Keywords
machine learning methods
confusion matrix
How to Cite
Abstract
In recent years, there has been a large increase in internet-based services, that raises major disruptions to information security. And with the colossal range of data network traffic that is generated daily, this with its high speed, makes security threats increasingly enigmatic. In this sense, this article presents an approach based on machine learning methods applied to the search for threats in computer networks, in order to try to detect intrusion and, therefore, help to prevent attacks from occurring. Thus, algorithms were tested for classification of attacks on the network, with three different methods: Decision Tree, Decision Tables and Naive Bayes. The effectiveness of each technique is evaluated through experiments using the KDD'99 database, and is based on the confusion matrix which obtained, throug a small portion (about 10%) of the database obtained accuracy, precision and recall. above (89%) on the analyzed classifiers, affirming the feasibility of learning machines in search of classification of anomalies in computer networks.
References
ABRACADABRA. Micro-and Macro-average of Precision, Recall and F-Score. 2018. Disponível em: https://towardsdatascience.com/micro-macro-weighted-averages-of-f1-score-clearly-explained-b603420b292f Acesso em: 27 dez. 2022.
AGGARWAL, C. C. Data Classification: Algorithms and Applications. New York: CRC Press, 2014. E-book.
ALSUBHI, K.; ZHANI, M. F.; BOUTAVA, R. Embedded Markov process based model for performance analysis of Intrusion Detection and Prevention Systems. In: GLOBAL COMMUNICATIONS CONFERENCE, 2012, Anaheim. Proceedings… Anaheim: Globecom, 2012. Disponível em: https://www.researchgate.net/publication/261046303_Embedded_Markov_Process_basedModel_for_Performance_Analysis_of_Intrusion_Detection_and_Prevention_Systems. Acesso em: 2 ago 2023.
ANDRADE, M. S. Monitoramento integrado de desempenho e segurança dos ativos de redes de computadores. 2017. Trabalho de Conclusão de Curso (Sistemas de Informação) - Instituto Federal de Educação Ciência e Tecnologia de Sergipe – Lagarto, 2017. Disponível em: https://zabbixbrasil.org//files/TCC_MATHEUS_SANTOS_ANDRADE%20_IFS_SISTEMAS_DE_INFORMACAO_2018_FINAL.pdf. Acesso em: 20 set. 2022.
BARFORD, P. et al. A signal analysis of network traffic anomalies. In: PROCEEDINGS OF THE 2ND ACM SIGCOMM WORKSHOP ON INTERNET MEASURMENT, 2., 2002, Marseille.Proceedings…Marseille: ACM, 2002. Disponível em: https://www.researchgate.net/publication/2861593_A_Signal_Analysis_of_Network_Traffic_Anomalies/link/0deec517630d327262000000/download. Acesso em: 02 ago. 2023.
BELLMAN, E. R. An introduction to artificial intelligence: can computers think? Boston: Boyd & Fraser Pub. Co., 1978.
BHARGAVA, N. et al. Decision tree analysis on j48 algorithm for data mining. International Journal of Advanced Research in Computer Science and Software Engineering, v. 3, n. 6, p. 45-98, 2013.
CARVALHO, H. M. Aprendizado de máquina voltado para mineração de dados: árvores de decisão. 2014. Monografia (Engenharia de Software) – Universidade de Brasília – Brasília, 2014.
DENNING, D. E. An intrusion-detection model. IEEE Transactions on Software Engineering, v. 13, n. 2, p. 222-232, 1987.
FUNG, C. J.; BOUTABA R. Design and management of collaborative intrusion detection networks. In: INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT, 13., 2013, Proceedings…IFIP/IEEE, 2013.
GUREK, E. L. Aquisição de conhecimento em bancos de dados. 2001. Trabalho de Conclusão de Curso (Tecnólogo em Processamento de Dados) – Universidade Tuiuti do Paraná, Santo Inácio, 2001.
HUSSAIN, F. et al. Exception rule mining with a relative interestingness measure. In: HUSSAIN, F. et al. Knowledge discovery and data mining. Berlin: Springer Berlin Heidelberg, 2000. p. 86-97.
JOHN, G. H.; LANGLEY, P. Estimating continuous distributions in bayesian classifiers. In: PROCEEDINGS OF THE ELEVENTH CONFERENCE ON UNCERTAINTY IN ARTIFICIAL INTELLIGENCE, 11., 1995, Montréal. Proceedings…Montréal: Morgan Kaufmann Publishers, 1995.
