Wk-fnn design for detection of anomalies in the computer network traffic

Protic, Danijela; Stanković, Miomir; Antic, Vladimir

doi:10.2298/fuee2202269p

Cited by 3 publications

(6 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The accuracy of k-NN models was evaluated using the ADFA-WF and CAIDA datasets as benchmarks, and the results were presented in [104]. According to the authors of [105], the accuracy of the FNN and wk-NN models is over 99.0% and 99.1%, respectively. The authors of [85] used SVM, DT, k-NN, and linear discriminant analysis (LDA) to perform classification based on the novel X-IIoTID dataset.…”

Section: Binary Classificationmentioning

confidence: 99%

See 1 more Smart Citation

Numerical Feature Selection and Hyperbolic Tangent Feature Scaling in Machine Learning-Based Detection of Anomalies in the Computer Network Behavior

Protić,

Stanković,

Prodanović

et al. 2023

Electronics

View full text Add to dashboard Cite

Anomaly-based intrusion detection systems identify the computer network behavior which deviates from the statistical model of typical network behavior. Binary classifiers based on supervised machine learning are very accurate at classifying network data into two categories: normal traffic and anomalous activity. Most problems with supervised learning are related to the large amount of data required to train the classifiers. Feature selection can be used to reduce datasets. The goal of feature selection is to select a subset of relevant input features to optimize the evaluation and improve performance of a given classifier. Feature scaling normalizes all features to the same range, preventing the large size of features from affecting classification models or other features. The most commonly used supervised machine learning models, including decision trees, support vector machine, k-nearest neighbors, weighted k-nearest neighbors and feedforward neural network, can all be improved by using feature selection and feature scaling. This paper introduces a new feature scaling technique based on a hyperbolic tangent function and damping strategy of the Levenberg–Marquardt algorithm.

show abstract

Section: Binary Classificationmentioning

confidence: 99%

“…The change between the GD and GN algorithms is called the damping strategy [111]. The LM approximation and the damping strategy are described more detailed in our previous work [105,112]. The damping strategy is used here to speed up processing and prevent problems due to a very large or very small gradients.…”

Section: Proposed Workmentioning

confidence: 99%

Numerical Feature Selection and Hyperbolic Tangent Feature Scaling in Machine Learning-Based Detection of Anomalies in the Computer Network Behavior

Protić,

Stanković,

Prodanović

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…In the previous work, the authors have shown positive properties of the hyperbolic-tangent scaling, and the goal of improvements based on the Levenberg-Marquardt algorithm. The authors have also shown the benefits of the XOR operation to the detection of conflicting decisions [13][14][15]. The main idea of this research is that with the XOR detection of contradictory decisions on anomalies, it is possible to increase the detection level of malware and bugs in computer networks, improved by the use of accumulator register that deals with triggered outputs of the classifiers.…”

Section: Introductionmentioning

confidence: 99%

XOR-Based Detector of Different Decisions on Anomalies in the Computer Network Traffic

PROTIC,

STANKOVIC

2023

ROMJIST

Self Cite

View full text Add to dashboard Cite

Anomaly-based intrusion detection systems are designed to scan computer network traffic for abnormal behavior. Binary classifiers based on supervised machine learning have proven to be highly accurate tools for classifying instances as normal or abnormal. Main disadvantages of supervised machine learning are the long processing time and large amount of training data required to ensure accurate results. Two preprocessing steps to reduce data sets are feature selection and feature scaling. In this article, we present a new hyperbolic tangent feature scaling approach based on the linearization of the tangent hyperbolic function and the damping strategy of the Levenberg-Marquardt algorithm. Experiments performed on the Kyoto 2006+ dataset used four high-precision binary classifiers: weighted k-nearest neighbors, decision tree, feedforward neural networks, and support vector machine. It is shown that hyperbolic tangent scaling reduces processing time by more than twofold. An XOR-based detector is proposed to determine conflicting decisions about anomalies. The decisions of the FNN and wk-NN models are compared. It is shown that decisions sometimes turn out differently. The percentage of the opposite decisions has been shown to vary and is not affected by dataset size.

show abstract

“…A k-NN is the most well-known distance-based algorithm that assigns a new instance to a class to which most of its k nearest neighbors belong [12,13]. A k-NN model with k = 10 and a similarity measure is based on Euclidean distance because of its robustness to noisy data, flexibility, and easy implementation [14]. The wk-NN model is used because it extends the k-NN model to improve the accuracy by heavily weighting neighbors in the decision who are closer to the new instance than neighbors who are more distant [15].…”

Section: Introductionmentioning

confidence: 99%

“…Due to its high prediction speed and low memory costs, medium DT (Iterative Dichotomiser 3 algorithm) with 20 splits is used [16]. A feedforward neural network (FNN) with one hidden layer (nine input, nine hidden, and one output neuron) is used due to its fast processing speed and generalization ability [14,15]. It is one of the simplest and quickest models that rely on backpropagation to produce results based on the predicted probabilities and classification thresholds.…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity in Smart Cities: Detection of Opposing Decisions on Anomalies in the Computer Network Behavior

et al. 2022

Self Cite

View full text Add to dashboard Cite

The increased use of urban technologies in smart cities brings new challenges and issues. Cyber security has become increasingly important as many critical components of information and communication systems depend on it, including various applications and civic infrastructures that use data-driven technologies and computer networks. Intrusion detection systems monitor computer networks for malicious activity. Signature-based intrusion detection systems compare the network traffic pattern to a set of known attack signatures and cannot identify unknown attacks. Anomaly-based intrusion detection systems monitor network traffic to detect changes in network behavior and identify unknown attacks. The biggest obstacle to anomaly detection is building a statistical normality model, which is difficult because a large amount of data is required to estimate the model. Supervised machine learning-based binary classifiers are excellent tools for classifying data as normal or abnormal. Feature selection and feature scaling are performed to eliminate redundant and irrelevant data. Of the 24 features of the Kyoto 2006+ dataset, nine numerical features are considered essential for model training. Min-Max normalization in the range [0,1] and [−1,1], Z-score standardization, and new hyperbolic tangent normalization are used for scaling. A hyperbolic tangent normalization is based on the Levenberg-Marquardt damping strategy and linearization of the hyperbolic tangent function with a narrow slope gradient around zero. Due to proven classification ability, in this study we used a feedforward neural network, decision tree, support vector machine, k-nearest neighbor, and weighted k-nearest neighbor models Overall accuracy decreased by less than 0.1 per cent, while processing time was reduced by more than a two-fold reduction. The results show a clear benefit of the TH scaling regarding processing time. Regardless of how accurate the classifiers are, their decisions can sometimes differ. Our study describes a conflicting decision detector based on an XOR operation performed on the outputs of two classifiers, the fastest feedforward neural network, and the more accurate but slower weighted k-nearest neighbor model. The results show that up to 6% of different decisions are detected.

show abstract

Wk-fnn design for detection of anomalies in the computer network traffic

Cited by 3 publications

References 42 publications

Numerical Feature Selection and Hyperbolic Tangent Feature Scaling in Machine Learning-Based Detection of Anomalies in the Computer Network Behavior

Numerical Feature Selection and Hyperbolic Tangent Feature Scaling in Machine Learning-Based Detection of Anomalies in the Computer Network Behavior

XOR-Based Detector of Different Decisions on Anomalies in the Computer Network Traffic

Cybersecurity in Smart Cities: Detection of Opposing Decisions on Anomalies in the Computer Network Behavior

Contact Info

Product

Resources

About