15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

An Application of Machine Learning to Network Intrusion Detection

Chris Sinclair, sinclair@arlut.utexas.edu
Lyn Pierce, epierce@arlut.utexas.edu
Sara P. Matzner, matzner@arlut.utexas.edu

Applied Research Laboratories
The University of Texas at Austin

Differentiating anomalous network activity from normal network traffic is difficult and tedious. A human analyst must search through vast amounts of data to find anomalous sequences of network connections. To support the analyst's job, we built an application which enhances domain knowledge with machine learning techniques to create rules for an intrusion detection expert system. We employ genetic algorithms and decision trees to automatically generate rules for classifying network connections. This paper describes the machine learning methodology and the applications employing this methodology.