Applying ML Algorithms to improve traffic classification in Intrusion Detection Systems

2020 IEEE 19th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC) Pub Date : 2020-09-26 DOI:10.1109/ICCICC50026.2020.9450218

Laxmi Narsimha Reddy, S. Butakov, P. Zavarsky

{"title":"Applying ML Algorithms to improve traffic classification in Intrusion Detection Systems","authors":"Laxmi Narsimha Reddy, S. Butakov, P. Zavarsky","doi":"10.1109/ICCICC50026.2020.9450218","DOIUrl":null,"url":null,"abstract":"Traditional intrusion detection systems may have higher false-positive and false-negative rates against new malicious traffic vectors. Also, in the case of anomaly-based IDS can be bypassed by generating network traffic intelligently. The capability of machine learning algorithms in capturing complex behaviors and patterns made them increasingly popular in solving classification/detection problems. The major objective of this paper is to suggest an efficient IDS model by studying various supervised machine learning algorithms on the classification problem. For this purpose, the known NSLKDD dataset was used as a source of diverse feature columns for the model The transformed data is modeled to classify network traffic into normal or attack using machine learning algorithms SVM, KNN, neural network and ensemble learning in which KNN and SVM achieved 98 and 97% accuracy. These models can be used to differentiate anomalous traffic in intrusion systems and maybe useful as a replacement for traditional rule-based detection systems. Click here for dataset and code of IDS models.","PeriodicalId":212248,"journal":{"name":"2020 IEEE 19th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC)","volume":"166 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 19th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCICC50026.2020.9450218","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Traditional intrusion detection systems may have higher false-positive and false-negative rates against new malicious traffic vectors. Also, in the case of anomaly-based IDS can be bypassed by generating network traffic intelligently. The capability of machine learning algorithms in capturing complex behaviors and patterns made them increasingly popular in solving classification/detection problems. The major objective of this paper is to suggest an efficient IDS model by studying various supervised machine learning algorithms on the classification problem. For this purpose, the known NSLKDD dataset was used as a source of diverse feature columns for the model The transformed data is modeled to classify network traffic into normal or attack using machine learning algorithms SVM, KNN, neural network and ensemble learning in which KNN and SVM achieved 98 and 97% accuracy. These models can be used to differentiate anomalous traffic in intrusion systems and maybe useful as a replacement for traditional rule-based detection systems. Click here for dataset and code of IDS models.

查看原文本刊更多论文

应用ML算法改进入侵检测系统中的流量分类

传统的入侵检测系统在面对新的恶意流量矢量时可能存在较高的误报率和误报率。此外，在基于异常的IDS的情况下，可以通过智能地生成网络流量来绕过。机器学习算法在捕获复杂行为和模式方面的能力使它们在解决分类/检测问题方面越来越受欢迎。本文的主要目的是通过研究分类问题上的各种监督机器学习算法，提出一种有效的IDS模型。为此，使用已知的NSLKDD数据集作为模型的各种特征列的来源，对转换后的数据进行建模，使用机器学习算法SVM、KNN、神经网络和集成学习将网络流量分类为正常或攻击，其中KNN和SVM的准确率分别达到98%和97%。这些模型可用于区分入侵系统中的异常流量，并可能替代传统的基于规则的检测系统。点击这里查看IDS模型的数据集和代码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 19th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC)

自引率

0.00%

发文量