ABSTRACT
The detection of security-related events using machine learning approaches has been extensively investigated in the past. Particularly, machine learning-based network intrusion detection has attracted a lot of attention due to its potential to detect unknown attacks. A number of classification techniques have been used for that purpose, but they were mostly classical schemes like decision trees. In this chapter, we go one step further and explore the use of a set of machine learning techniques denominated generically as “deep learning” that have been generating excellent results in other areas. We compare three recent techniques—generalized linear models, gradient boosting machines, and deep learning—with classical classifiers. The comparison is performed using a recent data set of network communication traces designed carefully for evaluating intrusion detection schemes. We show that deep learning techniques have an undeniable value over classical older algorithms, with lower error rates and better analysis times than the classical ones.
