Adaptive Intrusion Detection - Using Machine Learning in the Context of Intrusion Detection Systems
Abstract
-This report covers an initial foray in applying a number of machine learn-ing algorithms to the problem of classifying labeled network traffic flows inthe ISCX IDS data set. The ISCX data set was developed by the Informa-tion Security Centre of Excellence at the University of New Brunswick andprovides a large set of labeled traffic flows suitable for testing a numberof detection techniques. A number of limitations should be noted in com-parison to algorithms tested on the more common KDD99 data set. TheISCX IDS data set includes only a single attack classification, in contrastto the four attacks found in KDD99 data, and the number and distri-bution of attacks is significantly different. Previous work has focused onmore formally structured machine learning techniques such as regressionanalysis, clustering, and support vector machines. This work focuses oncomparing artificial neural networks against random forest ensembles andsupport vector machines, as well as stateful vs stateless neural networks.Random forest ensembles were found to be the most accurate throughmost of the ISCX IDS data set, and were quick to train. Stateful recur-rent neural networks did not outperformed stateless networks, though thedifference in accuracy between the two was less than that between therecurrent network and the random forest ensemble.