A Machine Learning Approach with Verification of Predictions and Assisted Supervision for a Rule-based Network Intrusion Detection System

José Ignacio Fernández-Villamor & Mercedes Garijo (2008). A Machine Learning Approach with Verification of Predictions and Assisted Supervision for a Rule-based Network Intrusion Detection System. In José Cordeiro, Joaquim Filipe & Slimane Hammoudi (editors), WEBIST 2008, Proceedings of the Fourth International Conference on Web Information Systems and Technologies (WEBIST'08), pages 143-148. INSTICC Press.

Abstract:
Network security is a branch of network management in which network intrusion detection systems provide attack detection features by monitorization of traffic data. Rule-based misuse detection systems use a set of rules or signatures to detect attacks that exploit a particular vulnerability. These rules have to be hand-coded by experts to properly identify vulnerabilities, which results in misuse detection systems having limited extensibility. This paper proposes a machine learning layer on top of a rule-based misuse detection system that provides automatic generation of detection rules, prediction verification and assisted classification of new data. Our system offers an overall good performance, while adding an heuristic and adaptive approach to existing rule-based misuse detection systems.