Performance Analysis of Traffic Classification with Machine Learning

Network security is role of the ICT environment
because malicious users are continually growing that realm of
education, business, and then related with ICT. The network security
contravention is typically described and examined centrally based
on a security event management system. The firewalls, Intrusion
Detection System (IDS), and Intrusion Prevention System are
becoming essential to monitor or prevent of potential violations,
incidents attack, and imminent threats. In this system, the firewall
rules are set only for where the system policies are needed. Dataset
deployed in this system are derived from the testbed environment. The
traffic as in DoS and PortScan traffics are applied in the testbed with
firewall and IDS implementation. The network traffics are classified
as normal or attacks in the existing testbed environment based on
six machine learning classification methods applied in the system.
It is required to be tested to get datasets and applied for DoS and
PortScan. The dataset is based on CICIDS2017 and some features
have been added. This system tested 26 features from the applied
dataset. The system is to reduce false positive rates and to improve
accuracy in the implemented testbed design. The system also proves
good performance by selecting important features and comparing
existing a dataset by machine learning classifiers.




References:
[1] A. Alhomoud, R. Munir, J. P. Disso, I. Awan, “Performance Evaluation
Study of Intrusion Detection Systems”, Procedia Computer Science 5,
published by Elsevier Ltd, pp. 173-180, 2011.
[2] H. H. Yi, Z. M. Aye, “Awareness of Policy Anomalies with Ruled-Based
Firewall”, ProMAC 2019, pp. 678-686.
[3] S. Jungsuk, T, Hiroki, and O. Yasuo, “Statistical nalysis of Honeypot
Data and Building of Kyoto 2006+ Dataset for NIDS Evaluation”, 1st
Workshop on Building Analysis Datasets and Gathering Experience
Returns for Security (BADGERS 2011), April, 2011.
[4] le Cessie, S. and van Houwelingen, J.C. (1992). “Journal of the Royal
Statistical Society. Series C (Applied Statistics)”, Ridge Estimators in
Logistic Regression. Applied Statistics, Vol. 41, pp. 191-201, 1992.
[5] S. Mukkamala, G. Janoski, A. Sung “Network Intrusion Detection with
Feature Selection Techniques using Machine-Learning Algorithms”,
International Journal of Computer Applications, Vol.150, no.12, 2016.
[6] H. H. Yi, Z. M. Aye, “Security Awareness of Network Infrastructure:
Real-time Intrusion Detection and Prevention System with Storage Log
Server”, The 16th International Conference on Computer Application,
2018, pp. 678-686.
[7] P. Tao, Z. Sun, and et. al, “An improved intrusion detection algorithm
based on GA and SVM”, IEEE, 2018.
[8] H. Liao, C.R. Lin, and Y. Lin, K. Tung, “Intrusion detection system: A
comprehensive review”, Journal of Network and Computer Applications
36, pp 16-24, 2013.
[9] M. Bijone,“A Survey on Secure Network Intrusion Detection &
Prevention Approaches”, American Journal of Information System, vol.
4, No.3, pp. 69-88, 2016.
[10] M. Urvashi, and A. Jain, “A survey of IDS classification using KDD
CUP 99 dataset in WEKA”, International Journal of Scientific &
Engineering Research, Vol.6, Issue 11, Nov, 2015.
[11] http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999.
[12] Kurniabudi, D. Stiawan, and et al. “CICIDS-2017 Dataset Feature
Analysis with Information Gain for Anomaly Detection”, IEEE, July,
2019. [13] P. S. Pervez and D. M. Farid, “Feature selection and intrusion
classification in NSL-KDD cup 99 dataset employing SVMs”, The
8th International Conference on Software, Knowledge, Information
Management and Applications (SKIMA 2014), Dec, 2014.
[14] A. Thakkar and R. Lohiya. “A Review of the Advancement in Intrusion
detection Datasets”, Procedia Computer Science, Vol-167, pp. 636-645,
2020.
[15] Y. Li a, J. Xia, et. al “An efficient intrusion detection system based on
support vector machines and gradually feature removal method”, Expert
System with Applications, pp. 424-430, 2012.
[16] https://www.dbs.ifi.lmu.de/ zimek/diplomathesis/implementations/
EHNDs/doc/weka/classifiers/functions/Logistic.html, Extract from
Dec-6, 2020.
[17] D. Protic, “Review of KDD Cup ’99, NSL-KDD and Kyoto 2006+
datasets”, Vojnotehnicki Glasnik/ Military technical Courier, Vol. 66,
pp. 560-596, 2018.
[18] N. Akhyari, and S. Fahmy, “Design of a Network Security Tool Using
Open-Source Applications”, Australian Journal of Basic and Applied
Sciences, pp. 40-46, 2014.
[19] M. Sumner, E. Frank, and M. Hall, “Speeding Up Logistic Model
Tree Induction”, European Conference on Principles of Data Mining
Knowledge Discovery (KDPP), pp. 675-683, 2005.
[20] S. Hwang, K. Cho, and et.al “Traffic Classification Approach Based on
Support Vector Machine and Statistic Signature”, Springer, pp. 332-339,
2013.
[21] S. Aljawarneh, M. B. Yassein, and M. Aljundi, “An enhanced J48
classification algorithm for the anomaly intrusion detection systems”,
Cluster Comput., pp. 117, 2017.
[22] R. Chitrakar and H. Chuanhe, “Anomaly detection using Support Vector
Machine classification with k-Medoids clustering”, 2012 Third Asian
Himalayas International Conference, pp. 1-5, 2012.
[23] S. Mulay, and P. R. Davale, “Intrusion Detection System Using Support
Vector Machine and Decision Tree”, International Journal of Computer
Applications, vol 3, no.3, 2010.