Full Stack Developer at Electro Mizan Andisheh, profile picture
Uploaded byFull Stack Developer at Electro Mizan Andisheh
PPSX, PDF373 views

Practical real-time intrusion detection using machine learning approaches

The document describes a practical real-time intrusion detection system (IDS) utilizing machine learning approaches, outlining its three main phases: pre-processing, classification, and post-processing. It details the process of extracting network packet information, the criteria for feature selection using information gain, and the performance metrics used to evaluate detection effectiveness. Experimental results demonstrate high detection rates for Distributed Denial of Service (DDoS) and probe attacks, confirming the IDS's efficiency with minimal resource consumption.

Software
Related topics:
Intrusion Detection
Downloaded 20 times
Practical real-time intrusion detection using machine learning approaches Armin shoughi May 2019
IDS / Intrusion Detection System An IDS collects information from a network or computer system, and analyzes the information for symptoms of system breaches Fig. 1. Network intrusion detection system environment. 2
IDS / Intrusion Detection System 1) 3 IDS Host-based Network-based Offline online IDS 2)
Real-time IDS process Our real-time IDS process, shown in Fig. 2, consists of three phases: • the pre-processing phase • the classification phase • and the post-processing phase 4
Pre-Processing Phase • In the pre-processing phase which is shown in the upper part of Fig. 2, we use a packet sniffer to extract network packet information including IP header, TCP header, UDP header, and ICMP header from each packet. 5
InGain / Information Gain 6 • Information Gain (InGain) is a criterion for feature selection. To use InGain, we compute an entropy value for each attribute or feature of data. • The entropy value is used for ranking features that affect data classification.
InGain / Information Gain (Example) 7
Classification phase • In the classification phase, we classify each of the preprocessed data records obtained from the preprocessing phase as normal data or attack data. • This classification phase consists of two main processes which are training and testing network data. 8
Post-Processing phase • The post-processing phase is used to eliminate outliers or false-alarm detections from the result of classification. • We propose to use a majority voting algorithm for every five consecutive detection results for each pair of IP Addresses (source and destination pair) to determine if the result is normal network activity or an attack type. 9
Experiments and performance evaluation In this section, we present the experimental results and performance evaluation of our proposed real-time IDS. We • first present the network data used in the experiment. • We then describe our experimental design and performance metrics used for evaluating the real-time IDS. • Finally, we present the experimental results. 10
Experimental Data • Our experimental network data consists of four DoS attack types, 13 Probe attack types, and normal activity as presented in Table 3. • All attack types were generated using many different tools as shown in the table, while the normal network data was captured from the actual network environment. 11
performance metrics And we measured the detection performance of our RT-IDS as follows: 1. Total Detection Rate (TDR) is the percentage of DoS attacks, Probe attacks, and normal network data that the RT-IDS can correctly detect. 2. Normal Detection Rate (NDR) is the percentage of the normal class that the RT-IDS can correctly detect. 3. Attack Detection Rate (ADR) is the percentage of all attack classes that the RT-IDS can correctly detect. 4. DoS Detection Rate (DDR) is the percentage of the DOS attacks that the RT-IDS can correctly detect. 5. Probe Detection Rate (PDR) is the percentage of the Probe attacks that the RT-IDS can correctly detect. 12
Experimental design 13 We performed three experiments to evaluate our RT-IDS. 1. Experimental results with off-line detection 2. Experimental results with on-line detection (real-time IDS) 3. Experimental results with post-processing procedure
Experimental results with off-line detection The experimental results with RLD09 dataset are presented in Table. All classification techniques gave total detection rates higher than 99% as well. 14
Experimental results with on-line detection (real-time IDS) The experimental results with RLD09 dataset are presented in Table. All classification techniques gave total detection rates higher than 99% as well. 15
Experimental results with post-processing procedure The results of our IDS with post-processing and without the post-processing procedure are compared in detail as shown in Table. 16
Experimental results with post-processing procedure 17 When capturing network traffic with full load (100 Mbps), our RT-IDS consumes less than 25% of CPU resources while using only 94.5 MB of memory.

