An Empirical Investigation on Snort NIDS versus Supervised Machine Learning Classifiers

Abdulrezzak, Sarah; Sabir, Firas

doi:10.31026/j.eng.2023.02.11

Cited by 3 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Super optimized TCP port surveyor (strobe) is a tool used to perform port scanning or probe service tasks in secure networks and systems running on the UNIX platform. 9 [20] An empirical study to assess Snort's efficacy against network attacks, probing, brute force, and DoS, along with four supervised machine learning classifiers: KNN, decision tree, Bayesian net, and naïve bayes. Using the weka tool, one can evaluate the snort metric, true alarm rate, F-measure, precision, and accuracy and compare them to the same metrics obtained from the use of machine learning algorithms.…”

Section: Appendix Table 1 Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Machine learning-based PortScan attacks detection using OneR classifier

Kareem,

Jawad Kadhim Abood,

Ibrahim

2023

Bulletin EEI

View full text Add to dashboard Cite

PortScan attacks are a common security threat in computer networks, where an attacker systematically scans a range of network ports on a target system to identify potential vulnerabilities. Detecting such attacks in a timely and accurate manner is crucial to ensure network security. Attackers can determine whether a port is open by sending a detective message to it, which helps them find potential vulnerabilities. However, the best methods for spotting and identifying port scanner attacks are those that use machine learning. One of the most dangerous online threats is PortScan attack, according to experts. The research is work on detection while improving detection accuracy. Dataset containing tags from network traffic is used to train machine learning techniques for classification. The JRip algorithm is trained and tested using the CICIDS2017 dataset. As a consequence, the best performance results for JRip-based detection schemes were 99.84%, 99.80%, 99.80%, and 0.09 ms for accuracy, precision, recall, F-score, and detection overhead, respectively. Finally, the comparison with current models demonstrated our model's proficiency and advantage with increased attack discovery speed.

show abstract

Section: Appendix Table 1 Related Workmentioning

confidence: 99%

“…A current research area is being shaped by articles on machine learning techniques, which are among the most widely published. Table 1 (in Appendix) [12]- [20] gives a brief summary of some recent breakthroughs and research in PortScan attack detection.…”

mentioning

confidence: 99%

Machine learning-based PortScan attacks detection using OneR classifier

Kareem,

Jawad Kadhim Abood,

Ibrahim

2023

Bulletin EEI

View full text Add to dashboard Cite

show abstract

“…Stein et al [20] constructed an IDS model with artificial neural networks (ANN) based on the same dataset. Authors in [21], [22] proposed the use of decision trees and random forest. In addition, a hybrid approach combining two or more ML algorithms was presented in [23].…”

Section: Introductionmentioning

confidence: 99%

Machine learning-based intrusion detection system for detecting web attacks

Abdou Vadhil,

Lemine Salihi,

Farouk Nanne

2024

IJ-AI

View full text Add to dashboard Cite

<p>The increasing use of smart devices results in a huge amount of data, which raises concerns about personal data, including health data and financial data. This data circulates on the network and can encounter network traffic at any time. This traffic can either be normal traffic or an intrusion created by hackers with the aim of injecting abnormal traffic into the network. Firewalls and traditional intrusion detection systems detect attacks based on signature patterns. However, this is not sufficient to detect advanced or unknown attacks. To detect different types of unknown attacks, the use of intelligent techniques is essential. In this paper, we analyse some machine learning techniques proposed in recent years. In this study, several classifications were made to detect anomalous behaviour in network traffic. The models were built and evaluated based on the Canadian Institute for Cybersecurity-intrusion detection systems dataset released in 2017 (CIC-IDS-2017), which includes both current and historical attacks. The experiments were conducted using decision tree, random forest, logistic regression, gaussian naïve bayes, adaptive boosting, and their ensemble approach. The models were evaluated using various evaluation metrics such as accuracy, precision, recall, F1-score, false positive rate, receiver operating characteristic curve, and calibration curve.</p>

show abstract