Previous work has demonstrated that machine learning-based network intrusion detection systems (IDS) can be constructed to provide a significant proportion of the accuracy of a conventional signature-based IDS while using a fraction of the resources. Such systems are ideally suited to mobile tactical networks, which typically require much denser sensor coverage to ensure complete network protection and have relatively limited size, weight, and power budgets within which to both protect and operate the network. In this study, we extend previous work on the Extremely Lightweight Intrusion Detection system (ELIDe) and examine its ability to both store a wide range of signatures and generalize to new data. We also demonstrate the following: (1) ELIDe weight vectors are capable of storing multiple signatures while not significantly affecting the false-positive rate; (2) such weight vectors can detect packets that match the signatures on which they were trained with a high degree of accuracy (low false-negative rate); and (3), in addition to approximating the output of a conventional set of signatures, ELIDe weight vectors can also weakly generalize to novel malicious traffic. We show that, despite the significant challenges mobile tactical networks pose for intrusion detection, the use of machine learning allows the deployment of approximate signaturebased intrusion detection in such networks.
|