Evaluation of machine learning techniques for network intrusion detection

• Published in: NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium pp. 1 - 5
• Main Authors: Zaman, Marzia, Lung, Chung-Horng
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.04.2018
• Subjects: Anomaly detection; Clustering algorithms; Entropy; Intrusion detection; Intrusion Detection System; Machine learning; Measurement; Network Security; Support vector machines
• ISSN: 2374-9709
• DOI: 10.1109/NOMS.2018.8406212

Network traffic anomaly may indicate a possible intrusion in the network and therefore anomaly detection is important to detect and prevent the security attacks. The early research work in this area and commercially available Intrusion Detection Systems (IDS) are mostly signature-based. The problem of signature based method is that the database signature needs to be updated as new attack signatures become available and therefore it is not suitable for the real-time network anomaly detection. The recent trend in anomaly detection is based on machine learning classification techniques. We apply seven different machine learning techniques with information entropy calculation to Kyoto 2006+ data set and evaluate the performance of these techniques. Our findings show that, for this particular data set, most machine learning techniques provide higher than 90% precision, recall and accuracy. However, using area under the Receiver Operating Curve (ROC) metric, we find that Radial Basis Function (RBF) performs the best among the seven algorithms studied in this work.