Ağ Güvenliğini Geliştirme: Saldırı Algılama Sistemlerinin Kapsamlı Analizi

Year 2024, Volume: 29 Issue: 3, 927 - 938, 31.12.2024

Murat Koca , İsa Avcı

https://doi.org/10.53433/yyufbed.1545033

Abstract

Siber saldırılarının artan karmaşıklığı ve ilerlemesi göz önüne alındığında, etkili saldırı tespit sistemlerinin varlığı ağ güvenliğinin önemli bir bileşeni haline gelmiştir. Makine öğrenimi yöntemleri, bu tür saldırıları belirlemek ve azaltmak için potansiyel bir strateji haline gelmiştir. Bu makale, makine öğrenimi tekniklerini kullanarak saldırı tespitinin kapsamlı bir incelemesini gerçekleştirmiştir. Amaç, mevcut araştırma durumunun kapsamlı bir analizini sunmak, engelleri belirlemek ve bu alandaki olası çözümleri vurgulamaktır. Makale, saldırı tespitinin önemini ve geleneksel kural tabanlı sistemlerin kısıtlamalarını inceleyerek başlamaktadır. Ardından, makine öğreniminin temel fikirleri ve kavramları ile saldırı tespiti alanındaki pratik uygulamalarına derinlemesine inmektedir. Bu çalışmada, karar ağaçları, sinir ağları, destek vektör makineleri ve topluluk yöntemleri dahil olmak üzere çeşitli makine öğrenimi algoritmalarının kapsamlı bir incelemesi sunulmaktadır. Bu çalışmanın temel amacı, farklı saldırı türlerini tespit etmek için bu yöntemleri kullanmanın etkinliğini ve kısıtlamalarını incelemektir. NSL-KDD veri setini sınıflandırmak için üç algoritma kullanılmıştır: Basamaklı Geri Yayılımlı Sinir Ağları (CBPNN), Katmanlı Tekrarlayan Sinir Ağı (LRNN) ve İleri-Geri Yayılımlı Sinir Ağları (FBPNN). Yapılan çalışma sonucunda, CBPNN'nin %95 doğruluk elde ederek daha iyi performans gösterdiğini göstermiştir.

Keywords

CBPNN, FBPNN, Lojistik regresyon, Makine öğrenmesi, Saldırı tespit sistemleri (IDS), Siber güvenlik

Enhancing Network Security: A Comprehensive Analysis of Intrusion Detection Systems

Abstract

Given the increasing complexity and progress of intrusion attacks, effective intrusion detection systems have become crucial to protecting networks. Machine learning methods have become a potential strategy for identifying and reducing such attacks. This paper has conducted a comprehensive analysis of intrusion detection using machine learning methodologies. The aim is to thoroughly examine the current state of research, identify the barriers, and highlight potential solutions in this field. The study begins by analyzing the importance of intrusion detection and the limitations of traditional rule-based systems. Afterward, it explores the underlying principles and concepts of machine learning and how they are practically applied in the field of intrusion detection. This paper provides a comprehensive analysis of different machine learning algorithms, such as decision trees, neural networks, support vector machines, and ensemble methods. The primary objective of this study is to assess the effectiveness and limitations of employing these techniques for identifying various forms of intrusions. Three algorithms are used to classify the NSL-KDD dataset, namely Cascade Backpropagation Neural Networks (CBPNN), Layered Recurrent Neural Networks (LRNN), and Forward-Backward Propagation Neural Networks (FBPNN). Results have shown that CBPNN outperformed by achieving 95% accuracy.

Keywords

CBPNN, Cyber security, FBPNN, Intrusion detection systems (IDS), Logistic regression, Machine learning

