Comparison study of machine learning classifiers to detect anomalies (original) (raw)
Related papers
Comparative Analysis of Intrusion Detection Attack Based on Machine Learning Classifiers
Indian Journal of Artificial Intelligence and Neural Networking, 2021
In current day information transmitted from one place to another by using network communication technology. Due to such transmission of information, networking system required a high security environment. The main strategy to secure this environment is to correctly identify the packet and detect if the packet contains a malicious and any illegal activity happened in network environments. To accomplish this, we use intrusion detection system (IDS). Intrusion detection is a security technology that design detects and automatically alert or notify to a responsible person. However, creating an efficient Intrusion Detection System face a number of challenges. These challenges are false detection and the data contain high number of features. Currently many researchers use machine learning techniques to overcome the limitation of intrusion detection and increase the efficiency of intrusion detection for correctly identify the packet either the packet is normal or malicious. Many machine-le...
Analysis of Various Machine Learning Approach to Detect Anomaly from Network Traffic
International journal of computer science and mobile computing, 2022
Although conventional network security measures have been effective up until now, machine learning techniques are a strong contender in the present network environment due to their flexibility. In this study, we evaluate how well the latter can identify security issues in a corporative setting Network. In order to do so, we configure and contrast a number of models to determine which one best our demands. In addition, we spread the computational load and storage to support large quantities of data. Our model-building methods, Random Forest and Naive Bayes.
Detecting Anomaly Intrusions in Digital Network Traffic Using Machine Learning Approach
The main target of the Organizations is to secure their network from attacks. This requires network administrators to implement different IDS to monitor network traffic for unauthorized and malicious activities. The detection of malicious activities is two types; i. Misuse IDSs versus ii. Anomaly-based IDSs. Misuse IDS is a signature based IDS which can detect known attacks in an efficient way based on hard coded signatures stored in the signature list. The misuse techniques have the advantage of low false positive rate. However, they suffer from high false negative rate due to the sensitivity to any simple variation in the stored signatures. In such case, the variations can be considered as an attack. Misuse IDS fails in detecting unknown and zero-day attacks where they are unavailable in the stored signatures. Because of this, currently, the focus of many researchers is on anomaly detection to overcome the limitations of sign-based IDSs in detecting new attacks. Artificial intelligence, specifically machine learning methods, has been used to develop an effective data-centric intrusion detection system. In most Anomaly-based approaches, the detection rate is low, the training time is high and the false-alarm-rate (far) is high. To solve these problems, we experimented 3 well-known ML algorithms namely Random Forest, K nearest neighbor & Deep Neural Network and used the UNSW NB15 Network traffic dataset. The innovative findings show that the RF Classifier is better than the alternative methods in detecting the data traffic is normal or attack. This with, RF achieved a classification accuracy of 97.57%, detection rate of 97.53%, and 2.35% with a training time of 8.34 sec in binary classification with a accuracy of classification of 80.76% in ten class classification.
Anomaly Detection Using Machine Learning
International Journal of Advance Research, Ideas and Innovations in Technology, 2018
In this day and age of plethora of information, the importance of information security cannot be emphasized enough. Any threat to confidentiality, integrity or availability of information must be taken seriously. Ignoring such threats can have serious consequences, like misappropriation, modification or encryption of data. Vulnerabilities in information security are a tempting target for malwares. Malwares are malicious scripts or software, including computer viruses, worms, Trojan-horses, ransomware, spyware, adware, etc. The traditional way of detecting an advanced malware or threat compromise uses a signature based antivirus. This approach, however, is not foolproof and can be bypassed. The signature based approach relies on a known list of signatures. The list of signatures is not perfect and also does not contain previously unseen malware signatures. The proposed system uses operational intelligence tools and machine learning to monitor usual user behavior. This is done by collecting system activities like event logs, sysinternal, etc. Once the system learns normal behavior patterns, it can detect anomalies that may be caused by malware. Thus, unlike signature based approach, the proposed system can detect previously unseen malwares as well.
Comparison of Machine Learning Algorithms to Build Optimized Network Intrusion Detection System
American Scientific Publishers, 2019
Network Security is the most important aspect for all products and services offered by networking systems. The network density and usage in information systems, technical systems are humungous and is used by the entire world to provide connectivity from busiest hours to remote locations. Mission critical events, governmental organizations, information technology structures rely on continuous and smooth provision of network connection. This makes the basis of information security pillars-Confidentiality, which means that the data transferred between two users can be readable but should not be understandable, meaning it should be encrypted; Integrity, which focuses on the aspect of reliable message transfer preventing any kind of message tampering in the data transfer process; and finally Authentication and Availability, meaning that the user sending and receiving the data are genuine, and that the data is available, free from denial attacks.
