Network Intrusion Detection Using Machine Learning Techniques

Network traffic anomaly indicates a possible intrusion in the network and therefore anomaly detection is important to detect and prevent the security attacks. The early research works in this area and commercially available in Intrusion Detection Systems (IDS) they are mostly signature-based. The problem of signature based method is that the database signature needs to be updated as new attack signatures become available and therefore it is not suitable for the real-time network anomaly detection. The recent trend in anomaly detection is based on machine learning classification techniques. We apply seven different machine learning techniques with information entropy calculation to Kyoto 2006+ data set and evaluate the performance of these techniques. Our findings show that, for this particular data set, most machine learning techniques provide higher than 90 % precision, recall and accuracy. However, using area under the Receiver Operating Curve (ROC) metric, we find that Radial Basis Function (RBF) performs the best among the seven algorithms studied in this work.