Towards reducing human effort in network intrusion detection

Machine learning have been one of the most considered techniques for achieving automatic intrusion detection. Despite many of these machine learning approaches have achieved the goal of getting high accuracy levels in a more automatic way, the fact is that only a few of them have actually been deployed on real life scenarios. This could be explained if we take into consideration that some of the assumptions in which these techniques rely on, do not easily hold. Moreover, ensuring such assumptions demands a lot of work from security experts which is precisely what they wanted to avoid. It seems that most of current intrusion detection approaches have focused on obtaining high detection accuracy leaving aside the goal of reducing human interaction during intrusion detection process. In this work we propose a prototype for a Network Intrusion Detection System (NIDS) based on machine learning techniques. In opposition to other approaches, we focused on reducing the human effort in the generation of network traffic model and further adjustments, while keeping accuracy within acceptable levels. Prototype relays on a hybrid detection and evolutionary summarizing schemes The viability of the two schemes has been confirmed trough experiments considering different attack distributions and types.