With the growth of internet world has transformed into a global market with all monetary and business exercises being carried online. Being the most imperative resource of the developing scene, it is the vulnerable object and hence needs to be secured from the users with dangerous personality set. Since the Internet does not have focal surveillance component, assailants once in a while, utilizing varied and advancing hacking topologies discover a path to bypass framework " s security and one such collection of assaults is Intrusion. An intrusion is a movement of breaking into the framework by compromising the security arrangements of the framework set up. The technique of looking at the system information for the conceivable intrusions is known intrusion detection. For the last two decades, automatic intrusion detection system has been an important exploration point. Till now researchers have developed Intrusion Detection Systems (IDS) with the capability of detecting attacks in several available environments; latest on the scene are Machine Learning approaches. Machine learning techniques are the set of evolving algorithms that learn with experience, have improved performance in the situations they have already encountered and also enjoy a broad range of applications in speech recognition, pattern detection, outlier analysis etc. There are a number of machine learning techniques developed for different applications and there is no universal technique that can work equally well on all datasets. In this work, we evaluate all the machine learning algorithms provided by Weka against the standard data set for intrusion detection i.e. KddCupp99. Different measurements contemplated are False Positive Rate, precision, ROC, True Positive Rate.
Experimental Study of Machine Learning Methods in Anomaly Detection
Informasiya texnologiyaları problemləri, 2022
Recently, the widespread usage of computer networks has led to the increase of network threats and attacks. Existing security systems and devices are insufficient in the detection of intruders' attacks on network infrastructure, and they considered to be outdated for storing and analyzing large network traffic data in terms of size, speed, and diversity. Detection of anomalies in network traffic data is one of the most important issues in providing network security. In the paper, we investigate the possibility of using machine learning algorithms in the detection of anomalies-DoS attacks in computer network traffic data on the WEKA software platform. Ensemble model consisting of several unsupervised classification algorithms has been proposed to increase the efficiency of classification algorithms. The effectiveness of the proposed model was studied using the NSL-KDD database. The proposed approach showed a higher accuracy in the detection of anomalies compared to the results shown by the classification algorithms separately.
Intrusion Detection using Machine Learning Techniques: An Experimental Comparison
2021 International Congress of Advanced Technology and Engineering (ICOTEN)
Due to an exponential increase in the number of cyber-attacks, the need for improved Intrusion Detection Systems (IDS) is apparent than ever. In this regard, Machine Learning (ML) techniques are playing a pivotal role in the early classification of the attacks in case of intrusion detection within the system. However, due to the large number of algorithms available, the selection of the right method is a challenging task. To resolve this issue, this paper analyses some of the current state of the art intrusion detection methods and discusses their pros and cons. Further, a review of different ML methods is carried out with four methods showing to be the most suitable one for classifying attacks. Several algorithms are selected and investigated to evaluate the performance of IDS. These IDS classifies binary and multiclass attacks in terms of detecting whether or not the traffic has been considered as benign or an attack. The experimental results demonstrate that binary classification has greater consistency in their accuracy results which ranged from 0.9938 to 0.9977, while multiclass ranges from 0.9294 to 0.9983. However, it has been also observed that multiclass provides the best results with the algorithm k-Nearest neighbor giving an accuracy score of 0.9983 while the binary classification highest score is 0.9977 from Random Forest. The experimental results demonstrate that multiclass classification produces better performance in terms of intrusion detection by specifically differentiating between the attacks and allowing a more targeted response to an attack.
A Detailed Analysis of Using Supervised Machine Learning for Intrusion Detection
2020
Machine learning is more and more used in various fields of the industry, which go from the self driving car to the computer security. Nowadays, with the huge network traffic, machine learning represents the miracle solution to deal with network traffic analysis and intrusion detection problems. Intrusion Detection Systems can be used as a part of a holistic security framework in different critical sectors like oil and gas industry, traffic management, water sewage, transportation, tourism and digital infrastructure. In this paper, we provide a comparative study between twelve supervised machine learning methods. This comparative study aims to exhibit the best machine learning methods relative to the classification of network traffic in specific type of attack or benign traffic, category of attack or benign traffic and attack or benign. CICIDS’2017 is used as data-set to perform our experiments, with Random Forest, Jrip, J48 showing better performance.