After the introduction of the internet, network security became a key bother for individuals and organizations alike. People were afraid of losing their personal and collective data to third parties. Although the internet serves various purposes such as facilitating the sending of information, upsurges in network attacks have heightened the importance of network security systems. Users of personal computers, organizations, and government agencies all have network security systems put in place to protect them from external attacks. Therefore, it becomes important to understand the nature of network intrusion detection and protection. Such kind of information is beneficial to multiple stakeholders since a considerable amount of commercial, individual, and government data is stored on network infrastructures all around the world. Network intrusion detection and prevention efforts have improved over the years and have helped to protect investments, business reputation, and people’s lives. Machine learning can be used for anomaly detection and prevention through the use of pattern classification, single classifiers, hybrid classifiers, and ensemble classifiers.
History of Network Security
Back when the internet was introduced, the internet protocols that existed then could not secure themselves. The main reason was that there was no implementation in the security protocols. This meant that the internet back then was highly porous and any type of attack could affect network systems. Nevertheless, recent developments in internet architecture have made its usage safer for users.
Delegate your assignment to our experts and they will do the rest.
Attacks on security systems can be traced back to the 1980s. Instances of hacking emerged where high profile government security was compromised. For instance, members of the 414 gang were arrested after they were found guilty of hacking into systems that the United States’ regime considered top secret (Daya, 2013). Another example is that of Ian Murphy whose theft of information from military systems initiated the adoption of the Computer Fraud and Abuse Act. Thereafter, the Computer Emergency Response Team (CERT) was introduced as a means of thwarting network intrusions.
Nevertheless, threats to network systems became more popular in the 1990s. By then, the commercialization of the internet had begun. There were now millions of users around the world who relied on the internet for day-to-day duty execution. High-profile network intrusion instances were now becoming common and people were now more aware of the need to secure their information. Government agencies began warning the general public of the impending threat of network intrusion. The logic was that if government systems were vulnerable, then private users needed to be alerted on the need to keep their information secure.
In the modern context, there are numerous ways through which hackers can access network systems. According to Daya (2013), these methods can be divided into categories based on the procedures used to attack. For instance, some hackers take time to learn about a user’s personal information such as account passwords and ATM card pin access codes. Other attacks also target system functionality such as the introduction of viruses and Trojans that corrupt the systems. Additionally, other attacks deny entire systems their functionality, while there are also smurf and teardrop attacks. Ideally, there are many methods of attacks as new ones are introduced every day as the internet continues to be utilized worldwide.
Responses to network intrusions are focused on both software and hardware improvement. Although hardware improvements such as the use of smart cards have helped reduce the number of attacks, software components have been the most notable contributors to improved network security. Examples are the use of firewalls that can be activated even on personal computers, antivirus programs that can be purchased and installed, or the use of intrusion detection technology. In the future, new and improved technology products such as biometrics are expected to improve the levels of network security.
Importance of Network Security
Network systems must provide end-users with the privacy they deserve. Therefore, network security measures have to be put in place to detect and prevent intrusion. Patel, et al. (2010, p. 280) state that network security “reduces levels of threat to reputation, operational effectiveness, legal and strategic risk by limiting an organization’s vulnerability to attempted intrusion, thereby maintaining confidence and trust in the institution.” Intrusions can cause information leaks that can expose individuals and organizations to financial losses. Additionally, reputation can also be at stake when privacy is eroded. People’s lives can also be at stake especially when there are intrusions in governmental network systems. Therefore, network intrusion detection and prevention may help protect finances, reputation, and people’s lives.
The Use of Machine Learning In Intrusion Detection and Prevention
The use of machine learning to detect network intrusions is a fairly new field that deserves attention. Machine learning as a concept is considered as an important approach that will revolutionize how machines carry out ‘human’ activities. Machine learning alludes to the study of how statistics and algorithms can be used by computer systems with little or no categorical instructions. Machine learning enables systems to rely on patterns and the ability to infer from earlier decisions. In the same way, machine learning can be used to detect inconsistencies when network systems deviate from normal behavior.
According to Sommer and Paxson (2010), the use of machine learning techniques in network intrusion detection also enables systems to report anomalies. This process becomes successful because suspicious activities display features not witnessed under normal circumstances. However, it is important to note that the process becomes difficult when intrusion detection systems utilize tools that have been copied from other machine learning projects. This is because if the tools are in the public domain to start with, then hackers can find methods of dodging these implements.
Machine Learning Techniques for Anomaly Detection and Prevention
Machine learning is a general topic and so there are many ways through which it can be used to detect and prevent intrusions. Tsai, et al. (2009) state that the various techniques that are currently in use are pattern classification, single classifiers, hybrid classifiers, and ensemble classifiers.
In the pattern classification model, the authors note that supervised and unsupervised learning techniques are utilized to decipher difficulties where systems cannot recognize problems. More specifically, the supervised learning process works when functions are used to estimate the relationships between predetermined input and output vectors. The process then forms a classifier. The classifier can then identify unlearned patterns.
On the other hand, the single classifier model involves the use of only one algorithm to detect the anomaly. Examples of single classifier techniques are genetic algorithms, k -nearest neighbor, self-organizing maps, support vector machines, decision trees, and artificial neural network (Tsai, et al., 2009).
The hybrid classifier technique entails a combination of more than two machine learning tools to enhance the process. Tsai, et al. (2009) add that the main reason for this combination of techniques is to boost the accuracy of the detection and prevention processes. Finally, the ensemble classifier model was introduced to boost the ability of weak learners to perform detection and prevention tasks. In the process, weak learners are integrated to improve performance.
In conclusion, upsurges in network attacks have heightened the importance of network security systems. Various systems shave traditionally been used to protect public and private data from unwanted intrusions. Network intrusion detection and prevention efforts have improved over the years and have helped to protect investments, business reputation, and people’s lives. It has also been found that machine learning can be used as a tool for anomaly detection and prevention by using techniques such as pattern classification, single classifiers, hybrid classifiers, and ensemble classifiers.
References
Daya, B. (2013). Network security: History, importance, and future. University of Florida Department of Electrical and Computer Engineering , 4 .
Patel, A., Qassim, Q., & Wills, C. (2010). A survey of intrusion detection and prevention systems. Information Management & Computer Security , 18 (4), 277-290.
Sommer, R., & Paxson, V. (2010, May). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE symposium on security and privacy (pp. 305-316). IEEE.
Tsai, C. F., Hsu, Y. F., Lin, C. Y., & Lin, W. Y. (2009). Intrusion detection by machine learning: A review. Expert systems with applications , 36 (10), 11994-12000.
