The practice on using machine learning for network anomaly intrusion detection

Author

Meng, Yu-xin

Author_Institution

Dept. of Comput. Sci., City Univ. of Hong Kong, Kowloon, China

Volume

2

fYear

2011

fDate

10-13 July 2011

Firstpage

576

Lastpage

581

Abstract

Machine learning is regarded as an effective tool utilized by intrusion detection system (IDS) to detect abnormal activities from network traffic. In particular, neural networks, support vector machines (SVM) and decision trees are three significant and popular schemes borrowed from the machine learning community into intrusion detection in recent academic research. However, these machine learning schemes are rarely employed in large-scale practical settings. In this paper, we implement and compare machine learning schemes of neural networks, SVM and decision trees in a uniform environment with the purpose of exploring the practice and issues of using these approaches in detecting abnormal behaviors. With the analysis of experimental results, we claim that the real performance of machine learning algorithms depends heavily on practical context. Therefore, the machine learning approaches are supposed to be applied in an appropriate way in terms of the actual settings.

Keywords

computer network security; decision trees; learning (artificial intelligence); neural nets; SVM; decision trees; intrusion detection system; machine learning; network anomaly intrusion detection; network traffic; neural networks; support vector machines; Accuracy; Classification algorithms; Decision trees; Intrusion detection; Machine learning; Support vector machines; Training; Decision tree; Intrusion detection; Machine learning; Neural network; Support vector machine;

fLanguage

English

Publisher

ieee

Conference_Titel

Machine Learning and Cybernetics (ICMLC), 2011 International Conference on

Conference_Location

Guilin

ISSN

2160-133X

Print_ISBN

978-1-4577-0305-8

Type

conf

DOI

10.1109/ICMLC.2011.6016798

Filename

6016798