Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network (original) (raw)
Related papers
Proposing a Model for Detecting Intrusion Network Attacks Using Machine Learning Techniques
Journal of Education and Science
At the present time, the reliance on computers is increasing in all aspects of life, so it is necessary to protect computer networks and computing resources from complex attacks against the network. This is performed by building tools, applications, and systems that detect attacks or anomalies adapting to ever-changing architectures and dynamically changing threats. The goal of this paper is to build a Network Intrusion Detection System (NIDS) based on deep learning techniques such as Convolutional Neural Network (CNN), which demonstrated its efficiency in predicting, classifying, and extracting high-level features in network traffic.
IEEE Access
An intrusion detection system (IDS) is an important protection instrument for detecting complex network attacks. Various machine learning (ML) or deep learning (DL) algorithms have been proposed for implementing anomaly-based IDS (AIDS). Our review of the AIDS literature identifies some issues in related work, including the randomness of the selected algorithms, parameters, and testing criteria, the application of old datasets, or shallow analyses and validation of the results. This paper comprehensively reviews previous studies on AIDS by using a set of criteria with different datasets and types of attacks to set benchmarking outcomes that can reveal the suitable AIDS algorithms, parameters, and testing criteria. Specifically, this paper applies 10 popular supervised and unsupervised ML algorithms for identifying effective and efficient ML-AIDS of networks and computers. These supervised ML algorithms include the artificial neural network (ANN), decision tree (DT), k-nearest neighbor (k-NN), naive Bayes (NB), random forest (RF), support vector machine (SVM), and convolutional neural network (CNN) algorithms, whereas the unsupervised ML algorithms include the expectation-maximization (EM), k-means, and self-organizing maps (SOM) algorithms. Several models of these algorithms are introduced, and the turning and training parameters of each algorithm are examined to achieve an optimal classifier evaluation. Unlike previous studies, this study evaluates the performance of AIDS by measuring the true positive and negative rates, accuracy, precision, recall, and F-Score of 31 ML-AIDS models. The training and testing time for ML-AIDS models are also considered in measuring their performance efficiency given that time complexity is an important factor in AIDSs. The ML-AIDS models are tested by using a recent and highly unbalanced multiclass CICIDS2017 dataset that involves real-world network attacks. In general, the k-NN-AIDS, DT-AIDS, and NB-AIDS models obtain the best results and show a greater capability in detecting web attacks compared with other models that demonstrate irregular and inferior results. INDEX TERMS Cyberattacks, intrusion detection system, machine learning, supervised and unsupervised learning.
Machine Learning for Network Intrusion Detection—A Comparative Study
Future Internet
Modern society has quickly evolved to utilize communication and data-sharing media with the advent of the internet and electronic technologies. However, these technologies have created new opportunities for attackers to gain access to confidential electronic resources. As a result, data breaches have significantly impacted our society in multiple ways. To mitigate this situation, researchers have developed multiple security countermeasure techniques known as Network Intrusion Detection Systems (NIDS). Despite these techniques, attackers have developed new strategies to gain unauthorized access to resources. In this work, we propose using machine learning (ML) to develop a NIDS system capable of detecting modern attack types with a very high detection rate. To this end, we implement and evaluate several ML algorithms and compare their effectiveness using a state-of-the-art dataset containing modern attack types. The results show that the random forest model outperforms other models, ...
Comparative Evaluation of Machine Learning Algorithms for Intrusion Detection
Asian Journal of Research in Computer Science, 2023
This study undertakes a comparative examination of machine learning algorithms used for intrusion detection, addressing the escalating challenge of safeguarding networks from malicious attacks in an era marked by a proliferation of network-related applications. Given the limitations of conventional security tools in combatting intrusions effectively, the adoption of machine learning emerges as a promising avenue for bolstering detection capabilities. The research evaluates the efficacy of three distinct machine learning algorithms—Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), and Naive Bayes—in identifying diverse attack categories, including Denial of Service, Probe, Remote to Local, and User to Root. Conducted on the NSL-KDD dataset, the analysis unveils CNN and RNN as superior performers compared to Naive Bayes, particularly in terms of detection accuracy. These findings extend value to both researchers and practitioners in the realm of intrusion detection systems, offering insights into optimal algorithmic choices. Furthermore, the study's implications resonate within broader contexts, such as the advancement of secure automation in industrial environments and the realm of automobile automation. Overall, this research contributes to the ongoing efforts to fortify network security and promote the development of safer technological landscapes.
