Intrusion Detection using Data Mining: A contemporary comparative study

摘要

Intrusion detection systems play a crucial rule in this era where networks reached almost any sector. Unfortunately, intrusion detection systems are far from perfectness. Therefore, researchers never stopped digging deeper to improve them. In this context, data mining techniques have been highly exploited for intrusion detection. In this paper, we present a comparative study of data mining techniques for intrusion detection. Specifically, we study the overall performances of those methods as well as the impact of training data size on their results. We use ISCX2012 as a benchmark for our experimentation. A realistic dataset that represents at a certain level today's network traffic. The study shows that relatively old methods outperform some of the techniques highly used actually by the community. Regarding the impact of training dataset size, the investigated methods react differently from each other when we add more data to the training dataset. In addition, the results highlight the importance of attack traffic in the training dataset. Moreover, they strongly suggest the use of Random Forest for intrusion detection due to its linear performance relation with the training dataset's size.