1 / 8

Assessing Machine Learning Algorithms as Intrusion Detection Systems

Assessing Machine Learning Algorithms as Intrusion Detection Systems. Greig Hazell. Outline. Motivation Past Research Approach Early Results Going Forward Q & A. Motivation. What are Intrusion Detection Systems? IDS – Security Tool to strengthen security of communication systems.

annot
Download Presentation

Assessing Machine Learning Algorithms as Intrusion Detection Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing Machine Learning Algorithms as Intrusion Detection Systems Greig Hazell

  2. Outline • Motivation • Past Research • Approach • Early Results • Going Forward • Q & A

  3. Motivation • What are Intrusion Detection Systems? • IDS – Security Tool to strengthen security of communication systems. • Two Categories • Anomaly-Based IDS • Misuse-Based IDS • Anomaly-Based Systems • Pattern matching of known attack signatures. • High accuracy of known attacks. • Misuse-Based Systems • Profiles Normal System Behavior. • Flags Behavior which deviates from normal profile.

  4. Past Research • Focused on Classification Rate of IDS. • However Network-IDS also require: • High throughput • Low Resource Utilization

  5. Approach • Utilize Several Machine Learning Algorithms: • KNN, MLP, RBF • Dataset • KDD 99 Data Cup (10%) • [http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html] • 41 Features • 21 Attack Types in Training Data • Testing Data Included new attacks not present in training data. • Pre-processing of data to an input compatible with MLAs. • Approx.: 400K Training Records, 300K Testing

  6. Early Results • MLP • Layers: 41-25-2, Epochs: 30 • Classification Accuracy on Test Data • Throughput • Total Time: 52 s • 0.17 ms / classification • approx.: 6000 classifications / s

  7. Going Forward • Determine throughput and resource usage • Pre-processing & Normalization of data • PCA • 0 Mean & Unit Variance. • Compare Results to Anomaly-Based Systems.

  8. Questions?

More Related