More Related Content

PDF
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
PPTX
Character Recognition using Machine Learning
byRitwikSaurabh1
 
PPT
INTRUSION DETECTION TECHNIQUES
byTrinity Dwarka
 
PPTX
Spam detection using machine learning based binary classifier_043660
bysyaidatulamirah
 
PDF
Anomaly detection
byHitesh Mohapatra
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
PPTX
Sentiment analysis
byMakrand Patil
 
PPTX
Presentation on Sentiment Analysis
byRebecca Williams
 
Using Machine Learning in Networks Intrusion Detection Systems
byOmar Shaya
 
Character Recognition using Machine Learning
byRitwikSaurabh1
 
INTRUSION DETECTION TECHNIQUES
byTrinity Dwarka
 
Spam detection using machine learning based binary classifier_043660
bysyaidatulamirah
 
Anomaly detection
byHitesh Mohapatra
 
Password cracking and brute force
byvishalgohel12195
 
Sentiment analysis
byMakrand Patil
 
Presentation on Sentiment Analysis
byRebecca Williams
 

What's hot

PPTX
Introduction to Cloud Security
byLegal Services National Technology Assistance Project (LSNTAP)
 
PPTX
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
PPTX
Intrusion Prevention System
byVishwanath Badiger
 
PPTX
Red Team vs. Blue Team
byEC-Council
 
PPTX
One time pad Encryption:
byAsad Ali
 
PPTX
Hadoop Presentation - PPT
byAnand Pandey
 
PPTX
Hash Function
byssuserdfb2da
 
PPT
Internet Traffic Monitoring and Analysis
byInformation Technology
 
PDF
Computer Security and Intrusion Detection(IDS/IPS)
byLJ PROJECTS
 
PPT
3. mining frequent patterns
byAzad public school
 
PPTX
Sentiment Analysis in Twitter
byAyushi Dalmia
 
PDF
Lecture6 introduction to data streams
byhktripathy
 
PPTX
DBSCAN : A Clustering Algorithm
byPınar Yahşi
 
PPTX
U-Net (1).pptx
byChangjin Lee
 
PPTX
Design of Hadoop Distributed File System
byDr. C.V. Suresh Babu
 
PDF
Emotion Speech Recognition - Convolutional Neural Network Capstone Project
byDiego Rios
 
PPT
Hash mac algorithms
byTony Nguyen
 
PPTX
Analysis of-credit-card-fault-detection
byJustluk Luk
 
PPTX
Cluster computing
byKajal Thakkar
 
PPTX
Emotion recognition
byMadhusudhan G
 
Introduction to Cloud Security
byLegal Services National Technology Assistance Project (LSNTAP)
 
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
Intrusion Prevention System
byVishwanath Badiger
 
Red Team vs. Blue Team
byEC-Council
 
One time pad Encryption:
byAsad Ali
 
Hadoop Presentation - PPT
byAnand Pandey
 
Hash Function
byssuserdfb2da
 
Internet Traffic Monitoring and Analysis
byInformation Technology
 
Computer Security and Intrusion Detection(IDS/IPS)
byLJ PROJECTS
 
3. mining frequent patterns
byAzad public school
 
Sentiment Analysis in Twitter
byAyushi Dalmia
 
Lecture6 introduction to data streams
byhktripathy
 
DBSCAN : A Clustering Algorithm
byPınar Yahşi
 
U-Net (1).pptx
byChangjin Lee
 
Design of Hadoop Distributed File System
byDr. C.V. Suresh Babu
 
Emotion Speech Recognition - Convolutional Neural Network Capstone Project
byDiego Rios
 
Hash mac algorithms
byTony Nguyen
 
Analysis of-credit-card-fault-detection
byJustluk Luk
 
Cluster computing
byKajal Thakkar
 
Emotion recognition
byMadhusudhan G
 

Similar to Practical real-time intrusion detection using machine learning approaches

PDF
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
byIRJET Journal
 
PDF
Intrusion Detection System Classification Using Different Machine Learning Al...
byAIRCC Publishing Corporation
 
PDF
Vol 6 No 1 - October 2013
byijcsbi
 
PPTX
Anomaly detection final
byAkshay Bansal
 
PDF
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
byIIJSRJournal
 
PDF
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
byIJNSA Journal
 
PDF
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
byijcsit
 
PDF
An Extensive Survey of Intrusion Detection Systems
byIRJET Journal
 
PDF
06558266
byVidya Sagar
 
DOCX
COPYRIGHTThis thesis is copyright materials protected under the .docx
byvoversbyobersby
 
