Adaptive Intrusion Detection - Using Machine Learning in the Context of Intrusion Detection Systems

Abstract

-This report covers an initial foray in applying a number of machine learn- ing algorithms to the problem of classifying labeled network traffic flows in the ISCX IDS data set. The ISCX data set was developed by the Informa- tion Security Centre of Excellence at the University of New Brunswick and provides a large set of labeled traffic flows suitable for testing a number of detection techniques. A number of limitations should be noted in com- parison to algorithms tested on the more common KDD99 data set. The ISCX IDS data set includes only a single attack classification, in contrast to the four attacks found in KDD99 data, and the number and distri- bution of attacks is significantly different. Previous work has focused on more formally structured machine learning techniques such as regression analysis, clustering, and support vector machines. This work focuses on comparing artificial neural networks against random forest ensembles and support vector machines, as well as stateful vs stateless neural networks. Random forest ensembles were found to be the most accurate through most of the ISCX IDS data set, and were quick to train. Stateful recur- rent neural networks did not outperformed stateless networks, though the difference in accuracy between the two was less than that between the recurrent network and the random forest ensemble.