Network Intrusion Detection Systems Design: A Machine Learning Approach

  • Manuel Gonçalves da Silva Neto Universidade Federal do Ceará (UFC)
  • Danielo G. Gomes Universidade Federal do Ceará (UFC)

Resumo


With the increasing popularization of computer network-based technologies, security has become a daily concern, and intrusion detection systems (IDS) play an essential role in the supervision of computer networks. An employed approach to combat network intrusions is the development of intrusion detection systems via machine learning techniques. The intrusion detection performance of these systems depends highly on the quality of the IDS dataset used in their design and the decision making for the most suitable machine learning algorithm becomes a difficult task. The proposed paper focuses on evaluate and accurate the model of intrusion detection system of different machine learning algorithms on two resampling techniques using the new CICIDS2017 dataset where Decision Trees, MLPs, and Random Forests on Stratified 10-Fold cross-validation gives high stability in results with Precision, Recall, and F1-Scores of 98% and 99% with low execution times.

Palavras-chave: Segurança, Detecção de Intrusos, Aprendizado de Máquina

Referências

Almseidin, M., Alzubi, M., Kovacs, S., and Alkasassbeh, M. (2017). Evaluation of machine learning algorithms for intrusion detection system. In 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), pages 277–282.

Biswa, S. K. (2018). Intrusion detection using machine learning: A comparison study. International Journal of Pure and Applied Mathematics (IJPAM), 118(19):101–114. CIC (2018). Intrusion detection evaluation dataset (cicids2017). https://www.unb. ca/cic/datasets/ids-2017.html.

Demˇsar, J. (2006). Statistical comparisons of classifiers over multiple data sets. Journal of Machine learning research, 7(Jan):1–30.

Dietterich, T. G. (1998). Approximate statistical tests for comparing supervised classification learning algorithms. Neural computation, 10(7):1895–1923.

Effendy, D. A., Kusrini, K., and Sudarmawan, S. (2017). Classification of intrusion detection system (ids) based on computer network. In 2017 2nd International conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE), pages 90–94.

Hindy, H., Brosset, D., Bayne, E., Seeam, A., Tachtatzis, C., Atkinson, R., and Bellekens, X. (2018). A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv preprint arXiv:1806.03517.

Hodo, E., Bellekens, X., Iorkyase, E., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2018). Machine learning approach for detection of nontor traffic. Journal of Cyber Security, 6(2):171–194.

Kuhn, M. and Johnson, K. (2013). Applied predictive modeling, volume 26. Springer- Verlag New York.

Li, J., Qu, Y., Chao, F., Shum, H. P. H., Ho, E. S. L., and Yang, L. (2019). Machine Learning Algorithms for Network Intrusion Detection, pages 151–179. Springer International Publishing, Cham.

Ott, R. L. and Longnecker, M. T. (2015). An Introduction to Statistical Methods and Data Analysis Sixth Edition. Nelson Education.

Park, K., Song, Y., and Cheong, Y. (2018). Classification of attack types for intrusion detection systems using a machine learning algorithm. In 2018 IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService), pages 282–286.

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.

Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pages 108–116.

Sheskin, D. J. (2007). Handbook of Parametric and Nonparametric Statistical Procedures. Chapman & Hall/CRC, 4 edition.

Shiravi, A., Shiravi, H., Tavallaee, M., and Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 31(3):357 – 374.

Utimura, L. N. and Costa, K. A. (2018). Aplicac¸ ão e an´alise comparativa do desempenho de classificadores de padr˜oes para o sistema de detecc¸ ão de intrusão snort. In Anais do Simp´osio Brasileiro de Redes de Computadores e Sistemas Distribu´ıdos (SBRC), volume 36.

Varghese, J. E. and Muniyal, B. (2017). An investigation of classification algorithms for intrusion detection system — a quantitative approach. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 2045–2051.

Witten, I. H., Frank, E., Hall, M. A., and Pal, C. J. (2017). Data Mining: Practical Machine Learning Tools and Techniques Fourth Edition. Morgan Kaufmann.
Publicado
27/08/2019
Como Citar

Selecione um Formato
SILVA NETO, Manuel Gonçalves da; G. GOMES, Danielo . Network Intrusion Detection Systems Design: A Machine Learning Approach. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 37. , 2019, Gramado. Anais do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Porto Alegre: Sociedade Brasileira de Computação, aug. 2019 . p. 932-945. ISSN 2177-9384. DOI: https://doi.org/10.5753/sbrc.2019.7413.