Abstract
Introduction/purpose: Anomaly detection-based Network Intrusion Detection Systems (NIDSs) have emerged as a valuable tool, particularly in military fields, for protecting networks against cyberattacks, specifically focusing on Netflow data, to identify normal and abnormal patterns. This study investigates the effectiveness of anomaly-based machine learning (ML) and deep learning (DL) models in NIDSs using the publicly available NF-UQ-NIDS dataset, which utilizes Netflow data, with the aim of enhancing network protection. Methods: The authors Sarhan, M., Layeghy, S., Moustafa, N. and Portmann, M. in the conference paper Big Data Technologies and Applications, in 2021, involve a preprocessing step where 8 features are selected for the training phase out of the 12 available features. Notably, the IP source and destination addresses, as well as their associated ports, are specifically excluded. The novelty of this paper lies in the preprocessing of the excluded features and their inclusion in the training phase, employing various classification ML and DL algorithms such as ExtraTrees, ANN, simple CNN, and VGG16 for binary classification. Results: The performance of the classification models is evaluated using metrics such as accuracy, recall, etc., which provide a comprehensive analysis of the obtained results. The results show that the ExtraTrees ML model outperforms all other models when using our preprocessing features, achieving a classification accuracy of 99.09%, compared to 97.25% in the reference dataset. Conclusion: The study demonstrates the effectiveness of anomalybased ML and DL models in NIDSs using Netflow data.
Publisher
Centre for Evaluation in Education and Science (CEON/CEES)
Reference15 articles.
1. Anitha, A.A. & Arockiam, L. 2019. ANNIDS: Artificial Neural Network based Intrusion Detection System for Internet of Things. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8(11), pp. 2583-2588. Available at: https://doi.org/10.35940/ijitee.K1875.0981119;
2. Bahlali, A.R. 2019. Anomaly-Based Network Intrusion Detection System: A Machine Learning Approach. Ma thesis, Biskra, Algeria: University of Mohamed Khider, Faculty of Exact, Natural and Life Sciences, Computer Science Departement. Available at: https://doi.org/10.13140/RG.2.2.29553.84325;
3. Cahyo, A.N., Hidayat, R. & Adhipta, D. 2016. Performance comparison of intrusion detection system based anomaly detection using artificial neural network and support vector machine. AIP Conference Proceedings, 1755(1, art.number:070011), pp. 1-7. Available at: https://doi.org/10.3969/j.issn.1002-6819.2015.01.028;
4. Cao, C., Panichella, A., Verwer, S., Blaise, A. & Rebecchi, F. 2022. ENCODE: Encoding NetFlows for State-Machine Learning. arXiv:2207.03890. Available at: https://doi.org/10.48550/arXiv.2207.03890;
5. Cisco. 2011. NetFlow Version 9 Flow-Record Format [online]. Available at: https://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_pa per09186a00800a3db9.html [Accessed: 10 August 2023];