Combining Naive Bayes and Decision Tree for Adaptive Intrusion Detection

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.Comment: 14 Pages, IJNS

A NOVEL EVALUATION APPROACH TO FINDING LIGHTWEIGHT MACHINE LEARNING ALGORITHMS FOR INTRUSION DETECTION IN COMPUTER NETWORK

Building practical and efficient intrusion detection systems in computer network is important in industrial areas today and machine learning technique provides a set of effective algorithms to detect network intrusion. To find out appropriate algorithms for building such kinds of systems, it is necessary to evaluate various types of machine learning algorithms based on specific criteria. In this paper, we propose a novel evaluation formula which incorporates 6 indexes into our comprehensive measurement, including precision, recall, root mean square error, training time, sample complexity and practicability, in order to find algorithms which have high detection rate, low training time, need less training samples and are easy to use like constructing, understanding and analyzing models. Detailed evaluation process is designed to get all necessary assessment indicators and 6 kinds of machine learning algorithms are evaluated. Experimental results illustrate that Logistic Regression shows the best overall performance

A Comparative Analysis of Decision Tree and Bayesian Model for Network Intrusion Detection System

Denial of Service Attacks (DoS) is a major threat to computer networks. This paper presents two approaches (Decision tree and Bayesian network) to the building of classifiers for DoS attack. Important attributes selection increases the classification accuracy of intrusion detection systems; as decision tree which has the advantage of generating explainable rules was used for the selection of relevant attributes in this research. A C4.5 decision tree dimensional reduction algorithm was used in reducing the 41 attributes of the KDD´99 dataset to 29. Thereafter, a rule based classification system (decision tree) was built as well as Bayesian network classification system for denial of service attack (DoS) based on the selected attributes. The classifiers were evaluated and compared using performance on the test dataset. Experimental results show that Decision Tree is robust and gives the highest percentage of successful classification than Bayesian Network which was found to be sensitive to the discritization techniques. It has been successfully tested that significant attribute selection is important in designing a real world intrusion detection system (IDS). Keywords— Intrusion Detection System, Machine Learning, Decision Tree, and Bayesian Network

Intrusion detection using decision tree classifier with feature reduction technique

The number of internet users and network services is increasing rapidly in the recent decade gradually. A Large volume of data is produced and transmitted over the network. Number of security threats to the network has also been increased. Although there are many machine learning approaches and methods are used in intrusion detection systems to detect the attacks, but generally they are not efficient for large datasets and real time detection. Machine learning classifiers using all features of datasets minimized the accuracy of detection for classifier. A reduced feature selection technique that selects the most relevant features to detect the attack with ML approach has been used to obtain higher accuracy. In this paper, we used recursive feature elimination technique and selected more relevant features with machine learning approaches for big data to meet the challenge of detecting the attack. We applied this technique and classifier to NSL KDD dataset. Results showed that selecting all features for detection can maximize the complexity in the context of large data and performance of classifier can be increased by feature selection best in terms of efficiency and accuracy

Comparative analysis of classification techniques for network anomalies management

Bugün, teknolojideki hızlı gelişme milyarlarca cihazın birbiriyle iletişim kurmasını sağlıyor. Bu gelişme, tüm bu cihazların ağa kolayca bağlanabilmesi için yeni ağ teknolojilerini gerektirir. Son yıllarda, siber saldırılar hükümetler, işletmeler ve bireyler için ciddi bir tehdit oluşturuyor. Bu siber saldırıları önlemek için tasarlanan birçok saldırı tespit sistemi başarısız oldu. Saldırı Tespit Sistemleri (IDS) saldırıları ve saldırganların kullandığı kurnazca yollarını yeterince tanıyamadığından yetersiz IDS çözümü ve savunmasız ağlarla sonuçlandı. Veri madenciliği ve istatistiğin bir sonucu olan makine öğrenmesi tabanlı sistemler kullanmak saldırıları önlemek için çok daha akıllıca bir çözüm olacaktır. Bu yaklaşım, saldırı tanıma tekniklerine dayanan klasik IDS çözümüne kıyasla daha verimli bir IDS çözümü getirecektir. Bu tezin amacı, ağ sorun giderme işlemlerini geliştirmek ve bakım işlemlerinin verimliliğini artırmak amacıyla makine öğrenmesini kullanarak Ağ Tabanlı Anomali Tespit Sistemi (NADS) için bir yöntem önermektir. Bu çalışma, seçilen dört makine öğrenme sınıflandırma algoritmasının performansını birbiriyle karşılaştırmaktadır. Seçilen algoritmalar şunlardır: K-En Yakın Komşular (KNN), K-Means, Naïve Bayes ve Random Forest. Bu karşılaştırma ağ anomalisini tespit etmek ve sınıflandırma çerçevesinin performansını analiz etmek içindir. Bu karşılaştırma, çerçeve seçimi ile ilgili öneriler sunmak için yapılmıştır. Yukarıda belirtilen algoritmalar, izinsiz giriş tespit prototiplerini değerlendirmek için yaygın olarak kullanılan KDD CUP99 izinsiz giriş tespit veri setinde uygulanır ve test edilir. Deneysel sonuçlar KNN algoritmasının doğruluk ve hesaplama süresi açısından iyi çalıştığını göstermektedir. Ayrıca, KNN'nin bilinen tüm saldırıların % 98.0379’luk potansiyel tehdidin başarılı bir şekilde tespit ettiğini göstermiştir

