Abstract
We demonstrate how machine-learning-based network intrusion detection models can be validated and developed by probing models using traffic with specifically controlled microstructures. We show our methodology by probing two published state-of-the-art models to find classification flaws and and understand misbehaviour. These models fail for input traffic with particular characteristics such as retransmissions or overly dispersed flow interarrival times. After we make simple corresponding model corrections, detection rates already improve between 2 -4%. We believe this shows promise for using tailored data with controllable and labelled characteristics to effectively improve model development in NID, a practice that helped model development significantly in several other areas of machinelearning.
| Original language | English |
|---|---|
| Title of host publication | 2021 IEEE Security and Privacy Workshops (SPW) |
| Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| Pages | 19-24 |
| Number of pages | 6 |
| ISBN (Electronic) | 978-1-6654-3732-5 |
| ISBN (Print) | 978-1-6654-3733-2 |
| DOIs | |
| Publication status | Published - 8 Jul 2021 |
| Event | 42nd IEEE Symposium on Security and Privacy - Online, San Francisco, United States Duration: 24 May 2021 → 27 May 2021 https://www.ieee-security.org/TC/SP2021/index.html |
Symposium
| Symposium | 42nd IEEE Symposium on Security and Privacy |
|---|---|
| Abbreviated title | SP 2021 |
| Country/Territory | United States |
| City | San Francisco |
| Period | 24/05/21 → 27/05/21 |
| Internet address |
Keywords
- Machine learning
- traffic microstructures
- network intrusion detection