A Double-Layer Detection and Classification Approach for Network Attacks

Sun, Chong; Lv, Kun; Hu, Changzhen; Xie, Hui

doi:10.1109/icccn.2018.8487460

Cited by 14 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…e detection result is shown in Figure 5, but the simple machine learning algorithm is as high as 80%. In detection of U2R and R2L features, it far exceeds the detection results of the algorithms proposed by Sun et al [34] and Hussain et al [16].…”

Section: Analysis Of Experimental Resultsmentioning

confidence: 70%

“…is shows that our method not only achieves better results on the training set but also achieves better results on the unlearned testing set. It reflects that our method is not only 7 and Figure 5 show the classification accuracy of our method and these methods in [8,9,16,18,25,34]. e latest paper [9] does not provide the accuracy of each category, so their overall accuracy is used as the average.…”

Section: Analysis Of Experimental Resultsmentioning

confidence: 95%

See 1 more Smart Citation

An Intrusion Detection Method Based on Decision Tree-Recursive Feature Elimination in Ensemble Learning

Lian

Nie

Jia

et al. 2020

Mathematical Problems in Engineering

View full text Add to dashboard Cite

With the rapid development of the Internet, various forms of network attack have emerged, so how to detect abnormal behavior effectively and to recognize their attack categories accurately have become an important research subject in the field of cyberspace security. Recently, many hot machine learning-based approaches are applied in the Intrusion Detection System (IDS) to construct a data-driven model. The methods are beneficial to reduce the time and cost of manual detection. However, the real-time network data contain an ocean of redundant terms and noises, and some existing intrusion detection technologies have lower accuracy and inadequate ability of feature extraction. In order to solve the above problems, this paper proposes an intrusion detection method based on the Decision Tree-Recursive Feature Elimination (DT-RFE) feature in ensemble learning. We firstly propose a data processing method by the Decision Tree-Based Recursive Elimination Algorithm to select features and to reduce the feature dimension. This method eliminates the redundant and uncorrelated data from the dataset to achieve better resource utilization and to reduce time complexity. In this paper, we use the Stacking ensemble learning algorithm by combining Decision Tree (DT) with Recursive Feature Elimination (RFE) methods. Finally, a series of comparison experiments by cross-validation on the KDD CUP 99 and NSL-KDD datasets indicate that the DT-RFE and Stacking-based approach can better improve the performance of the IDS, and the accuracy for all kinds of features is higher than 99%, except in the case of U2R accuracy, which is 98%.

show abstract

Section: Analysis Of Experimental Resultsmentioning

confidence: 70%

Section: Analysis Of Experimental Resultsmentioning

confidence: 95%

An Intrusion Detection Method Based on Decision Tree-Recursive Feature Elimination in Ensemble Learning

Lian

Nie

Jia

et al. 2020

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

“…Os experimentos obtiveram como melhor resultado um F-Score de 92%. [ Sun et al 2018] apresentaram um modelo de detecc ¸ão de intrusão que combina três técnicas clássicas de Ensemble: Bagging, Boosting e Stacking. Os classificadores base utilizados foram SVM e k-NN.…”

Section: Trabalhos Correlatosunclassified

“…Acurácia F1-Score Precision Recall [Milliken et al 2015] 0.98 [Belouch and hadaj 2017] 0.8572 [Sun et al 2018] 0.5727 [Lu et al 2019] 0.7076 [Hsu et al 2019] 0.9175 0.931 0.921 [Olasehinde et al 2020] 0.9856 [Tama et al 2020] 0.9604 Este trabalho 0.9992 0.999 0.9995 0.9995…”

Section: Propostamentioning

confidence: 99%

Stacking-based Committees para Detecção de Ataques em Redes de Computadores - Uma abordagem por exaustão

Lucas

Costa

Moraes

et al. 2021

Anais Do XXXIX Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2021)

View full text Add to dashboard Cite

A aplicação de técnicas de Machine Learning na detecção de ataques em redes de computadores tem obtido bons resultados, com destaque para os métodos de Ensemble, que conseguem melhorar o desempenho de classiﬁcadores individuais. O estudo foi realizado utilizando o Dataset CICIDS-2017 e considerou a escolha de classiﬁcadores com base em uma revisão sistemática da literatura, objetivando encontrar o estado-da-arte e as tendências, tanto para os algoritmos de classiﬁcação quanto para as técnicas de ensemble. Committees que reduzem signiﬁcativamente os erros de classiﬁcação são apresentados modelando detectores de intrusão que são superiores aos métodos individuais e aos trabalhos correlatos comparados obtendo acurácia média de 99.92%.

show abstract

“…Signature-based methods are only able to detect the anomalous profiles used in training. One example of the latter is by Sun et al [182] who firstly detect one category of network traffic using Gradient Boosting Decision Tree. Upon detection, of a specific class of anomaly, the authors use k-NN to classify into subclasses.…”

Section: Offline Modelsmentioning

confidence: 99%

A Framework for Anomaly Detection under Dynamic and Distributed Scenarios

Odiathevar¹

View full text Add to dashboard Cite

Anomaly Detection is an important aspect of many application domains. It refers to the problem of finding patterns in data that do not conform to expected behaviour. Hence, understanding of expected behaviour well is fundamental to performing effective anomaly detection. However, data profiles constantly evolve in certain domains such as computer networks. In other domains such as traffic monitoring and healthcare, data are distributed and are either too large or there are privacy concerns in transmitting them to a central location. These situations pose a challenge to obtain an accurate understanding of non-anomalous profiles. Changing profiles undermine existing anomaly detection models and make them less effective. Training a robust model with data from multiple sources is also challenging. Moreover, in real world scenarios, it is not apparent how an anomaly detection model can be built to address the problem. This thesis focuses on the building of a robust anomaly detection system where data profiles evolve and/or are distributed. It proposes a novel Online Offline Framework to separate existing expected behaviour, new possible expected behaviour and anomalies in streaming data. It also addresses the distributed scenario using a theoretically sound fully Bayesian approach. These methods improve performances of anomaly detection systems and work well with biased and uneven data partitions. The proposed methods are validated using real world data in three different domains. This thesis identifies the implementation difficulties in these domains and produces three novel methodologies to address each of the core anomaly detection problems.

show abstract

A Double-Layer Detection and Classification Approach for Network Attacks

Cited by 14 publications

References 11 publications

An Intrusion Detection Method Based on Decision Tree-Recursive Feature Elimination in Ensemble Learning

An Intrusion Detection Method Based on Decision Tree-Recursive Feature Elimination in Ensemble Learning

Stacking-based Committees para Detecção de Ataques em Redes de Computadores - Uma abordagem por exaustão

A Framework for Anomaly Detection under Dynamic and Distributed Scenarios

Contact Info

Product

Resources

About