Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
Title | Outside the Closed World: On Using Machine Learning for Network Intrusion Detection |
Publication Type | Conference Paper |
Year of Publication | 2010 |
Authors | Sommer, R., Paxson, V. |
Conference Name | Security and Privacy (SP), 2010 IEEE Symposium on |
Date Published | May |
Keywords | anomaly detection, Computer science, computer security, Computerized monitoring, Guidelines, Intrusion detection, Laboratories, machine learning, National security, Network security, privacy, telecommunication traffic |
Abstract | In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection. |
URL | http://ieeexplore.ieee.org/document/5504793/ |
DOI | 10.1109/SP.2010.25 |
Citation Key | 5504793 |