Application of machine learning to computer network security

Abstract

Computer Security covers a wide array of topics, with much of the development in the field happening outside academia. We look at intrusion detection, and evaluate the effectiveness of machine learning in the development of a commercial intrusion detection system (IDS), and compare it with conventional IDS design approaches. We attempt to create novel data sets, and examine the difficulties of extracting new features from network traffic to aid machine learning based systems. Finally, we propose a novel, near-zero overhead method of associating network packets with the process identifier (pid) of their source in real-time and demonstrate a significant performance improvement over existing methods of pid labeling.