Dr. Richard Harang received his PhD in Statistics and Applied Probability from the University of California Santa Barbara in 2010. After a year of postdoctoral research in the Computational Science and Engineering group under Dr. Linda Petzold, he began work at the U.S. Army Research Laboratory in 2011 focusing on applications of statistics and statistical machine learning to problems in network security. His current research interests include machine learning on structured data, analysis and attribution of source code and binary samples, and using generative models of time series data to explore properties of the underlying process.
Machine learning for network intrusion detection is an area of ongoing and active research (see references in  for a representative selection), however nearly all results in this area are empirical in nature, and despite the significant amount of work that has been performed in this area, very few such systems have received nearly the widespread support or adoption that manually configured systems such as Bro  or Snort  have. As discussed in , there are several differences between more conventional applications of machine learning and machine learning for network intrusion detection that make intrusion detection a challenging domain; these include the overwhelming class imbalance (see  for a detailed discussion of this issue), the high asymmetry in misclassification costs, the difficulty in evaluating the performance of an intrusion detection system, and the constantly changing nature of network attacks.