Comparative Evaluation of Machine Learning Algorithms for Network Intrusion Detection and Attack Classification

León, Miguel; Markovic, Tijana; Punnekkat, Sasikumar

doi:10.1109/ijcnn55064.2022.9892293

Cited by 14 publications

(3 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Accuracy is the most commonly used evaluation metric. In the majority of studies, accuracy is supported by other metrics such as recall, precision, and F1 score, but there are also studies [7], [58]- [60] where only accuracy is reported. However, in an area such as attack detection, which suffers from unbalanced data distribution, accuracy alone is not a reliable metric [61].…”

Section: Machine Learning and Evaluation Metricsmentioning

confidence: 99%

IoTDevID: A Behavior-Based Device Identification Method for the IoT

Kahraman

Just

Lones

2022

IEEE Internet Things J.

View full text Add to dashboard Cite

While the use of the Internet of Things is becoming more and more popular, many security vulnerabilities are emerging with the large number of devices being introduced to the market. In this environment, IoT device identification methods provide a preventive security measure as an important factor in identifying these devices and detecting the vulnerabilities they suffer from. In this study, we present a method that identifies devices in the Aalto dataset using the convolutional neural network (CNN).

show abstract

Section: Machine Learning and Evaluation Metricsmentioning

confidence: 99%

IoTDevID: A Behavior-Based Device Identification Method for the IoT

Kahraman

Just

Lones

2022

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…Since flows contain mainly information from packet headers and do not extract the payload, they are not affected by the payload encryption and are the ideal candidate for encrypted traffic monitoring. Many research works [3]- [5], [5]- [10] thus use it together with machine learning for encrypted traffic classification to increase visibility and identify encrypted malicious communication.…”

Section: Introductionmentioning

confidence: 99%

Network traffic classification based on periodic behavior detection

Koumar

Čejka

2022

2022 18th International Conference on Network and Service Management (CNSM)

View full text Add to dashboard Cite

Network traffic monitoring using IP flows is used to handle the current challenge of analyzing encrypted network communication. Nevertheless, the packet aggregation into flow records naturally causes information loss; therefore, this paper proposes a novel flow extension for traffic features based on the time series analysis of the Single Flow Time series, i.e., a time series created by the number of bytes in each packet and its timestamp. We propose 69 universal features based on the statistical analysis of data points, time domain analysis, packet distribution within the flow timespan, time series behavior, and frequency domain analysis. We have demonstrated the usability and universality of the proposed feature vector for various network traffic classification tasks using 15 well-known publicly available datasets. Our evaluation shows that the novel feature vector achieves classification performance similar or better than related works on both binary and multiclass classification tasks. In more than half of the evaluated tasks, the classification performance increased by up to 5 %.

show abstract

“…Many studies that compared the performances of different ML algorithms on different benchmark datasets concluded that the Random Forest (RF) algorithm has the highest accuracy [8][9][10][11][12]. RF requires a lot of data for training purposes, as any other ML algorithm, so one of the main obstacles is the security of the provided data.…”

mentioning

confidence: 99%

Random forest with differential privacy in federated learning framework for network attack detection and classification

Markovic,

Leon,

Buffoni

et al. 2024

Appl Intell

Self Cite

View full text Add to dashboard Cite

Communication networks are crucial components of the underlying digital infrastructure in any smart city setup. The increasing usage of computer networks brings additional cyber security concerns, and every organization has to implement preventive measures to protect valuable data and business processes. Due to the inherent distributed nature of the city infrastructures as well as the critical nature of its resources and data, any solution to the attack detection calls for distributed, efficient and privacy preserving solutions. In this paper, we extend the evaluation of our federated learning framework for network attacks detection and classification based on random forest. Previously the framework was evaluated only for attack detection using four well-known intrusion detection datasets (KDD, NSL-KDD, UNSW-NB15, and CIC-IDS-2017). In this paper, we extend the evaluation for attack classification. We also evaluate how adding differential privacy into random forest, as an additional protective mechanism, affects the framework performances. The results show that the framework outperforms the average performance of independent random forests on clients for both attack detection and classification. Adding differential privacy penalizes the performance of random forest, as expected, but the use of the proposed framework still brings benefits in comparison to the use of independent local models. The code used in this paper is publicly available, to enable transparency and facilitate reproducibility within the research community.

show abstract

Comparative Evaluation of Machine Learning Algorithms for Network Intrusion Detection and Attack Classification

Cited by 14 publications

References 26 publications

IoTDevID: A Behavior-Based Device Identification Method for the IoT

IoTDevID: A Behavior-Based Device Identification Method for the IoT

Network traffic classification based on periodic behavior detection

Random forest with differential privacy in federated learning framework for network attack detection and classification

Contact Info

Product

Resources

About