Thutmose - Investigation of Machine Learning-Based Intrusion Detection Systems

Abstract : In support of Air Force objectives to improve the Offensive and Defensive cyber-capabilities of the war fighter, this project endeavored to study learning systems researched and developed for cyber defense of network resources. Specifically, intrusion detection systems that were built with machine learning operations were studied to understand: the research behind the approach, the data they were designed to protect, the features processed, the algorithms used and the degree to which they were resistant and resilient to experimentally induced adversarial data drift. The results of this work provide deep insight into the strengths and weaknesses of the studied learning systems while operating within an adversarial environment. This insight will enable the design and development of future machine learning-based intrusion detection systems (ML-IDS) to be more hardened and effective in defending our nations networked resources. The experimentation results will aid in selecting or designing stronger algorithms, choosing better features, and more effectively monitoring resources. The toolset produced to run the experiments may be re-used and enhanced to make designing and testing of these future defenses faster and more effective.