Knowledge Discovery in Cyber Attacks Data

2018 26th Telecommunications Forum (TELFOR) Pub Date : 2018-11-01 DOI:10.1109/TELFOR.2018.8612072

S. Kalajdziski, K. Trivodaliev, Biljana Risteska Stojkoske, I. Ivanoska, Blagorodna Ilievska

{"title":"Knowledge Discovery in Cyber Attacks Data","authors":"S. Kalajdziski, K. Trivodaliev, Biljana Risteska Stojkoske, I. Ivanoska, Blagorodna Ilievska","doi":"10.1109/TELFOR.2018.8612072","DOIUrl":null,"url":null,"abstract":"One of the major challenges in managing security in broadband and high-speed networks is the detection of suspicious anomalies in network traffic. In recent years a lot of effort is focused on developing automatic detection of cyber-attacks using data mining techniques on the data generated from network traffic. In this paper a methodology for automatic detection of cyber-attacks is proposed. To improve the performance, the network traffic data is first preprocessed by filtering and combining features from the original data. The new augmented and refined data is then used to build a classification model that can discriminate between normal network traffic and cyber-attacks. Experimental scenarios are set up to evaluate the effect of preprocessing on the final performance, and additionally to provide insight on possible recommendations in terms of a most suitable classification algorithm. The obtained results indicate performance improvement with data preprocessing. All used classification algorithms provide very high AUC of over 0.95 which attests that the proposed methodology is highly promising for the development and improvement of current and future cyber-attacks detection systems.","PeriodicalId":229131,"journal":{"name":"2018 26th Telecommunications Forum (TELFOR)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 26th Telecommunications Forum (TELFOR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TELFOR.2018.8612072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

One of the major challenges in managing security in broadband and high-speed networks is the detection of suspicious anomalies in network traffic. In recent years a lot of effort is focused on developing automatic detection of cyber-attacks using data mining techniques on the data generated from network traffic. In this paper a methodology for automatic detection of cyber-attacks is proposed. To improve the performance, the network traffic data is first preprocessed by filtering and combining features from the original data. The new augmented and refined data is then used to build a classification model that can discriminate between normal network traffic and cyber-attacks. Experimental scenarios are set up to evaluate the effect of preprocessing on the final performance, and additionally to provide insight on possible recommendations in terms of a most suitable classification algorithm. The obtained results indicate performance improvement with data preprocessing. All used classification algorithms provide very high AUC of over 0.95 which attests that the proposed methodology is highly promising for the development and improvement of current and future cyber-attacks detection systems.

查看原文本刊更多论文

网络攻击数据中的知识发现

在宽带和高速网络中管理安全的主要挑战之一是检测网络流量中的可疑异常。近年来，人们致力于利用数据挖掘技术对网络流量产生的数据进行自动检测。本文提出了一种自动检测网络攻击的方法。为了提高性能，首先对网络流量数据进行预处理，对原始数据进行特征过滤和组合。然后使用新的增强和改进的数据来建立一个分类模型，该模型可以区分正常的网络流量和网络攻击。我们设置了实验场景来评估预处理对最终性能的影响，并根据最合适的分类算法提供可能的建议。得到的结果表明，数据预处理提高了性能。所有使用的分类算法都提供了超过0.95的非常高的AUC，这证明了所提出的方法对于当前和未来网络攻击检测系统的开发和改进是非常有前途的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 26th Telecommunications Forum (TELFOR)

自引率

0.00%

发文量