Oğuz ATA, Khalid KADHİM

Network Intrusion Detection Using Machine Learning Techniques/Makine Öğrenmesi Teknikleri Kullanılarak Ağ Saldırı Tespit Sistemi

ÖzetSon zamanlarda gelişen ağ saldırılarından korunmak için saldırı tespit sistemler önemli bir hale gelmiştir. Bu saldırılar,öncekilerden daha karmaşık ve tespit edilmesi zordur. Bu nedenle Makine Öğrenmesi teknikleri kullanılmayabaşlanmıştır. Böylece ağdan gelen paketlerin karekteristiklerinde, daha karmaşık özellikler tespit edilebilmektedir.Bu teknikler öğrenebilmek için belirli özelliklerde verysetine ihtiyaç duymaktadır. Bu amaç ile birçokvery seti toplanmıştır. Bu verisetlerinin bazıları gerçek hayat uygulamalarında saldırı tespit sistemlerinin uygulamasındabilinen limitlere sahiptir.Bu çalışmada Bu her bir veri setinin bilinen konularının yanı sıra, makine öğrenim tekniklerini kullanan ve bu verisetlerini kullanan mevcut saldırı tespit sistemleri ile birlikte herbir mevcut izinsiz veri kümeleri de tartışılmıştır. Makineöğrenme teknikleri farklı veri kümelerinden farklı bilgi çıkarımında bulunurlar ve her tekniğin bu bilgiyi eldeetmek için farklı yaklaşımları olduğu için, her tekniğin performansı, bir veri kümesinden diğerine farklıdır. Tartışılançalışmaların sonuçları, Yapay Sinir Ağları (YSA) ‘nın diğer makine öğrenme teknikleri arasında en yüksek ortalamaperformansı gösterdiği görülmüştür. Böylece Saldırı tespit sistemi uygulamaları için makine öğrenme tekniklerinikullanmanın büyük potansiyeli olduğu görülmüştür

Anahtar Kelimeler:

Makine Öğrenmesi, Yapay Sinir Ağları, Saldırı Tespir Sistemi

Network Intrusion Detection Using Machine Learning Techniques/Makine Öğrenmesi Teknikleri Kullanılarak Ağ Saldırı Tespit Sistemi

AbstractRecently, it has become important to use advanced intrusion detection techniques to protect networks from thedeveloping network attacks, which are becoming more complex and difficult to detect. For this reason, machinelearning techniques have been employed in the Intrusion Detection Systems (IDS), so that, more complex featurescan be detected in the characteristics of the packets incoming to the network. As these techniques require trainingdata, many datasets are collected for this purpose. Some of these datasets have known issues that limit theability to apply intrusion detection systems built, based on these datasets, in real-life applications.In this study, the existing intrusion datasets are illustrated alongside with the known issues of each dataset, as wellas, the existing intrusion detection systems that employ machine learning techniques and use these datasets, arediscussed. As machine learning techniques extract different knowledge from different datasets, and each techniquehas different approaches to extract that knowledge, the performance of each technique is different fromone dataset to another. The results of the discussed studies show the great potential of using machine learningtechniques to implement IDS, where the Artificial Neural Networks (ANN) have shown the highest average performance,among other machine learning techniques.

Keywords:

Machine Learning, Artificial Neural Network, Intrusion Detection Systems,

PDF

___

D. Acemoglu, A. Malekian, and A. Ozdaglar, “Network security and contagion,” Journal of Economic Theory, vol. 166, pp. 536-585, 2016.
D. Yu, Y. Jin, Y. Zhang, and X. Zheng, “A survey on security issues in services communication of Microservices‐ enabled fog applications,” Concurrency and Computation: Practice and Experience, p. e4436.
V. C. Storey and I.-Y. Song, “Big data technologies and Management: What conceptual modeling can do,” Data & Knowledge Engineering, vol. 108, pp. 50-67, 2017.
I. H. Witten, E. Frank, M. A. Hall, and C. J. Pal, Data Mining: Practical machine learning tools and techniques: Morgan Kaufmann, 2016.
M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016.
K. Simonyan and A. Zisserman, “Very deep convolutional networks for large-scale image recognition,” arXiv preprint arXiv:1409.1556, 2014.
K. Cup, “Dataset,” available at the following website http://kdd. ics. uci. edu/databases/kddcup99/kddcup99. html, vol. 72, 1999.
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, 2009, pp. 1-6.
J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Transactions on Information and System Security (TISSEC), vol. 3, pp. 262-294, 2000.
M. S. Pervez and D. M. Farid, “Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs,” in Software, Knowledge, Information Management and Applications (SKIMA), 2014 8th International Conference on, 2014, pp. 1-6.
N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in Military Communications and Information Systems Conference (MilCIS), 2015, 2015, pp. 1-6.
J. Suuronen and M. Bergenwall, “System and method of providing virus protection at a gateway,” ed: Google Patents, 2016.
Y. Liao and V. R. Vemuri, “Use of k-nearest neighbor classifier for intrusion detection1,” Computers & security, vol. 21, pp. 439-448, 2002.
J. R. Quinlan, C4. 5: programs for machine learning: Elsevier, 2014.
J. Zhang, M. Zulkernine, and A. Haque, “Random-forests-based network intrusion detection systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 38, pp. 649-659, 2008.
J. A. Suykens and J. Vandewalle, “Least squares support vector machine classifiers,” Neural processing letters, vol. 9, pp. 293-300, 1999.
M. Kubat, “Artificial neural networks,” in An Introduction to Machine Learning, ed: Springer, 2015, pp. 91-111. W.-C. Lin, S.-W. Ke, and C.-F. Tsai, “CANN: An intrusion detection system based on combining cluster centers and nearest neighbors,” Knowledge-based systems, vol. 78, pp. 13-21, 2015.
N. G. Relan and D. R. Patil, “Implementation of network intrusion detection system using variant of decision tree algorithm,” in Nascent Technologies in the Engineering Field (ICNTE), 2015 International Conference on, 2015, pp. 1-5.]
M. Al-Zewairi, S. Almajali, and A. Awajan, “Experimental Evaluation of a Multi-layer Feed-Forward Artificial Neural Network Classifier for Network Intrusion Detection System,” in 2017 International Conference on New Trends in Computing Sciences (ICTCS), 2017, pp. 167-172.