Security in Data Mining- A Comprehensive Survey

Data mining techniques, while allowing the individuals to extract hidden knowledge on one hand, introduce a number of privacy threats on the other hand. In this paper, we study some of these issues along with a detailed discussion on the applications of various data mining techniques for providing security. An efficient classification technique when used properly, would allow an user to differentiate between a phishing website and a normal website, to classify the users as normal users and criminals based on their activities on Social networks (Crime Profiling) and to prevent users from executing malicious codes by labelling them as malicious. The most important applications of Data mining is the detection of intrusions, where different Data mining techniques can be applied to effectively detect an intrusion and report in real time so that necessary actions are taken to thwart the attempts of the intruder. Privacy Preservation, Outlier Detection, Anomaly Detection and PhishingWebsite Classification are discussed in this paper

Potential of machine learning/Artificial Intelligence (ML/AI) for verifying configurations of 5G multi Radio Access Technology (RAT) base station

Abstract. The enhancements in mobile networks from 1G to 5G have greatly increased data transmission reliability and speed. However, concerns with 5G must be addressed. As system performance and reliability improve, ML and AI integration in products and services become more common. The integration teams in cellular network equipment creation test devices from beginning to end to ensure hardware and software parts function correctly. Radio unit integration is typically the first integration phase, where the radio is tested independently without additional network components like the BBU and UE. 5G architecture and the technology that it is using are explained further. The architecture defined by 3GPP for 5G differs from previous generations, using Network Functions (NFs) instead of network entities. This service-based architecture offers NF reusability to reduce costs and modularity, allowing for the best vendor options for customer radio products. 5G introduced the O-RAN concept to decompose the RAN architecture, allowing for increased speed, flexibility, and innovation. NG-RAN provided this solution to speed up the development and implementation process of 5G. The O-RAN concept aims to improve the efficiency of RAN by breaking it down into components, allowing for more agility and customization. The four protocols, the eCPRI interface, and the functionalities of fronthaul that NGRAN follows are expressed further. Additionally, the significance of NR is described with an explanation of its benefits. Some benefits are high data rates, lower latency, improved spectral efficiency, increased network flexibility, and improved energy efficiency. The timeline for 5G development is provided along with different 3GPP releases. Stand-alone and non-stand-alone architecture is integral while developing the 5G architecture; hence, it is also defined with illustrations. The two frequency bands that NR utilizes, FR1 and FR2, are expressed further. FR1 is a sub-6 GHz frequency band. It contains frequencies of low and high values; on the other hand, FR2 contains frequencies above 6GHz, comprising high frequencies. FR2 is commonly known as the mmWave band. Data collection for implementing the ML approaches is expressed that contains the test setup, data collection, data description, and data visualization part of the thesis work. The Test PC runs tests, executes test cases using test libraries, and collects data from various logs to analyze the system’s performance. The logs contain information about the test results, which can be used to identify issues and evaluate the system’s performance. The data collection part describes that the data was initially present in JSON files and extracted from there. The extraction took place using the Python code script and was then fed into an Excel sheet for further analysis. The data description explains the parameters that are taken while training the models. Jupyter notebook has been used for visualizing the data, and the visualization is carried out with the help of graphs. Moreover, the ML techniques used for analyzing the data are described. In total, three methods are used here. All the techniques come under the category of supervised learning. The explained models are random forest, XG Boost, and LSTM. These three models form the basis of ML techniques applied in the thesis. The results and discussion section explains the outcomes of the ML models and discusses how the thesis will be used in the future. The results include the parameters that are considered to apply the ML models to them. SINR, noise power, rxPower, and RSSI are the metrics that are being monitored. These parameters have variance, which is essential in evaluating the quality of the product test setup, the quality of the software being tested, and the state of the test environment. The discussion section of the thesis explains why the following parameters are taken, which ML model is most appropriate for the data being analyzed, and what the next steps are in implementation

Security in Data Mining-A Comprehensive Survey

Data mining techniques, while allowing the individuals to extract hidden knowledge on one hand, introduce a number of privacy threats on the other hand. In this paper, we study some of these issues along with a detailed discussion on the applications of various data mining techniques for providing security. An efficient classification technique when used properly, would allow an user to differentiate between a phishing website and a normal website, to classify the users as normal users and criminals based on their activities on Social networks (Crime Profiling) and to prevent users from executing malicious codes by labelling them as malicious. The most important applications of Data mining is the detection of intrusions, where different Data mining techniques can be applied to effectively detect an intrusion and report in real time so that necessary actions are taken to thwart the attempts of the intruder