Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Machine Learning Anomaly-Based Network Intrusion Detection: Experimental Evaluation

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 654))

Abstract

The use of Machine Learning (ML) approaches to design anomaly-based network intrusion detection systems (A-NIDS) has been attracting growing interest due to, first, the ability of an A-NIDS to detect unpredictable and previously unseen network attacks, and second, the efficiency and accuracy of ML techniques to classify normal and malicious network traffic compared to other approaches. In this paper, we provide a comprehensive experimental evaluation of various ML approaches including Logistic Regression (LR), Decision Tree (DT), Random Forest (RF), and Artificial Neural Network (ANN), on a recently published benchmark dataset called UNSW-NB15 considering both binary and multi-class classification. Throughout the experiments, we show that ANN is more accurate and has fewer false alarm rates (FARs) compared to other classifiers, which makes Deep Learning (DL) approaches a good candidate compared to shallow learning for future research. Moreover, we conducted our experiments in a way to be served as a benchmark results since our used approaches are trained and tested on the configuration deliberately provided by the authors of UNSW-NB15 dataset for the purpose of direct comparison.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bigdeli, E., Mohammadi, M., Raahemi, B., Matwin, S.: Incremental anomaly detection using two-layer cluster-based structure. Inf. Sci. 429, 315–331 (2018)

    Article  MathSciNet  Google Scholar 

  2. Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016)

    Article  Google Scholar 

  3. Diallo, A.F., Patras, P.: Adaptive clustering-based malicious traffic classification at the network edge. In: IEEE INFOCOM, pp. 1–10. IEEE (2021)

    Google Scholar 

  4. Dromard, J., Roudière, G., Owezarski, P.: Online and scalable unsupervised network anomaly detection method. IEEE Trans. Netw. Serv. Manag. 14(1), 34–47 (2017)

    Article  Google Scholar 

  5. Fernandes, G., Rodrigues, J.J.P.C., Carvalho, L.F., Al-Muhtadi, J.F., Proença, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447–489 (2019). https://doi.org/10.1007/s11235-018-0475-8

    Article  Google Scholar 

  6. García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)

    Article  Google Scholar 

  7. Goodfellow, I.J., et al.: Generative adversarial networks (2014)

    Google Scholar 

  8. Guarino, I., Bovenzi, G., Di Monda, D., Aceto, G., Ciuonzo, D., Pescapé, A.: On the use of machine learning approaches for the early classification in network intrusion detection. In: IEEE M &N, pp. 1–6 (2022)

    Google Scholar 

  9. Hettich, S., Bay, S.D.: KDD Cup 1999 Data

    Google Scholar 

  10. Ingre, B., Yadav, A.: Performance analysis of NSL-KDD dataset using ANN. IN: SPACES, pp. 92–96 (2015)

    Google Scholar 

  11. Jeong, H., Yu, J., Lee, W.: Poster abstract: a semi-supervised approach for network intrusion detection using generative adversarial networks. IEEE Infocom, pp. 31–32 (2021)

    Google Scholar 

  12. Kim, T., Suh, S.C., Kim, H., Kim, J., Kim, J.: An encoding technique for CNN-based network anomaly detection. In: Big Data, pp. 2960–2965 (2019)

    Google Scholar 

  13. Li, H., Chasaki, D.: Ensemble machine learning for intrusion detection in cyber-physical systems. In: INFOCOM WKSHPS, pp. 12–13. IEEE (2021)

    Google Scholar 

  14. Liao, H.J., Richard Lin, C.H., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 1, 16–24 (2013)

    Article  Google Scholar 

  15. Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686–728 (2019)

    Article  Google Scholar 

  16. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: MilCIS, pp. 1–6. IEEE (2015)

    Google Scholar 

  17. Moustafa, N., Slay, J.: The evaluation of Network Anomaly Detection Systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. 25(1–3), 18–31 (2016)

    Google Scholar 

  18. Odena, A.: Semi-supervised learning with generative adversarial networks. arXiv preprint arXiv:1606.01583 (2016)

  19. Salimans, T., et al.: Improved techniques for training GANs, vol. 29. Curran Associates, Inc. (2016)

    Google Scholar 

  20. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP 2018 (Cic), pp. 108–116 (2018)

    Google Scholar 

  21. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 3, 357–374 (2012)

    Article  Google Scholar 

  22. Staudemeyer, R.C.: Applying long short-term memory recurrent neural networks to intrusion detection. S. Afr. Comput. J. 56(56), 136–154 (2015)

    Google Scholar 

  23. Švihrová, R., Lettner, C.: A semi-supervised approach for network intrusion detection. In: ACM International Conference Proceeding Series (2020)

    Google Scholar 

  24. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009)

    Google Scholar 

  25. Tool, I.P.: https://www.keysight.com/fr/en/products/network-test/network-test-hardware/perfectstorm.html

  26. Tsakalidis, S., Doumpiotis, V., Byrne, W.: Discriminative linear transforms for feature normalization and speaker adaptation in HMM estimation. IEEE Trans. Speech Audio Process. 13(3), 367–376 (2005)

    Article  Google Scholar 

  27. Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)

    Article  Google Scholar 

  28. Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)

    Article  Google Scholar 

  29. Zhang, C., Ma, Y.: Ensemble Machine Learning. Springer, New York (2012). https://doi.org/10.1007/978-1-4419-9326-7

    Book  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMATH Laboratory, University of Toulon, La Garde, France

    Ahmed Ramzi Bahlali

  2. LESIA Laboratory, University of Biskra, Biskra, Algeria

    Ahmed Ramzi Bahlali & Abdelmalik Bachir

Authors
  1. Ahmed Ramzi Bahlali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdelmalik Bachir
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Ramzi Bahlali .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bahlali, A.R., Bachir, A. (2023). Machine Learning Anomaly-Based Network Intrusion Detection: Experimental Evaluation. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 654. Springer, Cham. https://doi.org/10.1007/978-3-031-28451-9_34

Download citation

Publish with us

Policies and ethics

Search

Navigation