Title :
The practice on using machine learning for network anomaly intrusion detection
Author_Institution :
Dept. of Comput. Sci., City Univ. of Hong Kong, Kowloon, China
Abstract :
Machine learning is regarded as an effective tool utilized by intrusion detection system (IDS) to detect abnormal activities from network traffic. In particular, neural networks, support vector machines (SVM) and decision trees are three significant and popular schemes borrowed from the machine learning community into intrusion detection in recent academic research. However, these machine learning schemes are rarely employed in large-scale practical settings. In this paper, we implement and compare machine learning schemes of neural networks, SVM and decision trees in a uniform environment with the purpose of exploring the practice and issues of using these approaches in detecting abnormal behaviors. With the analysis of experimental results, we claim that the real performance of machine learning algorithms depends heavily on practical context. Therefore, the machine learning approaches are supposed to be applied in an appropriate way in terms of the actual settings.
Keywords :
computer network security; decision trees; learning (artificial intelligence); neural nets; SVM; decision trees; intrusion detection system; machine learning; network anomaly intrusion detection; network traffic; neural networks; support vector machines; Accuracy; Classification algorithms; Decision trees; Intrusion detection; Machine learning; Support vector machines; Training; Decision tree; Intrusion detection; Machine learning; Neural network; Support vector machine;
Conference_Titel :
Machine Learning and Cybernetics (ICMLC), 2011 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-4577-0305-8
DOI :
10.1109/ICMLC.2011.6016798