PDF
IRJET- Machine Learning Processing for Intrusion Detection
byIRJET Journal
 
PDF
IRJET- A Review on Intrusion Detection System
byIRJET Journal
 
PDF
Intrusion detection system via fuzzy
byIJDKP
 
PDF
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
byIJNSA Journal
 
PPT
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
byuseonlyfortech140
 
PDF
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...
byClaraZara1
 
PDF
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
byijdpsjournal
 
PDF
46 102-112
byidescitation
 
PDF
M0446772
byIJERA Editor
 
PDF
International Journal of Engineering Research and Development (IJERD)
byIJERD Editor
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
byIRJET Journal
 
Intrusion Detection System Classification Using Different Machine Learning Al...
byAIRCC Publishing Corporation
 
Vol 6 No 1 - October 2013
byijcsbi
 
Anomaly detection final
byAkshay Bansal
 
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...
byIIJSRJournal
 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION
byIJNSA Journal
 
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
byijcsit
 
An Extensive Survey of Intrusion Detection Systems
byIRJET Journal
 
06558266
byVidya Sagar
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
byvoversbyobersby
 
IRJET- Machine Learning Processing for Intrusion Detection
byIRJET Journal
 
IRJET- A Review on Intrusion Detection System
byIRJET Journal
 
Intrusion detection system via fuzzy
byIJDKP
 
Multi Stage Filter Using Enhanced Adaboost for Network Intrusion Detection
byIJNSA Journal
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
byuseonlyfortech140
 
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...
byClaraZara1
 
Current Studies On Intrusion Detection System, Genetic Algorithm And Fuzzy Logic
byijdpsjournal
 
46 102-112
byidescitation
 
M0446772
byIJERA Editor
 
International Journal of Engineering Research and Development (IJERD)
byIJERD Editor
 

Recently uploaded

PPTX
power point presentation of Soft computing
byyashhjain24
 
PDF
Working with Machine Learning in Production
byFrederick Apina
 
PDF
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
PPTX
Streamline Compliance and Safety with Advanced Contractor Management Software
bySHEQ Network Limited
 
PDF
Comprehensive Guide to Performance Testing Tools and Services
byKanika Vatsyayan
 
PDF
Build Web, Mobile & Desktop Apps with Flutter
byShiv Technolabs Pvt. Ltd.
 
PDF
product realizatio n software.pdf
byJames Cameron
 
PDF
Zoople Technologies: Premier Data Science Institute in Kozhikode
byaromalcsunil761
 
PDF
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
PDF
Enterprise Data Sync via Navision Integration Service Provider
byNavision India
 
PPTX
Classify and visualize Jira work to stay focused and foster innovation - Work...
byWork Type Focus
 
PPTX
Streamline Your Business with BUSY Software.pptx
byMoving Cloud
 
PDF
The Future of School Management in Kenya_ Why Automation Is the Next Big Leap
byChandru
 
PDF
Important Features A Leave Management System Should Have
byCitytech Software DMCC
 
PDF
Custom eCommerce App Development for Modern Retail Stores.pdf
byInexture Solutions
 
DOCX
From Text to Tune: How AI Music Generators Are Changing the Way We Create Songs
bycooperation2
 
PPTX
College Management System.pptx
bygehlotyash2005
 
PPTX
School-Hall-Pass-System-Modernizing-Student-Movement-Management.pptx
byinfoswipesolutionsin
 
PDF
School-Hall-Pass-System-Modernizing-Student-Movement-Management.pdf
byinfoswipesolutionsin
 
PPTX
AI in Payroll Automate & Optimize Workforce Management
byMatellio
 
power point presentation of Soft computing
byyashhjain24
 
Working with Machine Learning in Production
byFrederick Apina
 
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
Streamline Compliance and Safety with Advanced Contractor Management Software
bySHEQ Network Limited
 
Comprehensive Guide to Performance Testing Tools and Services
byKanika Vatsyayan
 
Build Web, Mobile & Desktop Apps with Flutter
byShiv Technolabs Pvt. Ltd.
 
product realizatio n software.pdf
byJames Cameron
 
Zoople Technologies: Premier Data Science Institute in Kozhikode
byaromalcsunil761
 
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
Enterprise Data Sync via Navision Integration Service Provider
byNavision India
 
Classify and visualize Jira work to stay focused and foster innovation - Work...
byWork Type Focus
 
Streamline Your Business with BUSY Software.pptx
byMoving Cloud
 
The Future of School Management in Kenya_ Why Automation Is the Next Big Leap
byChandru
 
