ILAB : an Interractive Labelling Strategy for Intrusion Detection

Acquiring a representative labelled dataset is a hurdle that has to be overcome to learn a supervised detection model. Labelling a dataset is particularly expensive in computer security as expert knowledge is required to perform the annotations.

In this paper, we introduce ILAB, a novel interactive labelling strategy that helps experts label large datasets for intrusion detection with a reduced workload. First, we compare ILAB with two state-of-the-art labelling strategies on public labelled datasets and demonstrate it is both an effective and a scalable solution. Second, we show ILAB is workable with a real-world annotation project carried out on a large unlabelled NetFlow dataset originating from a production environment.

We provide an open source implementation ( to allow security experts to label their own datasets and researchers to compare labelling strategies.


  • pdf

    ILAB: An Interactive Labelling Strategy for Intrusion Detection

    440.61 Ko