Proceedings Article10.1109/ICMLC.2011.6016798
The practice on using machine learning for network anomaly intrusion detection
Yu-Xin Meng
- 10 Jul 2011
- Vol. 2, pp 576-581
60
TL;DR: This paper implements and compares machine learning schemes of neural networks, SVM and decision trees in a uniform environment with the purpose of exploring the practice and issues of using these approaches in detecting abnormal behaviors and claims that the real performance of machine learning algorithms depends heavily on practical context.
read more
Abstract: Machine learning is regarded as an effective tool utilized by intrusion detection system (IDS) to detect abnormal activities from network traffic. In particular, neural networks, support vector machines (SVM) and decision trees are three significant and popular schemes borrowed from the machine learning community into intrusion detection in recent academic research. However, these machine learning schemes are rarely employed in large-scale practical settings. In this paper, we implement and compare machine learning schemes of neural networks, SVM and decision trees in a uniform environment with the purpose of exploring the practice and issues of using these approaches in detecting abnormal behaviors. With the analysis of experimental results, we claim that the real performance of machine learning algorithms depends heavily on practical context. Therefore, the machine learning approaches are supposed to be applied in an appropriate way in terms of the actual settings.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Machine Learning for Anomaly Detection: A Systematic Review
TL;DR: In this article, the authors conduct a systematic literature review (SLR) which analyzes ML models that detect anomalies in their application and identify 29 distinct ML models used in the identification of anomalies.
Performance comparison of intrusion detection systems and application of machine learning to Snort system
Syed Ali Raza Shah,Biju Issac +1 more
TL;DR: The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimised machine learning algorithms to Snort.
219
An Intrusion Detection Model based on a Convolutional Neural Network
Ji-Yeon Kim,Yulim Shin,Eunjung Choi +2 more
- 31 Dec 2019
TL;DR: This work develops an IDS model using CSE-CIC-IDS 2018, a dataset containing the most up-to-date common network attacks and develops a convolutional neural network (CNN) model that is higher than that of the RNN model when applied to the dataset.
Machine-Learning Approach to Optimize SMOTE Ratio in Class Imbalance Dataset for Intrusion Detection
Jae Hyun Seo,Yong Hyuk Kim +1 more
TL;DR: This study attempted to mitigate the class imbalance of the KDD CUP 1999 dataset by using the synthetic minority oversampling technique (SMOTE), and found that the results using the proposed method were significantly better than those of previous approach and other related work.
Effects of Machine Learning Approach in Flow-Based Anomaly Detection on Software-Defined Networking
TL;DR: Two different approaches of flow-based intrusion detection system in OpenFlow Controller are investigated and substantial experiments with comparative analysis clearly show that, deep learning would be a better choice for intrusion detection in Open Flow Controller.
References
A survey of decision tree classifier methodology
S.R. Safavian,David A. Landgrebe +1 more
- 01 Jun 1991
TL;DR: The subjects of tree structure design, feature selection at each internal node, and decision and search strategies are discussed, and the relation between decision trees and neutral networks (NN) is also discussed.
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
2.7K
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
Robin Sommer,Vern Paxson +1 more
- 16 May 2010
TL;DR: The main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively.
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory
TL;DR: The purpose of this article is to attempt to identify the shortcomings of the Lincoln Lab effort in the hope that future efforts of this kind will be placed on a sounder footing.
1.4K
Related Papers (5)
J. Mill,Atsushi Inoue +1 more
- 25 Jul 2004
Chie-Hong Lee,Yann-Yean Su,Yu-Chun Lin,Shie-Jue Lee +3 more
- 01 Sep 2017
Anish Halimaa A,K. Sundarakantham +1 more
- 23 Apr 2019