Constructing an Expert System Rule of Intrusion Detection Using Machine Learning

With the data growing, differentiating anomalous network connection from vast amounts of network traffic becomes more and more difficult. Computers become more and more important in intrusion detection. One of the detection methods is to construct an expert system. The computer matches the possibly anomalous network connection with rules. The most important thing in this method is the construction and modification dynamically of the rules. We use machine learning technology to construct and modify these rules. To complete this job, we adopt the genetic algorithms and decision trees. This article describes the use of these two methods in network intrusion detection.