Anomaly-based Intrusion Detection using Machine Learning Algorithms-A Review Paper
2020
An intrusion is termed as an activity that attempts to compromise the confidentiality or availability of a resource. An intrusion detection system i.e. IDS is the most important field of network security, that monitors the state of software and hardware running in the network. In the past few years, Intrusion detection using machine learning technique has captured the attention of most of the researchers, and every researcher proposes a different algorithm for the distinct features used in the dataset. KDD-Cup99 intrusion detection dataset plays a vital role in the network intrusion detection system and NSL-KDD is an updated or revised version of KDDCup99. The dataset which is mostly used by the researchers working in the field of intrusion detection is KDD-Cup99. This paper presents an overview of various IDS and also the detailed analyses of various machine learning techniques and datasets used for improving IDS.
A Convolutional Neural Network for Improved Anomaly-Based Network Intrusion Detection
Big Data, 2021
Cybersecurity protects and recovers computer systems and networks from cyber attacks. The importance of cybersecurity is growing commensurately with people's increasing reliance on technology. An anomaly detection-based network intrusion detection system is essential to any security framework within a computer network. In this article, we propose two models based on deep learning to address the binary and multiclass classification of network attacks. We use a convolutional neural network architecture for our models. In addition, a hybrid two-step preprocessing approach is proposed to generate meaningful features. The proposed approach combines dimensionality reduction and feature engineering using deep feature synthesis. The performance of our models is evaluated using two benchmark data sets, namely the network security laboratory-knowledge discovery in databases data set and the University of New South Wales Network Based 2015 data set. The performance is compared with similar deep learning approaches in the literature, as well as state-of-the-art classification models. Experimental results show that our models achieve good performance in terms of accuracy and recall, outperforming similar models in the literature.
Intrusion detection by machine learning: A review
The popularity of using Internet contains some risks of network attacks. Intrusion detection is one major research problem in network security, whose aim is to identify unusual access or attacks to secure internal networks. In literature, intrusion detection systems have been approached by various machine learning techniques. However, there is no a review paper to examine and understand the current status of using machine learning techniques to solve the intrusion detection problems. This chapter reviews 55 related studies in the period between 2000 and 2007 focusing on developing single, hybrid, and ensemble classifiers. Related studies are compared by their classifier design, datasets used, and other experimental setups. Current achievements and limitations in developing intrusion detection systems by machine learning are present and discussed. A number of future research directions are also provided.
Enhancing Cybersecurity through Machine Learning: An Exploration of Anomaly Detection
International Journal of Computer Science and Mobile Computing (IJCSMC), 2024
In the contemporary digital environment, cybersecurity is one of the most crucial areas to take care of. The rising sophistication of cyber threats poses a severe risk to individuals and businesses. Below is the research work of elaboration on the application of machine learning techniques in the improved anomaly detection for cybersecurity. The study will detect and attempt to mitigate more anomalous activities indicating possible cyber threats using Machine Learning algorithms. More concretely, this study consists of a thorough literature review of existing works on cybersecurity and machine learning, delves into a variety of algorithms for anomaly detection, and evaluates their empirical performance.
International Journal of Electrical and Computer Engineering (IJECE), 2024
Intrusion detection systems (IDS) protect networks from threats; they actively monitor network activity to identify and prevent malicious actions. This study investigates the application of machine learning methods to strengthen IDS, explicitly emphasizing the comprehensive CICIDS 2017 dataset. The dataset was refined by implementing stringent preprocessing methods such as feature normalization, class imbalance management, feature reduction, and feature selection to ensure its quality and lay the foundation for developing robust models. The performance evaluation of three classifiers-support vector machine (SVM), extreme gradient boosting (XGBoost), and naive Bayes was highly impressive. Vital accuracy, precision, recall, and F1-score values of 0.984389, 0.984479, 0.984375, and 0.984304, respectively, were achieved by SVM. Notably, XGBoost demonstrated exceptional performance across all metrics, attaining flawless scores of 1.0. naive Bayes demonstrated noteworthy accuracy, precision, recall, and F1-score performance, which were recorded as 0.877392, 0.907171, 0.877007, and 0.876986, respectively. The results of this study emphasize the critical importance of preparation methods in improving the effectiveness of IDS via machine learning. This further demonstrates the potential of particular classifiers to detect and prevent network intrusions efficiently, thereby substantially contributing to cybersecurity measures.