Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 31108
Performance Analysis of Traffic Classification with Machine Learning

Authors: Htay Htay Yi, Zin May Aye

Abstract:

Network security is role of the ICT environment because malicious users are continually growing that realm of education, business, and then related with ICT. The network security contravention is typically described and examined centrally based on a security event management system. The firewalls, Intrusion Detection System (IDS), and Intrusion Prevention System are becoming essential to monitor or prevent of potential violations, incidents attack, and imminent threats. In this system, the firewall rules are set only for where the system policies are needed. Dataset deployed in this system are derived from the testbed environment. The traffic as in DoS and PortScan traffics are applied in the testbed with firewall and IDS implementation. The network traffics are classified as normal or attacks in the existing testbed environment based on six machine learning classification methods applied in the system. It is required to be tested to get datasets and applied for DoS and PortScan. The dataset is based on CICIDS2017 and some features have been added. This system tested 26 features from the applied dataset. The system is to reduce false positive rates and to improve accuracy in the implemented testbed design. The system also proves good performance by selecting important features and comparing existing a dataset by machine learning classifiers.

Keywords: Performance, Machine Learning Methods, Intrusion Detection System, false negative rate

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 139

References:


[1] A. Alhomoud, R. Munir, J. P. Disso, I. Awan, “Performance Evaluation Study of Intrusion Detection Systems”, Procedia Computer Science 5, published by Elsevier Ltd, pp. 173-180, 2011.
[2] H. H. Yi, Z. M. Aye, “Awareness of Policy Anomalies with Ruled-Based Firewall”, ProMAC 2019, pp. 678-686.
[3] S. Jungsuk, T, Hiroki, and O. Yasuo, “Statistical nalysis of Honeypot Data and Building of Kyoto 2006+ Dataset for NIDS Evaluation”, 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2011), April, 2011.
[4] le Cessie, S. and van Houwelingen, J.C. (1992). “Journal of the Royal Statistical Society. Series C (Applied Statistics)”, Ridge Estimators in Logistic Regression. Applied Statistics, Vol. 41, pp. 191-201, 1992.
[5] S. Mukkamala, G. Janoski, A. Sung “Network Intrusion Detection with Feature Selection Techniques using Machine-Learning Algorithms”, International Journal of Computer Applications, Vol.150, no.12, 2016.
[6] H. H. Yi, Z. M. Aye, “Security Awareness of Network Infrastructure: Real-time Intrusion Detection and Prevention System with Storage Log Server”, The 16th International Conference on Computer Application, 2018, pp. 678-686.
[7] P. Tao, Z. Sun, and et. al, “An improved intrusion detection algorithm based on GA and SVM”, IEEE, 2018.
[8] H. Liao, C.R. Lin, and Y. Lin, K. Tung, “Intrusion detection system: A comprehensive review”, Journal of Network and Computer Applications 36, pp 16-24, 2013.
[9] M. Bijone,“A Survey on Secure Network Intrusion Detection & Prevention Approaches”, American Journal of Information System, vol. 4, No.3, pp. 69-88, 2016.
[10] M. Urvashi, and A. Jain, “A survey of IDS classification using KDD CUP 99 dataset in WEKA”, International Journal of Scientific & Engineering Research, Vol.6, Issue 11, Nov, 2015.
[11] http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999.
[12] Kurniabudi, D. Stiawan, and et al. “CICIDS-2017 Dataset Feature Analysis with Information Gain for Anomaly Detection”, IEEE, July, 2019.
[13] P. S. Pervez and D. M. Farid, “Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs”, The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014), Dec, 2014.
[14] A. Thakkar and R. Lohiya. “A Review of the Advancement in Intrusion detection Datasets”, Procedia Computer Science, Vol-167, pp. 636-645, 2020.
[15] Y. Li a, J. Xia, et. al “An efficient intrusion detection system based on support vector machines and gradually feature removal method”, Expert System with Applications, pp. 424-430, 2012.
[16] https://www.dbs.ifi.lmu.de/ zimek/diplomathesis/implementations/ EHNDs/doc/weka/classifiers/functions/Logistic.html, Extract from Dec-6, 2020.
[17] D. Protic, “Review of KDD Cup ’99, NSL-KDD and Kyoto 2006+ datasets”, Vojnotehnicki Glasnik/ Military technical Courier, Vol. 66, pp. 560-596, 2018.
[18] N. Akhyari, and S. Fahmy, “Design of a Network Security Tool Using Open-Source Applications”, Australian Journal of Basic and Applied Sciences, pp. 40-46, 2014.
[19] M. Sumner, E. Frank, and M. Hall, “Speeding Up Logistic Model Tree Induction”, European Conference on Principles of Data Mining Knowledge Discovery (KDPP), pp. 675-683, 2005.
[20] S. Hwang, K. Cho, and et.al “Traffic Classification Approach Based on Support Vector Machine and Statistic Signature”, Springer, pp. 332-339, 2013.
[21] S. Aljawarneh, M. B. Yassein, and M. Aljundi, “An enhanced J48 classification algorithm for the anomaly intrusion detection systems”, Cluster Comput., pp. 117, 2017.
[22] R. Chitrakar and H. Chuanhe, “Anomaly detection using Support Vector Machine classification with k-Medoids clustering”, 2012 Third Asian Himalayas International Conference, pp. 1-5, 2012.
[23] S. Mulay, and P. R. Davale, “Intrusion Detection System Using Support Vector Machine and Decision Tree”, International Journal of Computer Applications, vol 3, no.3, 2010.