Intrusion detection based on behavior mining and machine learning techniques

This paper describes results concerning the classification capability of unsupervised and supervised machine learning techniques in detecting intrusions using network audit trails. In this paper we investigate well known machine learning techniques: Frequent Pattern Tree mining (FP-tree), classification and regression tress (CART), multivariate regression splines (MARS) and TreeNet. The best model is chosen based on the classification accuracy (ROC curve analysis). The results show that high classification accuracies can be achieved in a fraction of the time required by well known support vector machines and artificial neural networks. TreeNet performs the best for normal, probe and denial of service attacks (DoS). CART performs the best for user to super user (U2su) and remote to local (R2L).