SALDIRI TESPİT SİSTEMLERİNE MAKİNE ÖĞRENME ETKİSİ

Year 2019, Volume: 3 Issue: 1, 11 - 22, 28.06.2019

Mustafa Takaoğlu Çağdaş Özer

https://doi.org/10.33461/uybisbbd.558192

Cited By: 4

Abstract

Teknoloji ilerledikçe ve
insanlar ile makineler arasındaki bağlantı arttıkça, sistem ve veri güvenliği
daha önemli hale gelmektedir. Saldırganlar, sistemleri inceleyerek açıklarını
bulmaya çalışmakta ve kimi zaman da başarıya ulaşmaktadırlar. Başarıya ulaşan
saldırılar maddi manevi zararlara yol açmaktadır. Bunların önüne geçebilmek
için anti virüs veya güvenlik duvarları kullanılmaktadır. Anti virüs ve
güvenlik duvarları uzman saldırganlara karşı her zaman etkin bir savunma sağlayamayabilirler.
Bu ve benzer sorunlardan yola çıkılarak saldırı tespit sistemleri
geliştirilmeye çalışılmıştır. Bunu, çeşitli sistemlerden ve ağ kaynaklarından
bilgi toplayarak ve sonra olası güvenlik sorunları için bilgileri analiz ederek
gerçekleştirirler. Çalışmamızda bu sorunlara odaklanılmış ve makine öğrenmesi
tekniklerini, bilinen saldırı çeşitlerini ve sunucu tabanlı saldırı
yöntemlerinin verilerini kullanarak saldırı tespit sistemi eğitmek
amaçlanmıştır. Bu doğrultuda çalışmamızda, CesarFTP, WebDAV, Icecast, Tomcat,
OS SMB, OS Print Spool, PMWiki, Wireless Karma, PDF N, Backdoored Executable,
Browser Attack, Infectious Media saldırı verileri birleştirilerek veri seti oluşturulmuştur.
Ortaya çıkan bu veri seti ise Destek Vektör Makinesi (DVM) ve Naive Bayes (NB)
kullanılarak sınıflandırılmış ve eğitilmiştir ve elde edilen sonuçlar
paylaşılmıştır. DVM ile sistemin eğitilmesi ve test edilmesinden sonra 0,7129 başarı
oranına, ardından tekrar uygulanan boyut azaltma ve Temel Bileşen Analizi sonrasında
Naive Bayes ile birlikte 0,7914 başarı seviyesine ulaşılmıştır. Bu da bahsi
geçen saldırı verileri kullanılarak eğitilen saldırı tespit sistemi aktif ve
çalışıyor konumda iken, gelen saldırıları %79 oranında doğru tespit
edebildiğini göstermiştir.

Keywords

Saldırı Tespit Sistemleri, Makine Öğrenmesi, Destek Vektör Makinesi, Naif Bayes

THE EFFECT OF MACHINE LEARNING ON INTRUSION DETECTION SYSTEMS

Abstract

As technology advances and the link between people and machines grows, system and data security become more important. Attackers try to find gaps by examining systems and sometimes succeed. Successful attacks lead to material and moral damages. Anti-virus or firewalls are used to prevent them. Anti-virus and firewalls may not always provide an effective defense against expert attackers. Based on these and similar problems, intrusion detection systems have been developed. They do this by collecting information from various systems and network resources and then analyzing the data for possible security issues. This study focuses on these problems and aims to train an intrusion detection system using machine learning techniques, known attack types, and data from server-based attack methods. In this direction, the data set was created by combining CesarFTP, WebDAV, Icecast, Tomcat, OS SMB, OS Print Spool, PMWiki, Wireless Karma, PDF N, Backdoored Executable, Browser Attack, Infectious Media attack data. The resulting data set was classified and trained using the Support Vector Machine (DVM) and Naive Bayes (NB), and the results were shared. Following the training and testing of the system with DVM, the success rate of 0.7129 was achieved, followed by the re-applied size reduction and Principal Component Analysis with Naive Bayes and the success level of 0.7914. This showed that the intrusion detection system, which was trained using the aforementioned intrusion data, was able to detect 79 percent of incoming attacks accurately while it was active and operational.

