Empirical Evaluation of Noise Influence on Supervised Machine Learning Algorithms Using Intrusion Detection Datasets

<table class="table-group" id="tab1"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">Criteria</td><td class="align_center">Misuse detection</td><td class="align_center">Anomaly detection</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left">Basic principle</td><td class="align_center">Using previously defined patterns/signatures/rules to detect intrusion</td><td class="align_center">Establishes normal behavior profile and detects intrusion based on deviations from that profile</td></tr><tr><td class="align_left">Detecting unknown attacks</td><td class="align_center">No</td><td class="align_center">Yes</td></tr><tr><td class="align_left">Detecting known attacks</td><td class="align_center">Very good</td><td class="align_center">Good</td></tr><tr><td class="align_left">Rates of false positive</td><td class="align_center">Very low</td><td class="align_center">Moderate to high (depends on many factors)</td></tr><tr><td class="align_left">Constant update of the database</td><td class="align_center">Yes</td><td class="align_center">No</td></tr><tr><td class="align_left">Suitable ML approach</td><td class="align_center">Supervised ML</td><td class="align_center">Unsupervised ML</td></tr><tr><td class="align_left">Biggest challenge</td><td class="align_center">Maintaining an up-to-date database of all known attack signatures</td><td class="align_center">Differentiating normal from malicious behavior</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>The main differences between misuse and anomaly intrusion detection methods.</div>

Security and Communication Networks

tab1

Table 1

Table 1: Empirical Evaluation of Noise Influence on Supervised Machine Learning Algorithms Using Intrusion Detection Datasets 