Machine Learning in Intrusion Detection: An Operational Perspective

Autoři

HUSÁK Martin MANOJ Darshan KUMAR Priyanka

Rok publikování 2024
Druh Článek ve sborníku
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
Přiložené soubory
Popis Machine learning has become a prevalent approach in research on intrusion detection with enormous number of research publications on the topic, but its adoption by cybersecurity practitioners is falling behind. Recently, researchers conducted critical and pragmatic assessment of the capabilities of machine learning in this task and identified fundamental issues preventing wider application and easy use in practice. In this paper, we approach the topic from the perspective of network security management, focusing on the issues of compatibility with existing monitoring and security infrastructures, computational complexity, ease of use, and required skills of the operators. The research in machine learning-based intrusion detection strongly favors machine learning metrics (e.g., precision and accuracy) over any other outcome, including performance and usability, for which we have no actual results due to very low number of prototypes, implementations, and field studies. Moreover, there are very limited options of recognizing which type of attack was detected, which remains a strong advantage of traditional signature-based intrusion detection systems.

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.

Další info