KIM, G.; LEE, S.; KIM, S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, v. 41, n. 4, p.1690-1700, 2014.
KOHAVI, Ron. The power of decision tables. In: KOHAVI, Ron. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer Berlin Heidelberg, 1995. p. 174-189.
KUMAR, G. V.; REDDY, D. K. An agent based intrusion detection system for wireless network with artificial immune system (AIS) and negative clone selection. In: INTERNATIONAL CONFERENCE ON ELECTRONIC SYSTEMS, 2014, Nagpur. Proceedings…Nagpur: IEEE, 2014.
LARRAÑAGA, P. et al. Machine learning in bioinformatics. Brief Bioinformatics, v. 7, n. 1, p. 86-112, 2006.
LE, Q.; SMOLA, A.; VISHWANATHAN, S. Bundle methods for machine learning. Advances in neural information processing systems, v. 20, 2007.
LEU F. Y. et al. An internal intrusion detection and protection system by using data mining and forensic techniques. IEEE Systems Journal, v. 11, n. 2, p. 1-12, 2017.
LIBRALON, G. L. Investigação de combinações de técnicas de detecção de ruído para dados de expressão gênica. 2007. Dissertação (Mestrado em Ciências Matemáticas e de Computação) - Universidade de São Paulo, São Carlos, 2007.
MANYIKA, J. et al. Big data: the next frontier for innovation, competition, and productivity. [s.l.]: McKinsey Global Institute, 2011.
MITCHELL, T. Machine learning. New York: McGraw-Hill, 1997.
NORVIG, P.; RUSSEL, S. Inteligência artificial. Rio de Janeiro: Guanabara Koogan, 2013.
ÖZGÜR, A.; ERDEM, H. A review of kdd99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ Preprints, 4:e1954v1, 2016.
PINHEIRO, J. M. dos S. Ameaças e Ataques aos Sistemas de Informação: prevenir e antecipar. Cadernos UniFOA, v. 3, n. 5, p. 11–21, 2017.
QUINLAN, J.R. C4.5: programs for machine learning. [s.l.]: Elsevier Science & Technology Books, 2014.
RAMA DEVI R. R., ABUALKIBASH, M. Intrusion detection system classification using different machine learning algorithms on KDD-99 and NSL-KDD datasets - a review paper. International Journal of Computer Science & Information Technology, v. 11, n. 3, 2019.
SANTOS, V. Sistemas de Detecção de Intrusões usando unicamente softwares open source. Sistema de Informação, v. 10, 2010.
SCARFONE, K.; MELL, P. Guide to intrusion detection and prevention systems (IDPS). Gaithersburg: NIST, 2007.
SMOLA, A. J.; SCHÖLKOPF, B. Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. Cambridge: The MIT Press, 2001.
SOMMER, R.; PAXSON, V. Outside the closed world: On using machine learning for network intrusion detection. In: SYMPOSIUM ON SECURITY AND PRIVACY, 10., 2010, Washington. Proceedings... Washington: IEEE Computer Society, 2010.
SOUSA, R. M. et al. A New Approach for Including Social Conventions Into Social Robots Navigation by Using Polygonal Triangulation and Group Asymmetric Gaussian Functions. Sensors, v. 22, n. 12, p. 4602, 2022.
STOLFO J. et al., Cost-based modeling for fraud and intrusion detection: Results from the JAM project. In: DARPA INFORMATION SURVIVABILITY CONFERENCE AND EXPOSITION, 2., 2000, Hilton Head. Proceedings... Hilton Head: IEEE Computer Society, 2000.
TARCA, A. L. et al. Machine learning and its applications to biology. PLoS Computational Biology, v. 3, n. 6, p. 953-963, 2007.
UTIMURA, L. N.; COSTA, K. A. Aplicação e análise comparativa do desempenho de classificadores de padrões para o sistema de detecção de intrusão Snort. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS, 36., 2018. Porto Alegre. Anais…Porto Alegre: SBC, 2018.
WITTEN, I. H.; FRANK, E.; HALL, M. A.; PAL, C.J. Data Mining: practical machine learning tools and techniques. Chennai: Morgan Kaufmann, 2016.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright (c) 2023 Matheus Santos Andrade, Jean Santos