An Investigation of Performance Analysis of Machine Learning-Based Techniques for Network Anomaly Detection

2020 ◽  
pp. 117-153
Author(s):  
Kevin Chong ◽  
Mohiuddin Ahmed ◽  
Syed Mohammed Shamsul Islam
Keyword(s):  
Machine Learning ◽  
Performance Analysis ◽  
Anomaly Detection ◽  
Network Anomaly Detection

scholarly journals Effective and efficient network anomaly detection system using machine learning algorithm

2019 ◽  
Vol 8 (1) ◽  
pp. 46-51 ◽  
Author(s):  
Mukrimah Nawir ◽  
Amiza Amir ◽  
Naimah Yaakob ◽  
Ong Bi Lynn
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
Processing Time ◽  
Learning Algorithm ◽  
Detection System ◽  
Malicious Code ◽  
Supervised Machine Learning ◽  
Machine Learning Algorithm ◽  
Network Anomaly Detection ◽  
Anomaly Detection System

Network anomaly detection system enables to monitor computer network that behaves differently from the network protocol and it is many implemented in various domains. Yet, the problem arises where different application domains have different defining anomalies in their environment. These make a difficulty to choose the best algorithms that suit and fulfill the requirements of certain domains and it is not straightforward. Additionally, the issue of centralization that cause fatal destruction of network system when powerful malicious code injects in the system. Therefore, in this paper we want to conduct experiment using supervised Machine Learning (ML) for network anomaly detection system that low communication cost and network bandwidth minimized by using UNSW-NB15 dataset to compare their performance in term of their accuracy (effective) and processing time (efficient) for a classifier to build a model. Supervised machine learning taking account the important features by labelling it from the datasets. The best machine learning algorithm for network dataset is AODE with a comparable accuracy is 97.26% and time taken approximately 7 seconds. Also, distributed algorithm solves the issue of centralization with the accuracy and processing time still a considerable compared to a centralized algorithm even though a little drop of the accuracy and a bit longer time needed.

Trust-based federated learning for network anomaly detection

2021 ◽  
pp. 1-11
Author(s):  
Naiyue Chen ◽  
Yi Jin ◽  
Yinglong Li ◽  
Luxin Cai
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
Private Information ◽  
Information Disclosure ◽  
Rapid Development ◽  
Detection Algorithm ◽  
Abnormal Behavior ◽  
Local Data ◽  
Daily Work ◽  
Network Anomaly Detection

With the rapid development of social networks and the massive popularity of intelligent mobile terminals, network anomaly detection is becoming increasingly important. In daily work and life, edge nodes store a large number of network local connection data and audit data, which can be used to analyze network abnormal behavior. With the increasingly close network communication, the amount of network connection and other related data collected by each network terminal is increasing. Machine learning has become a classification method to analyze the features of big data in the network. Face to the problems of excessive data and long response time for network anomaly detection, we propose a trust-based Federated learning anomaly detection algorithm. We use the edge nodes to train the local data model, and upload the machine learning parameters to the central node. Meanwhile, according to the performance of edge nodes training, we set different weights to match the processing capacity of each terminal which will obtain faster convergence speed and better attack classification accuracy. The user’s private information will only be processed locally and will not be uploaded to the central server, which can reduce the risk of information disclosure. Finally, we compare the basic federated learning model and TFCNN algorithm on KDD Cup 99 dataset and MNIST dataset. The experimental results show that the TFCNN algorithm can improve accuracy and communication efficiency.

scholarly journals Analysis of deep learning models for network anomaly detection in Internet of Things

2021 ◽  
pp. 28-37
Author(s):  
Diana Gaifilina ◽  
Igor Kotenko
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Deep Learning ◽  
Internet Of Things ◽  
Anomaly Detection ◽  
Recurrent Neural Network ◽  
Network Traffic ◽  
Learning Models ◽  
Network Anomaly Detection ◽  
Machine Learning Models

Introduction: The article discusses the problem of choosing deep learning models for detecting anomalies in Internet of Things (IoT) network traffic. This problem is associated with the necessity to analyze a large number of security events in order to identify the abnormal behavior of smart devices. A powerful technology for analyzing such data is machine learning and, in particular, deep learning. Purpose: Development of recommendations for the selection of deep learning models for anomaly detection in IoT network traffic. Results: The main results of the research are comparative analysis of deep learning models, and recommendations on the use of deep learning models for anomaly detection in IoT network traffic. Multilayer perceptron, convolutional neural network, recurrent neural network, long short-term memory, gated recurrent units, and combined convolutional-recurrent neural network were considered the basic deep learning models. Additionally, the authors analyzed the following traditional machine learning models: naive Bayesian classifier, support vector machines, logistic regression, k-nearest neighbors, boosting, and random forest. The following metrics were used as indicators of anomaly detection efficiency: accuracy, precision, recall, and F-measure, as well as the time spent on training the model. The constructed models demonstrated a higher accuracy rate for anomaly detection in large heterogeneous traffic typical for IoT, as compared to conventional machine learning methods. The authors found that with an increase in the number of neural network layers, the completeness of detecting anomalous connections rises. This has a positive effect on the recognition of unknown anomalies, but increases the number of false positives. In some cases, preparing traditional machine learning models takes less time. This is due to the fact that the application of deep learning methods requires more resources and computing power. Practical relevance: The results obtained can be used to build systems for network anomaly detection in Internet of Things traffic.

scholarly journals Network Malware Detection using Soft Computing and Machine Learning Techniques

2019 ◽  
Vol 9 (2) ◽  
pp. 879-885
Keyword(s):  
Machine Learning ◽  
Decision Tree ◽  
Anomaly Detection ◽  
Soft Computing ◽  
Naive Bayes ◽  
Malware Detection ◽  
Naïve Bayes ◽  
Machine Learning Techniques ◽  
Learning Techniques ◽  
Network Anomaly Detection

In today’s world there is rapid increase in the information which makes addressing of security issues more important. Malware detection is an important area for research in effective and secure functioning of computer networks. Research efforts are required to protect the systems from various security attacks. In this paper, we analyze usefulness of Soft Computing and Machine Learning Techniques for network malware detection. Hamamoto et al. [1] used combination of Genetic Algorithm and Fuzzy logic for implementation of network anomaly detection. The research work proposed in this paper extends the concepts discussed in [1]. The proposed work explores use of various Machine Learning algorithms such as K-Nearest Neighbor, Naïve Bayes and Decision Tree for network anomaly detection. The experimental observations are conducted on CIDDS (Coburg Intrusion Detection Data Set) dataset [14]. It is observed that Decision Tree approach gave better results as compared to KNN and Naïve Bayes techniques. Decision Tree technique gives 99% of accuracy and precision of 1 and recall of 1.

Sign in / Sign up

Export Citation Format

Share Document