Visible to the public Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

TitleOutside the Closed World: On Using Machine Learning for Network Intrusion Detection
Publication TypeConference Paper
Year of Publication2010
AuthorsSommer, R., Paxson, V.
Conference NameSecurity and Privacy (SP), 2010 IEEE Symposium on
Date PublishedMay
Keywordsanomaly detection, Computer science, computer security, Computerized monitoring, Guidelines, Intrusion detection, Laboratories, machine learning, National security, Network security, privacy, telecommunication traffic
Abstract

In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.

URLhttp://ieeexplore.ieee.org/document/5504793/
DOI10.1109/SP.2010.25
Citation Key5504793