An evaluation of machine learning techniques in intrusion detection
Lee, Christina Mei-Fang
Intrusion detection allows an organization to monitor its network for possible attacks. The ability of an intrusion detection system (IDS) to distinguish correctly between attacks and normal activity is important. The use of machine learning algorithms is an active area of study in intrusion detection. Experiments have been performed with Naive Bayes, Decision Trees, and Artificial Neural Networks (ANNs) using an intrusion detection dataset. A Naive Bayes and Decision Tree algorithm programmed in Python are used, as well as the Weka Naive Bayes, J48 Decision Tree, and Multilayer Perceptron algorithms. Several subsets of the 1999 KDD Cup dataset are used to perform these experiments. An evaluation of the results, with special attention to approaches in evaluating false positives and negatives, is discussed. A novel approach to evaluating these results is shown.