assessing machine learning algorithms as intrusion detection systems
Post on 23-Feb-2016
45 Views
Preview:
DESCRIPTION
TRANSCRIPT
Assessing Machine Learning Algorithms as Intrusion
Detection Systems
Greig Hazell
OutlineMotivationPast ResearchApproachEarly ResultsGoing ForwardQ & A
Motivation What are Intrusion Detection Systems?
IDS – Security Tool to strengthen security of communication systems.
Two Categories Anomaly-Based IDS Misuse-Based IDS
Anomaly-Based Systems Pattern matching of known attack signatures. High accuracy of known attacks.
Misuse-Based Systems Profiles Normal System Behavior. Flags Behavior which deviates from normal profile.
Past ResearchFocused on Classification Rate of IDS.
However Network-IDS also require:High throughputLow Resource Utilization
True FalsePositive High LowNegative High Low
ApproachUtilize Several Machine Learning Algorithms:
KNN, MLP, RBFDataset
KDD 99 Data Cup (10%) [http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html]
41 Features 21 Attack Types in Training Data Testing Data Included new attacks not present in training
data. Pre-processing of data to an input compatible with MLAs. Approx.: 400K Training Records, 300K Testing
Early ResultsMLP
Layers: 41-25-2, Epochs: 30Classification Accuracy on Test Data
ThroughputTotal Time: 52 s 0.17 ms / classification approx.: 6000 classifications / s
Class Normal Abnormal Error RateNormal 56803 3790 6.25%Abnormal 16984 233452 6.78%
Going ForwardDetermine throughput and resource usagePre-processing & Normalization of data
PCA0 Mean & Unit Variance.
Compare Results to Anomaly-Based Systems.
Questions?
top related