Year 2019, Volume 3 , Issue 1, Pages 11 - 22 2019-06-28

THE EFFECT OF MACHINE LEARNING ON INTRUSION DETECTION SYSTEMS
SALDIRI TESPİT SİSTEMLERİNE MAKİNE ÖĞRENME ETKİSİ

Mustafa TAKAOĞLU [1] , Çağdaş ÖZER [2]


As technology advances and the link between people and machines grows, system and data security become more important. Attackers try to find gaps by examining systems and sometimes succeed. Successful attacks lead to material and moral damages. Anti-virus or firewalls are used to prevent them. Anti-virus and firewalls may not always provide an effective defense against expert attackers. Based on these and similar problems, intrusion detection systems have been developed. They do this by collecting information from various systems and network resources and then analyzing the data for possible security issues. This study focuses on these problems and aims to train an intrusion detection system using machine learning techniques, known attack types, and data from server-based attack methods. In this direction, the data set was created by combining CesarFTP, WebDAV, Icecast, Tomcat, OS SMB, OS Print Spool, PMWiki, Wireless Karma, PDF N, Backdoored Executable, Browser Attack, Infectious Media attack data. The resulting data set was classified and trained using the Support Vector Machine (DVM) and Naive Bayes (NB), and the results were shared. Following the training and testing of the system with DVM, the success rate of 0.7129 was achieved, followed by the re-applied size reduction and Principal Component Analysis with Naive Bayes and the success level of 0.7914. This showed that the intrusion detection system, which was trained using the aforementioned intrusion data, was able to detect 79 percent of incoming attacks accurately while it was active and operational.

Teknoloji ilerledikçe ve insanlar ile makineler arasındaki bağlantı arttıkça, sistem ve veri güvenliği daha önemli hale gelmektedir. Saldırganlar, sistemleri inceleyerek açıklarını bulmaya çalışmakta ve kimi zaman da başarıya ulaşmaktadırlar. Başarıya ulaşan saldırılar maddi manevi zararlara yol açmaktadır. Bunların önüne geçebilmek için anti virüs veya güvenlik duvarları kullanılmaktadır. Anti virüs ve güvenlik duvarları uzman saldırganlara karşı her zaman etkin bir savunma sağlayamayabilirler. Bu ve benzer sorunlardan yola çıkılarak saldırı tespit sistemleri geliştirilmeye çalışılmıştır. Bunu, çeşitli sistemlerden ve ağ kaynaklarından bilgi toplayarak ve sonra olası güvenlik sorunları için bilgileri analiz ederek gerçekleştirirler. Çalışmamızda bu sorunlara odaklanılmış ve makine öğrenmesi tekniklerini, bilinen saldırı çeşitlerini ve sunucu tabanlı saldırı yöntemlerinin verilerini kullanarak saldırı tespit sistemi eğitmek amaçlanmıştır. Bu doğrultuda çalışmamızda, CesarFTP, WebDAV, Icecast, Tomcat, OS SMB, OS Print Spool, PMWiki, Wireless Karma, PDF N, Backdoored Executable, Browser Attack, Infectious Media saldırı verileri birleştirilerek veri seti oluşturulmuştur. Ortaya çıkan bu veri seti ise Destek Vektör Makinesi (DVM) ve Naive Bayes (NB) kullanılarak sınıflandırılmış ve eğitilmiştir ve elde edilen sonuçlar paylaşılmıştır. DVM ile sistemin eğitilmesi ve test edilmesinden sonra 0,7129 başarı oranına, ardından tekrar uygulanan boyut azaltma ve Temel Bileşen Analizi sonrasında Naive Bayes ile birlikte 0,7914 başarı seviyesine ulaşılmıştır. Bu da bahsi geçen saldırı verileri kullanılarak eğitilen saldırı tespit sistemi aktif ve çalışıyor konumda iken, gelen saldırıları %79 oranında doğru tespit edebildiğini göstermiştir.


