Machine Learning Techniques for Network Intrusion Detection

Tran, TP; Tsai, PC; Jan, T; He, S

Machine Learning Techniques for Network Intrusion Detection

Tran, TP Tsai, PC Jan, T He, S

Permalink

Publisher:: IGI Global
Publication Type:: Chapter
Citation:: Dynamic and Advanced Data Mining for Progressing Technological Development, 2010, 1, pp. 273 - 299
Issue Date:: 2010-01

Closed Access

	Filename	Description	Size
	2009001945OK.pdf		607.13 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Tran, TP	en_US
dc.contributor.author	Tsai, PC	en_US
dc.contributor.author	Jan, T	en_US
dc.contributor.author	He, S https://orcid.org/0000-0001-8962-540X	en_US
dc.contributor.editor	Shawkat Ali, ABM	en_US
dc.contributor.editor	Xiang, Y	en_US
dc.date.issued	2010-01	en_US
dc.identifier.citation	Dynamic and Advanced Data Mining for Progressing Technological Development, 2010, 1, pp. 273 - 299	en_US
dc.identifier.isbn	978-1-60566-908-3	en_US
dc.identifier.uri	http://hdl.handle.net/10453/11644
dc.description.abstract	Most of the currently available network security techniques are not able to cope with the dynamic and increasingly complex nature of cyber attacks on distributed computer systems. Therefore, an automated and adaptive defensive tool is imperative for computer networks. Alongside the existing prevention techniques such as encryption and firewalls, Intrusion Detection System (IDS) has established itself as an emerging technology that is able to detect unauthorized access and abuse of computer systems by both internal users and external offenders. Most of the novel approaches in this field have adopted Artificial Intelligence (AI) technologies such as Artificial Neural Networks (ANN) to improve performance as well as robustness of IDS. The true power and advantages of ANN lie in its ability to represent both linear and non-linear relationships and learn these relationships directly from the data being modeled. However, ANN is computationally expensive due to its demanding processing power and this leads to overfitting problem, i.e. the network is unable to extrapolate accurately once the input is outside of the training data range. These limitations challenge IDS with low detection rate, high false alarm rate and excessive computation cost. This chapter proposes a novel Machine Learning (ML) algorithm to alleviate those difficulties of existing AI techniques in the area of computer network security. The Intrusion Detection dataset provided by Knowledge Discovery and Data Mining (KDD-99) is used as a benchmark to compare our model with other existing techniques. Extensive empirical analysis suggests that the proposed method outperforms other state-of-the-art learning algorithms in terms of learning bias, generalization variance and computational cost. It is also reported to significantly improve the overall detection capability for difficult-to-detect novel attacks which are unseen or irregularly occur in the training phase.	en_US
dc.publisher	IGI Global	en_US
dc.relation.ispartof	Dynamic and Advanced Data Mining for Progressing Technological Development	en_US
dc.title	Machine Learning Techniques for Network Intrusion Detection	en_US
dc.type	Chapter
utslib.location	New York, USA	en_US
utslib.for	080106 Image Processing	en_US
utslib.for	080104 Computer Vision	en_US
utslib.for	080109 Pattern Recognition and Data Mining	en_US
utslib.citation.edition	1	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Systems, Management and Leadership
pubs.organisational-group	/University of Technology Sydney/Strength - CRIN - Realtime Information Networks
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
utslib.copyright.status	closed_access
pubs.consider-herdc	true	en_US
pubs.edition	1	en_US
pubs.place-of-publication	New York, USA	en_US

Abstract:

Most of the currently available network security techniques are not able to cope with the dynamic and increasingly complex nature of cyber attacks on distributed computer systems. Therefore, an automated and adaptive defensive tool is imperative for computer networks. Alongside the existing prevention techniques such as encryption and firewalls, Intrusion Detection System (IDS) has established itself as an emerging technology that is able to detect unauthorized access and abuse of computer systems by both internal users and external offenders. Most of the novel approaches in this field have adopted Artificial Intelligence (AI) technologies such as Artificial Neural Networks (ANN) to improve performance as well as robustness of IDS. The true power and advantages of ANN lie in its ability to represent both linear and non-linear relationships and learn these relationships directly from the data being modeled. However, ANN is computationally expensive due to its demanding processing power and this leads to overfitting problem, i.e. the network is unable to extrapolate accurately once the input is outside of the training data range. These limitations challenge IDS with low detection rate, high false alarm rate and excessive computation cost. This chapter proposes a novel Machine Learning (ML) algorithm to alleviate those difficulties of existing AI techniques in the area of computer network security. The Intrusion Detection dataset provided by Knowledge Discovery and Data Mining (KDD-99) is used as a benchmark to compare our model with other existing techniques. Extensive empirical analysis suggests that the proposed method outperforms other state-of-the-art learning algorithms in terms of learning bias, generalization variance and computational cost. It is also reported to significantly improve the overall detection capability for difficult-to-detect novel attacks which are unseen or irregularly occur in the training phase.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/11644