Intrusion Detection in Computer Networks based on Machine Learning Algorithms
Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements; they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, machine learning-based intrusion detection systems have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. This work aims to compare efficiency of machine learning methods in intrusion detection system, including artificial neural networks and support vector machine, with the hope of providing reference for establishing intrusion detection system in future. Compared with other related works in machine learning-based intrusion detectors, we propose to calculate the mean value via sampling different ratios of normal data for each measurement, which lead us to reach a better accuracy rate for observation data in real world. We compare the accuracy, detection rate, false alarm rate for 4 attack types. The extensive experimental results on the KDD-cup intrusion detection benchmark dataset demonstrate that the proposed approach produces higher performance than KDD Winner, especially for U2R and U2L type attacks.
Information held by IT products or systems is a critical resource that enables organizations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorized modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of these and similar hazards. It is very important that the security mechanisms of a system are designed to prevent unauthorized access to system resources and data. However, completely preventing breaches of security appear, at present, unrealistic. However, we can try to detect these intrusion attempts so that action may be taken to repair the damage now or later. This field of research is called Intrusion Detection. The goal of an Intrusion Detection System (IDS) is to identify occurrences of security breaches capable of compromising the integrity of resources or services. File integrity analyzers are a class of related tools that automatically verify the content of security-critical files. Frequently referred to as tripwires, they attempt to detect if files have been modified in unauthorized ways. Once suspicious modifications are detected by triggering the tripwire, the analyzer may alert a security administrator or invoke some type of automated response. Alternatively, file analyzers can provide guidance for damage control, such as identifying the modified files needing to be restored or hooks installed by the attacker to facilitate subsequent access . While introducing the concept of intrusion detection in 1980, we defined an intrusion attempt or a threat to be the potential of a deliberate unauthorized attempt to: access information, manipulate information, or render a system unreliable or unusable. There are two ways to handle subversion attempts. One way is to prevent subversion itself by building a completely secure system . Network administrator could, for example, require all users to identify and authenticate themselves; administrator could protect data by various cryptographic methods and very tight access