All accepted publications from SPARTA partners under its funding.
Deep Learning for Network Intrusion Detection: An Empirical Assessment
Arnaldo Gouveia and Miguel CorreiaAbstract
The detection of security-related events using machine learning ap- proaches has been extensively investigated in the past. Particularly, machine learning- based network intrusion detection has attracted a lot of attention due to its poten- tial to detect unknown attacks. A number of classification techniques have been used for that purpose, but they were mostly classical schemes like decision trees.
In this paper we go one step further and explore the use of a set of machine learning techniques denominated generically as “deep learning” that have been generating excellent results in other areas. We compare three recent techniques – generalized linear models, gradient boosting machines, and deep learning – with classical classifiers. The comparison is performed using a recent data set of net- work communication traces designed carefully for evaluating intrusion detection schemes. We show that deep learning techniques have an undeniable value over older algorithms, since better model fitting indicators can be achieved.