Network intrusion detection using machine learning anomaly detection algorithms

Karslıgil, M. Elif; Yavuz, A. Gökhan; Güvensan, M. Amaç; Hanifi, Khadija; Bank, Hasan

doi:10.1109/siu.2017.7960616

Cited by 21 publications

(11 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We used a hybrid feature selection process to identify the important features for each family of attacks. Overall, the most important features were: dur (7), which occurred in all the attack families except Worms; service (14), which occurred in all the attack families except DoS and Exploits; sttl and dttl (10 and 11 respectively) that occurred in six of the nine attack families; and ct_srv_src (41) which occurred in five of the attack families. Using the subset of features identified through the hybrid feature selection process, we achieved a higher classification rate as well as lower FAR rate for most families of attacks using the NB classifier.…”

Section: Resultsmentioning

confidence: 99%

“…BackDoor is identifiable by one flow feature, protocol type (5), three basic features (6,7,14), one content feature (25), three time features, tcprtt, synack, and ackdat (33, 34 and respectively) and two additionally generate features, ct_state_ttl and is_ftp_login (37 and 39 respectively).…”

Section: Analysis Of the Selected Featuresmentioning

confidence: 99%

“…The most important features were: dur (7), which occurred in all the attack families except Worms; service (14), which occurred in all the attack families except DoS and Exploits; sttl and dttl (10 and 11 respectively) that occurred in six of the nine attack families; and ct_srv_src (41) which occurred in five of the attack families.…”

Section: Analysis Of the Selected Featuresmentioning

confidence: 99%

“…Chowdhury et al employed a combination of two machine learning algorithms, simulated annealing and support vector machines, to improve the detection accuracy and false alarm rates (FARs) on a dataset from the Cyber Range Lab of the Australian Center for Cyber Security (ACCS). Karslig et al worked on the NSL‐KDD dataset. They implemented an anomaly based detection system using the k‐ means algorithm to distinguish between normal and abnormal samples and a threshold value was calculated.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Bagui

Kalaimannan

Nandi

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

This paper uses a hybrid feature selection process and classification techniques to classify cyber‐attacks in the UNSW‐NB15 dataset. A combination of k‐means clustering, and a correlation‐based feature selection, were used to come up with an optimum subset of features and then two classification techniques, one probabilistic, Naïve Bayes (NB), and a second, based on decision trees (J48), were employed. Our results show that this hybrid feature selection method in combination with the NB model was able to improve the classification accuracy of most attacks, especially the rare attacks. The false alarm rates were lower for most of the attacks, and particularly the rare attacks, with this combination of feature selection and the NB model. The J48 decision tree model, however, did not perform any better with the feature selection, but its classification rate for all attack families was already very high, with or without feature selection.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Analysis Of the Selected Featuresmentioning

confidence: 99%

Section: Analysis Of the Selected Featuresmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Bagui

Kalaimannan

Nandi

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Karslıgel vd. tarafından önerilen anormallik tespit sistemi NSL-KDD veri kümesi üzerinde, yarı-eğitmenli k-ortalama kümeleme algoritması kullanılarak geliştirilmiş ve %80.119 doğruluk oranı sunmuştur [3]. Ağ saldırı tespiti için derin öğrenme yaklaşımının KDD Cup '99 ve NSL-KDD veri kümeleri üzerinde uygulandığı Shone vd.…”

Section: Introductionunclassified

Detection of Abnormal Network Traffic by Machine Learning Methods

Özekes

Karakoç

2019

Düzce Üniversitesi Bilim Ve Teknoloji Dergisi

View full text Add to dashboard Cite

Bilgisayar ağlarının ve geliştirilen uygulamaların büyümesi ile saldırıların oluşturacağı hasarın belirgin olarak artması beklenmektedir. Saldırı Tespit Sistemleri (STS) sürekli büyüyen ağ saldırıları karşısında önemli savunma araçlarındandır. Saldırı Tespit Sistemlerinin makine öğrenmesi algoritmaları ile eğitilmesi ve eğitim sonrası gerçek zamanlı olarak saldırıları oluştuğu anda tespit ederek, gerekli tedbirlerin alınmasını sağlaması amaçlanmaktadır. Bu çalışmada da karar ağacı ve rastgele orman yöntemleri kullanılarak bilgisayar ağlarında akan normal ve anormal paketlerin sınıflandırılması amaçlanmaktadır. Sınıflandırma yöntemleri, karar vermek için ağ trafiğinin kaydedildiği PCAP dosyasından CICFlowMeter kullanılarak çıkarılan 78 adet değişkeni kullanmaktadır. Sonuçlar incelendiğinde, önerilen yöntemin bir milyonun üzerindeki kaydı %100'e yakın bir başarıyla sınıflandırdığı ve anormal trafiğin tespitinde etkin olduğu görülmektedir.

show abstract

A Review on Network Intrusion Detection System Using Machine Learning

Devi

Badugu

2019

Learning and Analytics in Intelligent Systems

View full text Add to dashboard Cite

Network intrusion detection using machine learning anomaly detection algorithms

Cited by 21 publications

References 7 publications

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Detection of Abnormal Network Traffic by Machine Learning Methods

A Review on Network Intrusion Detection System Using Machine Learning

Contact Info

Product

Resources

About