An evaluation of data mining classification models for network intrusion detection

So-In, Chakchai; Mongkonchai, Nutakarn; Aimtongkham, Phet; Wijitsopon, Kasidit; Rujirakul, Kanokmon

doi:10.1109/dictap.2014.6821663

Cited by 20 publications

(17 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sweep, portsweep (So-In et al, 2014) the Iranian atomic program (Nourian & Madnick, 2018). Attacks that could target ICSs could be state-sponsored or they might be launched by the competitors, internals attackers with a malicious target, or even hacktivists.…”

Section: Probementioning

confidence: 99%

Survey of intrusion detection systems: techniques, datasets and challenges

et al. 2019

View full text Add to dashboard Cite

Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.

show abstract

Section: Probementioning

confidence: 99%

Survey of intrusion detection systems: techniques, datasets and challenges

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The J48 decision tree algorithm is based on Quinlan's C4.5 algorithm and makes decisions based on a tree-like graph structure [31]. Decision Trees is said to perform better on well-defined problems and has been previously successful in classifying botnet traffic with low false positives [32], [28]. Random Forest [33] which is classed as belonging to decision tree approaches, is also used.…”

Section: B Experiments and Resultsmentioning

confidence: 99%

“…The value of plus/minus 2 seconds is used to determine if a cell is close to the next as it is a fair interval to account for separate activities while making room for network lags especially in the case of chat protocols that could have constant cells. For example, [10,11,12,13,20,21,22,23,30,31,32,33] become [11.5, 21.5, 31.5]; the cells with timestamps 10, 11, 12 and 13 were clustered as a unique cell with timestamp 11.5 and a unique cell count of 4. Cell aggregation is done to group events together and ease the extraction of features.…”

Section: Cell Aggregation Grouping and Time Segregationmentioning

confidence: 99%

TorBot Stalker: Detecting Tor Botnets Through Intelligent Circuit Data Analysis

Fajana

Owenson

Cocea

2018

2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)

View full text Add to dashboard Cite

Botnets are collections of infected computers that are controlled centrally by a botmaster, often for sending spam or launching denial of service attacks. The task to take down these botnets is often a cat and mouse game with operators frequently changing domains for their control infrastructure. More recently, operators have moved to using Tor, a pseudoanonymous network for hosting services whereby identification is difficult. Additionally, because connections to the Tor network are encrypted, we cannot use traditional methods like Domain Name System (DNS) and traffic signatures to detect infected hosts. In this paper, we introduce TorBot Stalker: the first mechanism for detecting, de-anonymizing, and destroying Tor botnets. We use machine learning to analyse and fingerprint the timings and frequency of Tor network circuit data when routing botnet traffic, and build a detection mechanism that is able to identify infected hosts at the Tor network border, in real-time, while preserving the privacy of legitimate users. TorBot Stalker can be implemented at any node in the Tor network and can differentiate between botnets and legitimate applications like Internet Relay Chat (IRC) coming from the same host. Experimental data demonstrates an accuracy of 99% with few false positives. We then apply the technique at the entry to the Tor network to measure the fraction of traffic which is for botnet. We observed that Torbot Stalker is able to de-anonymize real botnets in the Tor network and further identify infected hosts and control servers.

show abstract

“…KNN is used to carry out the classification considering k-sub-datasets, each of them having alike characteristics putting in Euclidean Distance to figure out the group. IBK is one of most straightforward k-Nearest-Neighbor classifiers [11]. These paper results show that when it comes to the detection accuracy, testing time, and falsepositive rate the knn is the most performing classifier among all others [10].…”

Section: Related Workmentioning

confidence: 99%

IoT-Botnet Detection using Long Short-Term Memory Recurrent Neural Network

Costa¹,

Dessai²,

Gaonkar³

et al. 2020

IJERT

View full text Add to dashboard Cite

IoT (Internet of Things) provides unique identifiers and the facility to convey data across a network without requiring human-to-computer or human-to-human interaction. It is one of the most fast-evolving technologies nowadays. The positive influence of the IoT toward governments, citizens, and businesses is being significant. IoT comes with significant security concerns that need to be addressed. One of the serious security threats in network security is IoT-Bot. In past years many techniques are being practiced to detect IoT-Bot in a network. This paper explains the detection of IoT-botnet using a deep learning-based LSTM RNN (Long Short-Term Memory Recurrent Neural Network) model. The accuracy of this model is then compared with the SVM (Support Vector Machine), LR (Linear Regression), and KNN (K-Nearest Neighbors) model. UNSW-NB15 dataset is used for training and testing the model. The dataset contains 9 types of attack categories. The accuracy of this proposed model is very high. This can further be extended to work in real-time botnet detention. Wireshark can be used to collect real-time network traffic and detect IoT-Bot in a network.

show abstract

An evaluation of data mining classification models for network intrusion detection

Cited by 20 publications

References 12 publications

Survey of intrusion detection systems: techniques, datasets and challenges

Survey of intrusion detection systems: techniques, datasets and challenges

TorBot Stalker: Detecting Tor Botnets Through Intelligent Circuit Data Analysis

IoT-Botnet Detection using Long Short-Term Memory Recurrent Neural Network

Contact Info

Product

Resources

About