A. I. Get'man, M. N. Goryunov, A. G. Matskevich, D. A. Rybolovlev, “A comparison of a machine learning-based intrusion detection system and signature-based systems”, Proceedings of ISP RAS, 2022, Volume 34, Issue 5,Pages <nobr>111

A comparison of a machine learning-based intrusion detection system and signature-based systems

A. I. Get'man^a, M. N. Goryunov^b, A. G. Matskevich^b, D. A. Rybolovlev^b

^a Ivannikov Institute for System Programming of the RAS
^b Akademy of FGS of Russia

Abstract: The paper discusses the approach to the comparison of intrusion detection systems (IDS) that is based on several independent scenarios and comprehensive testing. This approach enabled to identify the advantages and disadvantages of the IDS based on machine learning methods (ML IDS), to identify the conditions under which ML IDS is able to outperform signature-based systems in terms of detection quality, to assess the practical applicability of ML IDS. The developed scenarios enabled to model the realization of both known attacks and a zero-day exploit. The conclusion is made about the advantage of ML IDS in the detection of previously unknown attacks and the feasibility of the construction of hybrid detection systems that combine the potential of signature-based and heuristic methods of analysis.

Keywords: information security, network intrusion detection system, machine learning, signature-based intrusion detection, comparison methodology, network traffic, computer attack

DOI: 10.15514/ISPRAS-2022-34(5)-7