FastTrafficAnalyzer: An Efficient Method for Intrusion Detection Systems to Analyze Network Traffic

Abstract

Network intrusion detection systems are software or devices used to detect malignant attackers in modern internet networks. The success of these systems depends on the performance of the algorithm and method used to catch attacks and the time it takes for it. Due to the continuous internet traffic, these systems are expected to detect attacks in real time. In this study, using a proposed pre-processing, internet traffic data becomes more easily processable and traffic is classified by network analysis with machine learning techniques. In this way, the traffic analysis time was significantly shortened and a high level of success was achieved. The proposed model has been tested in the CSE-CIC-IDS2018 dataset and its advantaged verified. Experimental results i) 99.0% detection rate was achieved in the ExtraTree algorithm for binary classification, while a reduction of 82.96% was achieved in the processing time per sample; ii) For multiclass (15 class) detection, 98.5% detection rate was achieved with the Random Forest algorithm, while a 64.43% shortening was achieved in the processing time per sample. As a result, similar classification rate with the studies in the literature has been achieved with much shorter test time.

Keywords

• Network intrusion detection
• machine learning
• feature conversion
• cyber security

References

1. [1] McKinney Wes, “Data structures for statistical computing in Python”, Proceedings of the 9th python in science conference, 1-6, 2010.
2. [2] Pedregosa F, Varoquaux G., Gramfort A., Michel V., Thirion B., Grisel O, et al., “Scikit-learn: machine learning in Python”, Journal of Machine Learning Research 12, 2825-2830, 2011.
3. [3] Chen T., Guestrin C., “Xgboost: a scalable tree boosting system”, Proceedings of the 22nd ACM SIGKDD International conference on Knowledge Discovery and Data Mining, 785-794, August, 2016.
4. [4] CyberEdge, 2021. 2021 Cyberthreat Defense Report. https://cyber-edge.com/cdr/
5. [5] FireEye, 2021. M-trends 2021Cyber Security Report. FireEye, https://www.fireeye.com/blog/threat-research/2021/04/m-trends-2021-a-view-from-the-front-lines.html
6. [6] Liao H-J, Richard Lin C-H, Lin Y-C, Tung K. “Intrusion detection system: A comprehensive review”, Journal of Network and Computer Applications, 36(1), 16-24, 2013.
7. [7] Sunanda Gamage, Jagath Samarabandu, “Deep learning methods in network intrusion detection: a survey and an objective comparison”, Journal of Network and Computer Applications, 169, 1-21, 2020.
8. [8] Ansam Khraisat, Ammar Alazab, “A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges”, Cybersecurity, 4(18), 1-27, 2021.

9. [9] C Kalimuthan, J. Arokia Renjit, “Review on instrusion detection using feature selection with machine learning techniques”, Materials Todat: Proceddings, 33(7), 3794-3802, 2020.
10. [10] Cisco, 2021. Cisco Security Analytics Whitepaper. https://www.cisco.com/c/dam/en/us/products/collateral/security/stealthwatch/sw-siem-optimization-wp.pdf.
11. [11] Darktrace, 2021, Preparing for AI-enabled Cyberattacks, Whitepaper, https://www.darktrace.com/en/mit-preparing-for-cyberattacks/.
12. [12] Vectra Cognito, 2020. How to Augment Security Operations Center with Artificial Intellignece, Whitepaper, https://content.vectra.ai/rs/748-MCE-447/images/WhitePaper_AugmentSOCwithAI.pdf.
13. [13] Chencheng MA, XueHui Du, Lifeng Cao, “Analysis of Multi-Types of Flow Features Based on Hybrid Neural Network for Improving Network Anomaly Detection”, IEEE Access, 7, 1-18, 2019.
14. [14] Lan Liu, PengCheng Wang, Jun Lin, LangZhou Liu, “Intrusion Detection of Imbalanced Network Traffic based on Machine Learning and Deep Learning”, IEEE Access, 9, 1-14, 2021.
15. [15] University of New Brunswick (UNB). A realistic cyber defense dataset (CSE-CIC-IDS2018), https://www.unb.ca/cic/datasets/ids-2018.html.
16. [16] Iman Sharafaldin, Arash Habibi Lashkari, Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy, 1-9, 2018.
17. [17] G. Karatas , O. Demir , O.K. Sahingoz , Increasing the performance of machine learn- ing-based IDSs on an imbalanced and up-to-date dataset, IEEE Access 8 (2020) 32150–32162 .
18. [18] Hongpro Zhang, Lulu Huang, Chase Q. Wu, Zhanbo Li, “An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset”, Computer Networks, 177, 1-10, 2020.
19. [19] V. Kanimozhi, T. Prem Jabob, “Artificial Intelligence based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing”, ICT Express, 5, 211-214, 2019.
20. [20] Yesi Novaria Kunang, Siti Nurmaini, Deris Stiawan, Bhakti Yudho Suprapto, “Attack clasification of an instrusion detection system using deep learning and hyperparameter optimization”, Journal of Information Security and Applications, 58, 1-15, 2021.
21. [21] S. S. Volkov, I I Kurochkin, “Network attacks classification using Long Short-term memory based neural networks in Software Defined Networks”, 9th International Young Scientist Conference on Computational Science, 178, 394-403, 2020.
22. [22] Mahendra Prasad, Sachin Tripathi, Keshav Dahal, “Unsupervised feature selection and cluster center initialization based arbitrary shaped clusters for intrusion detection”, Computers & Security, 99, 1-19, 2020.
23. [23] Jiyeon Kim, Jiwon Kim, Hyunjung Kim, Minsun Shim, Eunjung Choi, “CNN-based network intrusion detection against Denial-of-Service Attacks”, Mdpi electronics, 1-21, 2020.
24. [24] Mokhtar Mohammadi, Tarik A. Rashid, Sarkhel H.Taher Karim, Adil Hussain Mohammed Aldalwie, Quan Thanh Tho, Moazam Bidaki, Amir Masoud Rahmani, Mehdi Hosseinzadeh, “A comprehensive survey and taxonomy of the SVM-based intrusion detection systems”, Journal of Network and Computer Applications,178, 1-23, 2021.
25. [25] T. Daniya, K. Suresh Kumar, B. Santhosh Kumar, Chandra Sekhar Kolli, “A survey on anomaly-based intrusion detection system”, Materials Today: Proceedings, 1-4, 2021.
26. [26] Arwa Aldweesh, Abdelouahid Derhab, Ahmed Z. Emam, “Deep learning approaches for anomaly-based intrusion detection systems: A survey, taxonomy, and open issues”, Knowledge-Based Systems, 189,1-19, 2020.
27. [27] Lian Yu, Jingtao Dong, Lihao Chen, Mengyuan Li, Bingfeng Xu, Zhao Li, Lin Qiao, Lijun Liu, Bei Zhao, Chen Zhang, “PBCNN: Packet Bytes-based Convolutional Neural Network for Network Intrusion Detection”, Computer Networks, 1-24, 2021.
28. [28] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat and S. Venkatraman, "Deep Learning Approach for Intelligent Intrusion Detection System," in IEEE Access, vol. 7, pp. 41525-41550, 2019, doi: 10.1109/ACCESS.2019.2895334.
29. [29] Mohamed Amine Ferrag, Leandros Maglaras, Sotiris Moschoyiannis, Helge Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study”, Journal of Information Security and Applications, 50, 1-19, 2020.
30. [30] Mesut Uğurlu, İbrahim Alper Doğru, Recep Sinan ARSLAN, “A new classification method for encrypted internet traffic using machine learning”, Turkish Journal of Electrical Engineering and Computer Sciences, Accepted. 2021