Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic

Meghdouri, Fares; Zseby, Tanja; Iglesias, Félix

doi:10.3390/app8112196

Cited by 23 publications

(18 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1.6 × 10 +1 9.1 × 10 −5 0.0 × 10 +0 0.0 × 10 +0 9.4 × 10 +2 1.6 × 10 −2 9.4 × 10 +2 1.6 × 10 −2 2.0 × 10 +0 2.9 × 10 −5 f 2-39 7.4 × 10 +1 4.2 × 10 −4 4.8 × 10 +1 6.4 × 10 −4 7.1 × 10 +1 1.2 × 10 −3 7.0 × 10 +1 1.2 × 10 −3 4.8 × 10 +1 7.0 × 10 −4 f 2- 40 3.3 × 10 +3 1.9 × 10 −2 7.7 × 10 +1 1.0 × 10 −3 1.3 × 10 +2 2.3 × 10 −3 1.2 × 10 +2 2.2 × 10 −3 7.2 × 10 +1 1.0 × 10 −3 f 2- 41 3.0 × 10 +3 1.7 × 10 −2 3.3 × 10 +2 4.5 × 10 −3 2.3 × 10 +3 3.9 × 10 −2 2.3 × 10 +3 3.9 × 10 −2 2.0 × 10 +3 3.0 × 10 −2 f 2-42 2.7 × 10 +3 1.5 × 10 −2 2.7 × 10 +3 3.7 × 10 −2 2.7 × 10 +3 4.7 × 10 −2 2.7 × 10 +3 4.7 × 10 −2 2.7 × 10 +3 4.0 × 10 −2 3.6 × 10 +4 4.0 × 10 −1 4.2 × 10 +4 4.4 × 10 −1 3.6 × 10 +4 5.5 × 10 −1 4.3 × 10 +4 7.6 × 10 −1 5.1 × 10 +4 9.1 × 10 −1 f 2-10…”

Section: Featurementioning

confidence: 99%

“…A correlation-based approach was implemented, to reduce the features from the datasets. Reference [40] examined the reliability of a few machine learning models, such as the RF and gradient-boosting machines in real-world IoT settings. In order to do the examination, data-poisoning attacks were simulated by using a stochastic function to modify the training data of the datasets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

et al. 2020

View full text Add to dashboard Cite

The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies.

show abstract

Section: Featurementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

et al. 2020

View full text Add to dashboard Cite

show abstract

“…For processing the data, we base our analysis on the CAIA [18] feature vector as formulated in [9], which includes the used protocol, flow duration, packet count and the total number of transmitted bytes, the minimum, maximum, mean and standard deviation of packet length and inter-arrival time and the number of packets with specific TCP flags set.…”

Section: Datasetsmentioning

confidence: 99%

“…In this paper, we train models to detect network attacks similar to the approach of a recent paper [9], which bases on the UNSW-NB15 dataset [10] and evaluates the performance of several feature vectors and ML techniques for accurate AD in the context of IDSs. We then add a backdoor to the models and show that attack detection can efficiently be bypassed if the attacker had the ability to modify training data.…”

Section: Introductionmentioning

confidence: 99%

Walling up Backdoors in Intrusion Detection Systems

Bachl

Härtl

Fabini

et al. 2019

Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Net

Self Cite

View full text Add to dashboard Cite

Interest in poisoning attacks and backdoors recently resurfaced for Deep Learning (DL) applications. Several successful defense mechanisms have been recently proposed for Convolutional Neural Networks (CNNs), for example in the context of autonomous driving. We show that visualization approaches can aid in identifying a backdoor independent of the used classifier. Surprisingly, we find that common defense mechanisms fail utterly to remove backdoors in DL for Intrusion Detection Systems (IDSs). Finally, we devise pruning-based approaches to remove backdoors for Decision Trees (DTs) and Random Forests (RFs) and demonstrate their effectiveness for two different network security datasets.

show abstract

“…Backdoor). Similarly, [25] experimented with Random forests after careful data-preprocessing using principal component analysis. Their results showcases a Precision and Recall of respectively 84.9% and 85.1%.…”

Section: Related Workmentioning

confidence: 99%

Network Based Intrusion Detection Using the UNSW-NB15 Dataset

al.¹

2019

IJCDS

View full text Add to dashboard Cite

In this work, we apply a two stage anomaly-based network intrusion detection process using the UNSW-NB15 dataset. We use Recursive Feature Elimination and Random Forests among other techniques to select the best dataset features for the purpose of machine learning; then we perform a binary classification in order to identify intrusive traffic from normal one, using a number of data mining techniques, including Logistic Regression, Gradient Boost Machine, and Support Vector Machine. Results of this first stage classification show that the use of Support Vector Machine reports the highest accuracy (82.11%). We then feed the output of Support Vector Machine to a range of multinomial classifiers in order to improve the accuracy of predicting the type of attacks. Specifically, we evaluate the performance of Decision Trees (C5.0), Naïve Bayes and multinomial Support Vector Machine. Applying C5.0 yielded the highest accuracy (74%) and F1 score (86%), and the two-stage hybrid classification improved the accuracy of results by up to 12% (achieving a multi-classification accuracy of 86.04%). Finally, with the support of our results, we present constructive criticism of the UNSW-NB15 dataset.

show abstract

Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic

Cited by 23 publications

References 22 publications

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

Walling up Backdoors in Intrusion Detection Systems

Network Based Intrusion Detection Using the UNSW-NB15 Dataset

Contact Info

Product

Resources

About