Open AccessMachine Learning confronted with the operational constraints of detection systems
Author(s) -
Sridarala Ramu,
Daniel Osaku
Publication year - 2019
Publication title -
international journal of information technology and applied sciences
Language(s) - English
Resource type - Journals
ISSN - 2709-2208
DOI - 10.52502/ijitas.v1i1.6
Subject(s) - intrusion detection system , computer science , false positive paradox , machine learning , artificial intelligence , computer security
Intrusion detection systems, traditionally based on signatures, have not escaped the recent appeal of machine learning techniques. While the results presented in academic research articles are often excellent, security experts still have many reservations about the use of Machine Learning in intrusion detection systems. They generally fear an inadequacy of these techniques to operational constraints, in particular because of a high level of expertise required, or a large number of false positives. In this article, we show that Machine Learning can be compatible with the operational constraints of detection systems. We explain how to build a detection model and present good practices to validate it before it goes into production. The methodology is illustrated by a case study on the detection of malicious PDF files and we offer a free tool, SecuML, to implement it.