Intrusion Detection Based On Machine Learning

With the fast developing network technology, intrusions based on the network is also expands quickly, the computers in the network become the attack objects of the hackers. Intrusion detection therefore becomes a hot topic of the security area. Be an important complementarily of the intrusion prevention techniques, such as user authentication (e.g. using passwords or biometrics), intrusion detection is another wall to protect computer systems.However, traditional intrusion detection is relied on the hand-coded rules and patterns, this is costly and the updates are very slowly. It is absolutely possible that in the time when the experts are updating the system, new intrusion has already caused enormous harm.This paper discusses the intrusion detection based on machine learning. Machine learning classifies the new net dates to the normal category or intrusion category based on the former learning process; consequently, it discovers the new intrusions and improves the adaptability of the intrusion detection system. In this paper, we mainly introduced three machine learning technologies: neural network, genetic algorithm and support vector machine. At the same time, we discussed two common used feature selection algorithms.Intrusion detection techniques can be categorized into misuse detection and anomaly detection, however, each of them has shortcomings: misuse detection can not discover unknown intrusions and anomaly detection has a comparatively higher false alarm rate. By this reason, we proposed a mixed model, which combines both misuse detection and anomaly detection model. Our experiments are built on the popular 1999 DAPRA data sets. Using different machine learning method, we performed several experiments to evaluate the anomaly only intrusion detection system and mixed intrusion detection system; also, we get the usual misuse detection results and compare the different of these three. We see the mixed model has distinct advantage over the other two, the average detection rate of the mixed model is about 85% and the false alarm rate is about 3.5%. We are gratified to say, our mixed model is more effective and more flexible.