Intrusion Detection with Comparative Analysis of Supervised Learning Techniques and Fisher Score Feature Selection Algorithm
Rapid development of technologies not only makes life easier, but also reveals a lot of security problems. Developing and changing of attack types affect many people, organizations, companies etc. Therefore, intrusion detection systems have been developed to avoid financial and emotional loses. In this paper, we used CICIDS2017 dataset which consist of benign and the most cutting-edge common attacks. Best features are selected by using Fisher Score algorithm. Real world data extracted from the dataset are classified as DDoS or benign with using Support Vector Machine (SVM), K Nearest Neighbour (KNN) and Decision Tree (DT) algorithms. As a result of the study, 0,9997%, 0,5776%, 0,99% success rates were achieved respectively.
KeywordsIDS Machine learning CICIDS2017
This work is also a part of the M.Sc. thesis titled Performance Analysis of Log Based Intrusion Detection Systems Istanbul University, Institute of Physical Sciences.
- 1.Ibrahimi, K., Ouaddane, M.: Management of intrusion detection systems based-KDD99: analysis with LDA and PCA. In: 2017 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 1–6. IEEE (2017)Google Scholar
- 2.Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 25–31. IEEE (2015)Google Scholar
- 3.Sun, L., Anthony, T.S., Xia, H.Z., Chen, J., Huang, X., Zhang, Y.: Detection and classification of malicious patterns in network traffic using Benford’s law. In: Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), pp. 864–872. IEEE (2017)Google Scholar
- 4.Almansob, S.M., Lomte, S.S.: Addressing challenges for intrusion detection system using naive Bayes and PCA algorithm. In: 2017 2nd International Conference for Convergence in Technology (I2CT), pp. 565–568. IEEE (2017)Google Scholar
- 5.Raja, M.C., Rabbani, M.M.A.: Combined analysis of support vector machine and principle component analysis for IDS. In: IEEE International Conference on Communication and Electronics Systems, pp. 1–5 (2016)Google Scholar
- 6.UNB Canadian Cyber Security, Intrusion Detection Evaluation Dataset (CICIDS2017). http://www.unb.ca/cic/datasets/ids-2017.html
- 7.Lunt, T.F.: Automated audit trail analysis and intrusion detection: a survey. In Proceedings of the 11th National Computer Security Conference, vol. 353 (1988)Google Scholar
- 9.Crosbie, M., Spafford, E.H.: Defending a computer system using autonomous agents (1995) Google Scholar
- 10.Endler, D.: Intrusion detection. Applying machine learning to Solaris audit data. In: 1998 Proceedings of 14th Annual Computer Security Applications Conference, pp. 268–279. IEEE (1998)Google Scholar
- 14.Gu, Q., Li, Z., Han, J.: Generalized fisher score for feature selection (2012). arXiv preprint arXiv:1202.3725