  • Askaruly S. (2019). Naive Bayes From Scratch in Python Erişim Tarihi: https://gist.github.com/tuttelikz/94f750ef3bf14f8a126a.Rozenblum D. (2001). Understanding Intrusion Detection Systems. The SANS Institute Information Security Reading Room.
  • Aygün R. C. (2017). Derin Öğrenme Yöntemleri ile Bilgisayar Ağlarında Güvenliğe Yönelik Anormallik Tespiti. İstanbul, 2016-04-01-YL01, s.27. Erişim adresi: https://docplayer.biz.tr/64409341-Derin-ogrenme-yontemleri-ile-bilgisayar-aglarinda-guvenlige-yonelik-anormallik-tespiti-r-can-aygun-danisman-doc-dr-a.html
  • Bilge K., Dumitras T. (2012). An Empirical Study of Zero-Day Attacks In The Real World. CCS’12, October 16–18 Raleigh, North Carolina, USA. Copyright 2012 ACM 978-1-4503-1651-4/12/10.
  • Blondel M. (2019) Support Vector Machines Erişim adresi: https://gist.github.com/mblondel/586753/f740949d0336484567dd422fe53445ac8821f5b2
  • Breitenbacher D., Homoliak I., Aung Y. L., Tippenhauer N. O., and Elovici Y. (2019). HADES-IoT: A Practical Host Based Anomaly Detection System for IoT Devices. In ACM
  • Asia Conference on Computer and Communications Security (AsiaCCS ’19), July 9–12, 2019, Auckland, New Zealand. ACM, New York, NY, USA, 6 pages. https://doi.org/10.1145/ 3321705.3329847
  • Cheetancheri G. S. (2007). Collaborative defense against zero-day and polymorphic worms: detection, response and an evaluation framework. Submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Office of Graduate Studies of the University of California Davis.
  • Cp<r>, (2018). Check Point Cyber Attack Trends: Mid-Year Report 2018, Check Point Research Software Technologies.
  • Idhammada M., Afdela K., Belouchb M. (2018). Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques. ScienceDirect. Procedia Computer Science 127 (2018) 35–41.
  • IDS Introduction (2008). Erişim adresi: http://etutorials.org/Networking/Router+firewall+security/Part+VII+Detecting+and+Preventing+Attacks/Chapter+16.+Intrusion-Detection+System/IDS+Introduction/
  • Intrusion Detection/Prevention Systems (2016). Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models. Erişim adresi: https://slideplayer.com/slide/4982018/
  • Jabbar M. A., Aluvalub R., Reddy S. S. S. (2017). RFAODE: A Novel Ensemble Intrusion Detection System. ScienceDirect. Procedia Computer Science 115 (2017) 226–234.
  • Kraur R., Singh M. (2014). Efficient Hybrid Technique for Detecting Zero-Day Polymorphic Worms (978-1-4799-2572-8/14/$31.00_c IEEE).
  • Mazini, M., et al. (2018). Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. Journal of King Saud University – Computer and Information Sciences (2018), https://doi.org/10.1016/j.jksuci.2018.03.011
  • Richardson R. (2011). Computer Crime and Security Survey. Computer Security Institute, CSI. Tech. report, p.25, figure 15.
  • Shenfield A., Day D., Ayesh A. (2018). Intelligent intrusion detection systems using artificial neural networks. ScienceDirect. ICT Express Volume 4, Issue 2, June 2018, Pages 95-99.
  • Staniford-Chen S., Cheung S., Crawford R., Dilger M., Frank J., Hoagland J., Levitt K., Wee C., Yip R., Zerkle D. (1999). Graph Based Intrusion Detection System For Large Networks. Department of Computer Science, University of California at Davis, CA 95616.
  • Urmila T. S. ve Balasubramanian R. (2019). Dynamic Multi-layered Intrusion Identification and Recognition using Artificial Intelligence Framework. International Journal of Computer Science and Information Security (IJCSIS), Vol. 17, No. 2, February 2019, ISSN 1947-5500
  • Wu M., Song J., Lin L. W. L., Aurelle N., Liu Y., Ding B., Song Z., Moon Y. B. (2018). Establishment of intrusion detection testbed for CyberManufacturing systems. ScienceDirect. Procedia Manufacturing 26 (2018) 1053–1064.
  • Yıldırım M. Z. (2014). Makine Öğrenmesi Yöntemleri ile Network Üzerinde Saldırı Tespiti. Yüksek Lisans Tezi, Karabük Üniversitesi, 902-1-014, s.5.
  • Zhumangaliyeva N., Korchenko A., Doszhanova A., Shaikhanova A., Gulmira S., Smagulov S. ve Erzhan S. (2019). Detection Environment Formation Method for Anomaly Detection Systems, International Journal of Mechanical Engineering and Technology, 10(3), 2019, pp. 220-235. http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=10&IType=3
Primary Language tr
Subjects Computer Science, Artifical Intelligence
Journal Section Articles
Authors

Orcid: 0000-0002-1634-2705
Author: Mustafa TAKAOĞLU (Primary Author)
Institution: İSTANBUL AYDIN ÜNİVERSİTESİ
Country: Turkey


Orcid: 0000-0002-0581-7955
Author: Çağdaş ÖZER (Primary Author)
Institution: İSTANBUL AYDIN ÜNİVERSİTESİ
Country: Turkey


Dates

Publication Date : June 28, 2019

APA TAKAOĞLU, M , ÖZER, Ç . (2019). SALDIRI TESPİT SİSTEMLERİNE MAKİNE ÖĞRENME ETKİSİ. Uluslararası Yönetim Bilişim Sistemleri ve Bilgisayar Bilimleri Dergisi , 3 (1) , 11-22 . DOI: 10.33461/uybisbbd.558192