Machine Learning Applications in Misuse and Anomaly Detection

TL;DR

This paper reviews machine learning-based intrusion detection systems, focusing on misuse, anomaly, and hybrid approaches, and discusses future research directions in designing effective algorithms for network security.

Contribution

It provides a comprehensive overview of existing intrusion detection schemes and highlights future research directions in machine learning applications for security.

Findings

Misuse detection matches known attack signatures.

Anomaly detection identifies unusual system states.

Hybrid approaches combine both methods for improved detection.

Abstract

Machine learning and data mining algorithms play important roles in designing intrusion detection systems. Based on their approaches toward the detection of attacks in a network, intrusion detection systems can be broadly categorized into two types. In the misuse detection systems, an attack in a system is detected whenever the sequence of activities in the network matches with a known attack signature. In the anomaly detection approach, on the other hand, anomalous states in a system are identified based on a significant difference in the state transitions of the system from its normal states. This chapter presents a comprehensive discussion on some of the existing schemes of intrusion detection based on misuse detection, anomaly detection and hybrid detection approaches. Some future directions of research in the design of algorithms for intrusion detection are also identified.