Detection of Abnormal Network Traffic by Machine Learning Methods

Özekes, Serhat; Karakoç, Elif Nur

doi:10.29130/dubited.498358

Cited by 5 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The highest performance of 98% was achieved using the CNN+Random Forest method. On the CIC IDS2017 dataset, Özekes and Karakoç¸ [10] utilized the Decision Tree and Random Forest methods, obtaining a performance of 99.95% for the Decision Tree method and 99.966% for the Random Forest method. Tokyürek [11], in a study he conducted, employed the Apriori and FP-Growth algorithms on market data using the Weka program.…”

Section: Related Workmentioning

confidence: 99%

Machine Learning based Network Intrusion Detection with Hybrid Frequent Item Set Mining

Firat,

Bakal,

Akbaş

2024

Politeknik Dergisi

View full text Add to dashboard Cite

With the development and expansion of computer networks day by day and the diversity of software developed, the damage that possible attacks can cause is increasing beyond the predictions. Intrusion Detection Systems (STS/IDS) are one of the effective defense tools against these potential attacks that are constantly increasing and diversifying. The ultimate goal is to train these systems with various artificial intelligence methods, to detect subsequent attacks in real time and to take the necessary precautions. In this study, classical feature selection methods and Frequent Item Set Mining were used in feature selection in a hybrid model, and it was aimed to classify network traffic data for normal and attack by using many machine learning methods, including Logistic Regression, with the final features obtained. The method uses a data set originally containing 85 features to make a decision while making this classification. These attributes are extracted using CICFlowMeter from a PCAP file where network traffic is recorded. The results show that the proposed method in the study classifies more than 225000 records in the data set with a success rate of 97.68%.

show abstract

Section: Related Workmentioning

confidence: 99%

Machine Learning based Network Intrusion Detection with Hybrid Frequent Item Set Mining

Firat,

Bakal,

Akbaş

2024

Politeknik Dergisi

View full text Add to dashboard Cite

show abstract

“…Veri kümesinde analiz edilen ve sınıflandırılan saldırı modelleri hizmet engelleme (Dos), dağıtılmış hizmet reddi (DDoS) ve Port Tarama (PortScan ) saldırılardır. Saldırıları sınıflandırmada rasgele orman yönteminin diğer yönteme göre daha başarılı olduğu tespit edilmiştir [42].…”

Section: Türki̇ye' De Si̇ber Suçlar Ve çöZüm Yöntemleri̇ üZeri̇ne Li̇teratür Taramasiunclassified

Cyber Attacks and Detection Method in Turkey: A Literature Review

Hatipoğlu

Tunacan

2021

Bilecik Şeyh Edebali Üniversitesi Fen Bilimleri Dergisi

View full text Add to dashboard Cite

Siber suç, bir bilgisayar ve internet ağı içeren herhangi bir suçu ifade eden bilgisayar suçu olarak da bilinir. Bireyler, şirketler veya hükümetler hakkındaki bilgilere yapılan bir saldırıdır. Birey siber suçun ana hedefi olduğunda bilgisayar, siber suçta bir araç olarak düşünülebilir. Ayrıca siber suç, internet erişimiyle işlenen geleneksel suçları da içerir. Örneğin, telefonla pazarlama İnternet dolandırıcılığı, kimlik hırsızlığı ve kredi kartı hesap hırsızlığı. Basit bir ifadeyle siber suç, internet erişimi olan bilgisayar veya diğer cihazlar kullanılarak gerçekleştirilen her türlü şiddet eylemi olarak tanımlanabilir. Bu eylem başkalarına zararlı etkiler verebilir.Bu çalışmanın amacı, Türkiye' de siber suç konusunda durum tespiti ve siber saldırı türlerine karşılık üretilen çözüm yöntemlerini araştırmaktır. Ancak siber zorbalık ve siber suçlar ile ilgili kanun, yasa vs. konularında yapılmış olan çalışmalar ile 2016 öncesi yapılmış olan literatür çalışmaları kapsam dışında bırakılmıştır. Bu çalışmada metodoloji olarak; literatür taraması yöntemi seçilmiştir. Siber saldırı tiplerine baktığımızda en çok incelenen ve çalışmalara konu olan saldırı tiplerinin DoS ve DDoS saldırılar olduğu ve tespit yöntemlerinde ise Random Forest karar ağacı yönteminin kullanıldığı gözlemlenmektedir

show abstract

“…When the results are analyzed, it is determined that the ID3 algorithm produces the best results, with an f1-score value of 0.98. In another work, Özekes and Karakoç [6] employed decision tree and random forest algorithms. When the study was simply examined in terms of the categorization of normal and abnormal network traffic, the accuracy scores for the decision tree and random forest techniques were 0.99957 and 0.99966, respectively.…”

Section: Introductionmentioning

confidence: 99%

A Comparative Evaluation of the Boosting Algorithms for Network Attack Classification

ÇOŞKUN¹,

Çetin²

2022

International Journal of 3D Printing Technologies and Digital Industry

View full text Add to dashboard Cite

The security of information resources is an extremely critical problem. The network infrastructure that enables internet access, in particular, may be targeted by attackers from a variety of national and international locations, resulting in losses for institutions that utilize it. Anomaly detection systems, sometimes called Intrusion Detection Systems (IDSs), are designed to identify abnormalities in such networks. The success of IDSs, however, is limited by the algorithms and learning capacity used in the background. Because of the complex behavior of malicious entities, it is critical to adopt effective techniques that assure high performance while being time efficient. The success rate of the boosting algorithms in identifying malicious network traffic was studied in this study. The boosting approach, one of the most used Ensemble Learning techniques, is accepted as a way to cope with this challenge. In this work, Google Colab has been used to model well-known boosting algorithms. The AdaBoost, CatBoost, GradientBoost, LightGBM, and XGBoost models have been applied to the CICID2017 dataset. The performance of the classifiers has been evaluated with accuracy, precision, recall, f1-score, kappa value, ROC curve and AUC. As a result of the investigation, it was discovered that the XGBoost algorithm produced the greatest results in terms of f1-score, with 99.89 percent, and the AUC values were extremely near to 1, with 0.9989. LightGBM and GradientBoost models, on the other hand, have been shown to be less effective in detecting attack types with little data.

show abstract

Detection of Abnormal Network Traffic by Machine Learning Methods

Cited by 5 publications

References 9 publications

Machine Learning based Network Intrusion Detection with Hybrid Frequent Item Set Mining

Machine Learning based Network Intrusion Detection with Hybrid Frequent Item Set Mining

Cyber Attacks and Detection Method in Turkey: A Literature Review

A Comparative Evaluation of the Boosting Algorithms for Network Attack Classification

Contact Info

Product

Resources

About