I am trying to get a grasp on the efficiency of neural networks over other artificial intelligence algorithms for use in intrusion detection systems. Most of the literature I’m reading isn’t giving a good comparison of neural networks compared to other IDS's.
Do they work better (detect more true attacks and less false positives)? Are they more or less efficient?
Another question is how new is NN in IDS environments? Are they used widely, is it old news?
It seems like you're asking the problem:
Will this algorithm help me, reliably, detect when an "intrusion" has happened.
Looking at some of the criticism of Neural Networks, it seems that NNs could be over-trained (which is possible for any AI algorithm); this could be overcome by using k-fold cross validation. NNs are also difficult because it is difficult to explain why the NN gave the result that it did.
Is this a research problem that you are working on?
Initially, I'd look at Naive Bayes to solve this problem because 1) it is easy to implement and 2) serves as a good base-line. Also, look at Decision Trees as a solution to your problem.
After implementing NB and DT, implement the NN and see if NN does better.
You could also try an ensemble technique and see if that gives you better results.
There is a Java-based package called Weka which implements many of the algorithms I've discussed and could be valuable to you.
I am also new in NN. I think you can use Encog Neural Network Library to implement NN Algorithms. It is available in both Java and C#.