References

• Alazab, M., Venkatraman, S., Watters, P., & Alazab, M. (2011). Zero-day malware detection based on supervised learning algorithms of API call signatures. AusDM, 11, 171-182.
• Avcı, İ., & Koca, M. (2023). Cybersecurity attack detection model, using machine learning techniques. Acta Polytechnica Hungarica, 20(7), 2023–2052.
• Bahlali, A. R., & Bachir, A. (2023). Machine learning anomaly-based network ıntrusion detection: experimental evaluation. Lecture Notes in Networks and Systems, 654 LNNS, 392–403. https://doi.org/10.1007/978-3-031-28451-9_34
• Bengio, Y., Simard, P., & Frasconi, P. (1994). Learning long-term dependencies with gradient descent is difficult. IEEE Transactions on Neural Networks, 5(2), 157-166. https://doi.org/10.1109/72.279181
• Biermann, E., Cloete, E., & Venter, L. M. (2001). A comparison of intrusion detection systems. Computers & Security, 20(8), 676–683. https://doi.org/10.1016/S0167-4048(01)00806-9
• Can, O., & Sahingoz, O. K. (2015). A survey of intrusion detection systems in wireless sensor networks. 6th International Conference on Modeling, Simulation, and Applied Optimization, ICMSAO 2015 - Dedicated to the Memory of Late Ibrahim El-Sadek. https://doi.org/10.1109/ICMSAO.2015.7152200
• Çakmak, M., Albayrak, Z., & Torun, C. (2021). Performance comparison of queue management algorithms in LTE networks using NS-3 simulator. Technical Gazette, 28(1), 135-142. https://doi.org/10.17559/TV-20200411071703
• Eskin, E., Arnold, A., Prerau, M., Portnoy, L., & Stolfo, S. (2002). A geometric framework for unsupervised anomaly detection.In Barbará, D., Jajodia, S. (Eds). Applications of data mining in computer security. Advances in Information Security, vol 6. (pp. 77–101). Springer, Boston. https://doi.org/10.1007/978-1-4615-0953-0_4
• Gao, Y., Li, X., Peng, H., Fang, B., & Philip, S. Y. (2020). Hincti: A cyber threat intelligence modeling and identification system based on heterogeneous information network. IEEE Transactions on Knowledge and Data Engineering, 34(2), 708–722. https://doi.org/10.1109/TKDE.2020.2987019
• García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1–2), 18–28. https://doi.org/10.1016/J.COSE.2008.08.003
• Ghosh, A., & Schwartzbard, A. (1999). A study in using neural networks for anomaly and misuse detection. Usenix.OrgAK Ghosh, A Schwartzbard8th USENIX Security Symposium (USENIX Security 99).
• Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1), 1–22. https://doi.org/10.1186/s42400-019-0038-7
• Koca, M., Aydin, M., Sertbaş, A., & Zaim A. (2021). A new distributed anomaly detection approach for log IDS management based ondeep learning. Turkish Journal of Electrical Engineering and Computer Sciences, 29(5), 2486–2501. https://doi.org/10.3906/elk-2102-89
• Liu, Y., Jing, W., & Xu, L. (2016). Cascading model based back propagation neural network in enabling precise classification. 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery, ICNC-FSKD 2016, 7–11. https://doi.org/10.1109/FSKD.2016.7603142
• McHugh, J. (2000). Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security (TISSEC), 3(4), 262-294. https://doi.org/10.1145/382912.382923
• Mitchell, R., & Chen, I. R. (2014). A survey of intrusion detection in wireless network applications. Computer Communications, 42, 1–23. https://doi.org/10.1016/J.COMCOM.2014.01.012
• Ozalp, A. N., & Albayrak, Z. (2022). Detecting cyber attacks with high-frequency features using machine learning algorithms. Acta Polytechnica Hungarica, 19(7), 2022–2213. https://doi.org/10.12700/APH.19.7.2022.7.12
• Rahul-Vigneswaran, K., Poornachandran, P., & Soman, K. (2020). A compendium on network and host based intrusion detection systems. Lecture Notes in Electrical Engineering, 601, 23–30. https://doi.org/10.1007/978-981-15-1420-3_3
• Rai, S. (2019). NSL-KDD dataset [Dataset]. Kaggle. Access date: 26.12.2024. https://www.kaggle.com/datasets/sanketrai/nslkdd-dataset
• Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. Proceedings - IEEE Symposium on Security and Privacy, 305–316. https://doi.org/10.1109/SP.2010.25
• Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. (2009). A detailed analysis of the KDD CUP 99 data set. Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 1–6. https://doi.org/10.1109/CISDA.2009.5356528
• Yonan, J., & Zahra, N. (2023). Node intrusion tendency recognition using network level features based deep learning approach. Babylonian Journal of Networking, 2023, 1–10. https://doi.org/10.58496/BJN/2023/001
• Zhang, Y., Huang, H., He, H., Teng, J., & Wang, Z. (2015). Efficient distributed semantic based data and service unified discovery with one-dimensional semantic space. Journal of Network and Computer Applications, 49, 78–87. https://doi.org/10.1016/J.JNCA.2014.11.008