Article

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Authors:

Robin Sommer and

Vern PaxsonAuthors Info & Claims

SP '10: Proceedings of the 2010 IEEE Symposium on Security and Privacy

May 2010

Pages 305 - 316

https://doi.org/10.1109/SP.2010.25

Published: 16 May 2010 Publication History

Publisher Site

Abstract

In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.

Cited By

View all

Chu AJiang XLiu SBhagoji ABronzino FSchmitt PFeamster N(2024)Feasibility of State Space Models for Network Traffic GenerationProceedings of the 2024 SIGCOMM Workshop on Networks for AI Computing10.1145/3672198.3673792(9-17)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672198.3673792
Diaz-Verdejo JEstepa Alonso REstepa Alonso AMunoz-Calle JMadinabeitia G(2024)Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems developmentProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3661319(217-218)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3661319
Diaz-Verdejo JEstepa RAlonso AMunoz-Calle J(2024)Insights into anomaly-based intrusion detection systems usability. A case study using real http requestsProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3655745(82-89)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3655745
Show More Cited By

Index Terms

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Index terms have been assigned to the content through auto-classification.

Recommendations

Misuse-based intrusion detection using Bayesian networks

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Bayesian system for intrusion detection (Basset) extends functionality of Snort, an open-source network ...
Read More
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Read More
Using artificial anomalies to detect unknown and known network intrusions

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both ...
Read More

Comments

Information & Contributors

Information

Published In

SP '10: Proceedings of the 2010 IEEE Symposium on Security and Privacy

May 2010

504 pages

ISBN:9780769540351

Publisher

IEEE Computer Society

United States

Publication History

Published: 16 May 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

236
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chu AJiang XLiu SBhagoji ABronzino FSchmitt PFeamster N(2024)Feasibility of State Space Models for Network Traffic GenerationProceedings of the 2024 SIGCOMM Workshop on Networks for AI Computing10.1145/3672198.3673792(9-17)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672198.3673792
Diaz-Verdejo JEstepa Alonso REstepa Alonso AMunoz-Calle JMadinabeitia G(2024)Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems developmentProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3661319(217-218)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3661319
Diaz-Verdejo JEstepa RAlonso AMunoz-Calle J(2024)Insights into anomaly-based intrusion detection systems usability. A case study using real http requestsProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3655745(82-89)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3655745
Ricks BTague PThuraisingham BNatarajan SNiu JVaidya J(2024)Utilizing Threat Partitioning for More Practical Network Anomaly DetectionProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657046(83-91)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3649158.3657046
Jiang XLiu SGember-Jacobson ABhagoji ASchmitt PBronzino FFeamster N(2024)NetDiffusion: Network Data Augmentation Through Protocol-Constrained Traffic GenerationProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36390378:1(1-32)Online publication date: 21-Feb-2024
https://dl.acm.org/doi/10.1145/3639037
Zhao ZLi ZSong ZLi WZhang FChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Trident: A Universal Framework for Fine-Grained and Class-Incremental Unknown Traffic DetectionProceedings of the ACM on Web Conference 202410.1145/3589334.3645407(1608-1619)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645407
Kolukisa BDedeturk BHacilar HGungor V(2024)An efficient network intrusion detection approach based on logistic regression model and parallel artificial bee colony algorithmComputer Standards & Interfaces10.1016/j.csi.2023.10380889:COnline publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.csi.2023.103808
Kunang YNurmaini SStiawan DSuprapto B(2024)An end-to-end intrusion detection system with IoT dataset using deep learning with unsupervised feature extractionInternational Journal of Information Security10.1007/s10207-023-00807-723:3(1619-1648)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10207-023-00807-7
Seo HYoon MCalandrino JTroncoso C(2023)Generative intrusion detection and prevention on data streamProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620479(4319-4335)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620479
Pashamokhtari ABatista GGharakheili H(2023)Efficient IoT Traffic Inference: From Multi-view Classification to Progressive MonitoringACM Transactions on Internet of Things10.1145/36253065:1(1-30)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1145/3625306
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Misuse-based intrusion detection using Bayesian networks

Detecting, validating and characterizing computer infections in the wild

Using artificial anomalies to detect unknown and known network intrusions

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations