A comparative study of techniques for intrusion detection

Due to increasing incidents of cyber attacks and heightened concerns for cyber terrorism, implementing effective intrusion detection systems (IDSs) is an essential task for protecting cyber security--as well as physical security because of the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved; and applied AI techniques are increasingly being utilized in attempts to overcome the difficulties. This paper presents a comparative study of using support vector machines (SVMs), artificial neural networks (ANNs), multivariate adaptive regression splines (MARS) and linear genetic programs (LGPs) for intrusion detection. We investigate and compare the performance of IDSs based on the mentioned techniques, with respect to a well-known set of intrusion evaluation data gathered by Lincoln Labs. Through a variety of experiments and analysis, it is found that, with appropriately chosen population size, program size, crossover rate and mutation rate, LGPs outperform other techniques in terms of detection accuracy at the expense of time. SVMs outperform MARS and ANNs in three critical aspects of intrusion detection: accuracy, training time, and testing time.