classification model by illustrating the trade-off between sensitivity (true positive rate) and specificity (false positive rate). By plotting sensitivity against 1 - specificity across various threshold settings, the ROC curve shows how well the model distinguishes between classes, with a curve closer to the top-left corner indicating a more accurate model. The area under the ROC curve...
74
McNemar's Test01:23

McNemar's Test

141
McNemar's Test is a nonparametric statistical test used to determine if there is a significant difference in proportions between two related groups when the outcome is binary (e.g., yes/no, success/failure). It is beneficial when we have paired data, such as pre-test/post-test designs, where the same subjects are measured under two different conditions. The test is named after the statistician Quinn McNemar, who introduced it in 1947. It is commonly used in situations where subjects are...
141

You might also read

Related Articles

Articles linked to this work by shared authors, journal, and citation graph.

Sort by
Same journal

RETRACTED: Zhang et al. A Novel Framework for Reconstruction and Imaging of Target Scattering Centers via Wide-Angle Incidence in Radar Networks. <i>Sensors</i> 2025, <i>25</i>, 6802.

Sensors (Basel, Switzerland)·2026
Same journal

Enhancing Unsupervised Multi-Source Domain Adaptation for Person Re-Identification via Mixture of Experts and Graph-Based Relation.

Sensors (Basel, Switzerland)·2026
Same journal

Development of an Instrumented Glove for Palmar Pressure Assessment in Kayakers.

Sensors (Basel, Switzerland)·2026
Same journal

Development and Experimental Validation of an Autonomous IoT-Based Monitoring System for Real-Time Water Quality Assessment in the Amazon River.

Sensors (Basel, Switzerland)·2026
Same journal

Semi-Supervised Adversarial Learning Framework for Controller Area Network Bus Intrusion Detection.

Sensors (Basel, Switzerland)·2026
Same journal

Smart Optimization Method for Safety Signs in Innovative Manufacturing Environments Integrating Industrial Field IoT Sensors and Knowledge Graphs.

Sensors (Basel, Switzerland)·2026
See all related articles
JoVE
x logofacebook logolinkedin logoyoutube logo
ABOUT JoVE
OverviewLeadershipBlogJoVE Help Center
AUTHORS
Publishing ProcessEditorial BoardScope & PoliciesPeer ReviewFAQSubmit
LIBRARIANS
TestimonialsSubscriptionsAccessResourcesLibrary Advisory BoardFAQ
RESEARCH
JoVE JournalMethods CollectionsJoVE Encyclopedia of ExperimentsArchive
EDUCATION
JoVE CoreJoVE BusinessJoVE Science EducationJoVE Lab ManualFaculty Resource CenterFaculty Site
Terms & Conditions of Use
Privacy Policy
Policies

This study introduces a new algorithm for evaluating network intrusion detection models without needing labeled data. The Expectation Maximization-Area Under the Curve (EM-AUC) method enables robust performance metric calculation, improving model selection for cybersecurity.

Area of Science:

  • Cybersecurity
  • Machine Learning
  • Data Science

Background:

  • Effective network intrusion detection relies on unsupervised machine learning models, but evaluating their performance typically requires labeled data.
  • Real-world network datasets are massive and often lack labels, making traditional performance metric calculation infeasible.
  • There is a need for algorithms that can assess model performance without relying on ground truth labels.

Purpose of the Study:

  • To propose a novel algorithm, Expectation Maximization-Area Under the Curve (EM-AUC), for deriving performance metrics without labels.
  • To enable the calculation of Area Under the ROC Curve (AUC-ROC) and Area Under the Precision-Recall Curve (AUC-PR) in label-scarce environments.
  • To facilitate cost-effective and scalable model selection for network intrusion detection systems.
Keywords:
Area Under the Precision-Recall CurveArea Under the Roc CurveEM-AUC algorithmmissing data inferencenetwork intrusion detectionunsupervised machine learning models

Related Experiment Videos

Main Methods:

  • Developed the Expectation Maximization-Area Under the Curve (EM-AUC) algorithm.
  • Treated unavailable labels as missing data and imputed them using posterior probabilities.
  • Applied the EM-AUC algorithm to two network intrusion datasets for evaluation.

Main Results:

  • Successfully derived AUC-ROC and AUC-PR metrics without requiring labeled data.
  • Demonstrated robust performance evaluation capabilities of the EM-AUC algorithm on network intrusion datasets.
  • Achieved performance metric calculation for unsupervised models in the absence of labels.

Conclusions:

  • The EM-AUC algorithm provides a novel solution for evaluating network intrusion detection systems when labels are unavailable.
  • This method allows for model training, testing, and performance evaluation without comprehensive labels, enhancing scalability and cost-effectiveness.
  • This represents a significant advancement in evaluating unsupervised anomaly detection models for cybersecurity applications.