Keywords

Intrusion Detection Systems, Machine Learning, Support Vector Machine, Naive Bayes

References

• Askaruly S. (2019). Naive Bayes From Scratch in Python Erişim Tarihi: https://gist.github.com/tuttelikz/94f750ef3bf14f8a126a.Rozenblum D. (2001). Understanding Intrusion Detection Systems. The SANS Institute Information Security Reading Room.
• Aygün R. C. (2017). Derin Öğrenme Yöntemleri ile Bilgisayar Ağlarında Güvenliğe Yönelik Anormallik Tespiti. İstanbul, 2016-04-01-YL01, s.27. Erişim adresi: https://docplayer.biz.tr/64409341-Derin-ogrenme-yontemleri-ile-bilgisayar-aglarinda-guvenlige-yonelik-anormallik-tespiti-r-can-aygun-danisman-doc-dr-a.html
• Bilge K., Dumitras T. (2012). An Empirical Study of Zero-Day Attacks In The Real World. CCS’12, October 16–18 Raleigh, North Carolina, USA. Copyright 2012 ACM 978-1-4503-1651-4/12/10.
• Blondel M. (2019) Support Vector Machines Erişim adresi: https://gist.github.com/mblondel/586753/f740949d0336484567dd422fe53445ac8821f5b2
• Breitenbacher D., Homoliak I., Aung Y. L., Tippenhauer N. O., and Elovici Y. (2019). HADES-IoT: A Practical Host Based Anomaly Detection System for IoT Devices. In ACM
• Asia Conference on Computer and Communications Security (AsiaCCS ’19), July 9–12, 2019, Auckland, New Zealand. ACM, New York, NY, USA, 6 pages. https://doi.org/10.1145/ 3321705.3329847
• Cheetancheri G. S. (2007). Collaborative defense against zero-day and polymorphic worms: detection, response and an evaluation framework. Submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Office of Graduate Studies of the University of California Davis.
• Cp<r>, (2018). Check Point Cyber Attack Trends: Mid-Year Report 2018, Check Point Research Software Technologies.
• Idhammada M., Afdela K., Belouchb M. (2018). Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques. ScienceDirect. Procedia Computer Science 127 (2018) 35–41.
• IDS Introduction (2008). Erişim adresi: http://etutorials.org/Networking/Router+firewall+security/Part+VII+Detecting+and+Preventing+Attacks/Chapter+16.+Intrusion-Detection+System/IDS+Introduction/
• Intrusion Detection/Prevention Systems (2016). Objectives and Deliverable Understand the concept of IDS/IPS and the two major categorizations: by features/models. Erişim adresi: https://slideplayer.com/slide/4982018/
• Jabbar M. A., Aluvalub R., Reddy S. S. S. (2017). RFAODE: A Novel Ensemble Intrusion Detection System. ScienceDirect. Procedia Computer Science 115 (2017) 226–234.
• Kraur R., Singh M. (2014). Efficient Hybrid Technique for Detecting Zero-Day Polymorphic Worms (978-1-4799-2572-8/14/$31.00_c IEEE).
• Mazini, M., et al. (2018). Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. Journal of King Saud University – Computer and Information Sciences (2018), https://doi.org/10.1016/j.jksuci.2018.03.011
• Richardson R. (2011). Computer Crime and Security Survey. Computer Security Institute, CSI. Tech. report, p.25, figure 15.
• Shenfield A., Day D., Ayesh A. (2018). Intelligent intrusion detection systems using artificial neural networks. ScienceDirect. ICT Express Volume 4, Issue 2, June 2018, Pages 95-99.
• Staniford-Chen S., Cheung S., Crawford R., Dilger M., Frank J., Hoagland J., Levitt K., Wee C., Yip R., Zerkle D. (1999). Graph Based Intrusion Detection System For Large Networks. Department of Computer Science, University of California at Davis, CA 95616.
• Urmila T. S. ve Balasubramanian R. (2019). Dynamic Multi-layered Intrusion Identification and Recognition using Artificial Intelligence Framework. International Journal of Computer Science and Information Security (IJCSIS), Vol. 17, No. 2, February 2019, ISSN 1947-5500
• Wu M., Song J., Lin L. W. L., Aurelle N., Liu Y., Ding B., Song Z., Moon Y. B. (2018). Establishment of intrusion detection testbed for CyberManufacturing systems. ScienceDirect. Procedia Manufacturing 26 (2018) 1053–1064.
• Yıldırım M. Z. (2014). Makine Öğrenmesi Yöntemleri ile Network Üzerinde Saldırı Tespiti. Yüksek Lisans Tezi, Karabük Üniversitesi, 902-1-014, s.5.
• Zhumangaliyeva N., Korchenko A., Doszhanova A., Shaikhanova A., Gulmira S., Smagulov S. ve Erzhan S. (2019). Detection Environment Formation Method for Anomaly Detection Systems, International Journal of Mechanical Engineering and Technology, 10(3), 2019, pp. 220-235. http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=10&IType=3