Important Features A Leave Management System Should Have
byCitytech Software DMCC
 
Custom eCommerce App Development for Modern Retail Stores.pdf
byInexture Solutions
 
From Text to Tune: How AI Music Generators Are Changing the Way We Create Songs
bycooperation2
 
College Management System.pptx
bygehlotyash2005
 
School-Hall-Pass-System-Modernizing-Student-Movement-Management.pptx
byinfoswipesolutionsin
 
School-Hall-Pass-System-Modernizing-Student-Movement-Management.pdf
byinfoswipesolutionsin
 
AI in Payroll Automate & Optimize Workforce Management
byMatellio
 

Practical real-time intrusion detection using machine learning approaches

  • 1.
    Practical real-time intrusion detectionusing machine learning approaches Armin shoughi May 2019
  • 2.
    IDS / IntrusionDetection System An IDS collects information from a network or computer system, and analyzes the information for symptoms of system breaches Fig. 1. Network intrusion detection system environment. 2
  • 3.
    IDS / IntrusionDetection System 1) 3 IDS Host-based Network-based Offline online IDS 2)
  • 4.
    Real-time IDS process Ourreal-time IDS process, shown in Fig. 2, consists of three phases: • the pre-processing phase • the classification phase • and the post-processing phase 4
  • 5.
    Pre-Processing Phase • Inthe pre-processing phase which is shown in the upper part of Fig. 2, we use a packet sniffer to extract network packet information including IP header, TCP header, UDP header, and ICMP header from each packet. 5
  • 6.
    InGain / InformationGain 6 • Information Gain (InGain) is a criterion for feature selection. To use InGain, we compute an entropy value for each attribute or feature of data. • The entropy value is used for ranking features that affect data classification.
  • 7.
    InGain / InformationGain (Example) 7
  • 8.
    Classification phase • Inthe classification phase, we classify each of the preprocessed data records obtained from the preprocessing phase as normal data or attack data. • This classification phase consists of two main processes which are training and testing network data. 8
  • 9.
    Post-Processing phase • Thepost-processing phase is used to eliminate outliers or false-alarm detections from the result of classification. • We propose to use a majority voting algorithm for every five consecutive detection results for each pair of IP Addresses (source and destination pair) to determine if the result is normal network activity or an attack type. 9
  • 10.
    Experiments and performance evaluation Inthis section, we present the experimental results and performance evaluation of our proposed real-time IDS. We • first present the network data used in the experiment. • We then describe our experimental design and performance metrics used for evaluating the real-time IDS. • Finally, we present the experimental results. 10
  • 11.
    Experimental Data • Ourexperimental network data consists of four DoS attack types, 13 Probe attack types, and normal activity as presented in Table 3. • All attack types were generated using many different tools as shown in the table, while the normal network data was captured from the actual network environment. 11
  • 12.
    performance metrics And wemeasured the detection performance of our RT-IDS as follows: 1. Total Detection Rate (TDR) is the percentage of DoS attacks, Probe attacks, and normal network data that the RT-IDS can correctly detect. 2. Normal Detection Rate (NDR) is the percentage of the normal class that the RT-IDS can correctly detect. 3. Attack Detection Rate (ADR) is the percentage of all attack classes that the RT-IDS can correctly detect. 4. DoS Detection Rate (DDR) is the percentage of the DOS attacks that the RT-IDS can correctly detect. 5. Probe Detection Rate (PDR) is the percentage of the Probe attacks that the RT-IDS can correctly detect. 12
  • 13.
    Experimental design 13 We performedthree experiments to evaluate our RT-IDS. 1. Experimental results with off-line detection 2. Experimental results with on-line detection (real-time IDS) 3. Experimental results with post-processing procedure
  • 14.
    Experimental results withoff-line detection The experimental results with RLD09 dataset are presented in Table. All classification techniques gave total detection rates higher than 99% as well. 14
  • 15.
    Experimental results withon-line detection (real-time IDS) The experimental results with RLD09 dataset are presented in Table. All classification techniques gave total detection rates higher than 99% as well. 15
  • 16.
    Experimental results withpost-processing procedure The results of our IDS with post-processing and without the post-processing procedure are compared in detail as shown in Table. 16
  • 17.
    Experimental results withpost-processing procedure 17 When capturing network traffic with full load (100 Mbps), our RT-IDS consumes less than 25% of CPU resources while using only 94.5 MB of memory.