Research Article
Empirical Evaluation of Noise Influence on Supervised Machine Learning Algorithms Using Intrusion Detection Datasets
Table 1
The main differences between misuse and anomaly intrusion detection methods.
| Criteria | Misuse detection | Anomaly detection |
| Basic principle | Using previously defined patterns/signatures/rules to detect intrusion | Establishes normal behavior profile and detects intrusion based on deviations from that profile | Detecting unknown attacks | No | Yes | Detecting known attacks | Very good | Good | Rates of false positive | Very low | Moderate to high (depends on many factors) | Constant update of the database | Yes | No | Suitable ML approach | Supervised ML | Unsupervised ML | Biggest challenge | Maintaining an up-to-date database of all known attack signatures | Differentiating normal from malicious behavior |
|
|