An application of machine learning to network intrusion detection

Author

Sinclair, Chris ; Pierce, Lyn ; Matzner, Sara

Author_Institution

Appl. Res. Lab., Texas Univ., Austin, TX, USA

fYear

1999

fDate

1999

Firstpage

371

Lastpage

377

Abstract

Differentiating anomalous network activity from normal network traffic is difficult and tedious. A human analyst must search through vast amounts of data to find anomalous sequences of network connections. To support the analyst´s job, we built an application which enhances domain knowledge with machine learning techniques to create rules for an intrusion detection expert system. We employ genetic algorithms and decision trees to automatically generate rules for classifying network connections. This paper describes the machine learning methodology and the applications employing this methodology

Keywords

computer network management; decision trees; expert systems; genetic algorithms; learning (artificial intelligence); security of data; telecommunication security; anomalous network activity; anomalous network connection sequences; automatic rule generation; decision trees; domain knowledge; genetic algorithms; intrusion detection expert system; machine learning; network connection classification; network intrusion detection; Application software; Artificial intelligence; Automation; Computer networks; Data analysis; Genetics; Intrusion detection; Laboratories; Machine learning; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

Conference_Location

Phoenix, AZ

ISSN

1063-9527

Print_ISBN

0-7695-0346-2

Type

conf

DOI

10.1109/CSAC.1999.816048

Filename

816048