Öz

Özet

Son zamanlarda gelişen ağ saldırılarından korunmak için saldırı tespit sistemler önemli bir hale gelmiştir. Bu saldırılar,

öncekilerden daha karmaşık ve tespit edilmesi zordur. Bu nedenle Makine Öğrenmesi teknikleri kullanılmaya

başlanmıştır. Böylece ağdan gelen paketlerin karekteristiklerinde, daha karmaşık özellikler tespit edilebilmektedir.

Bu teknikler öğrenebilmek için belirli özelliklerde verysetine ihtiyaç duymaktadır. Bu amaç ile birçok

very seti toplanmıştır. Bu verisetlerinin bazıları gerçek hayat uygulamalarında saldırı tespit sistemlerinin uygulamasında

bilinen limitlere sahiptir.

Bu çalışmada Bu her bir veri setinin bilinen konularının yanı sıra, makine öğrenim tekniklerini kullanan ve bu veri

setlerini kullanan mevcut saldırı tespit sistemleri ile birlikte herbir mevcut izinsiz veri kümeleri de tartışılmıştır. Makine

öğrenme teknikleri farklı veri kümelerinden farklı bilgi çıkarımında bulunurlar ve her tekniğin bu bilgiyi elde

etmek için farklı yaklaşımları olduğu için, her tekniğin performansı, bir veri kümesinden diğerine farklıdır. Tartışılançalışmaların sonuçları, Yapay Sinir Ağları (YSA) ‘nın diğer makine öğrenme teknikleri arasında en yüksek ortalama

performansı gösterdiği görülmüştür. Böylece Saldırı tespit sistemi uygulamaları için makine öğrenme tekniklerini

kullanmanın büyük potansiyeli olduğu görülmüştür

Anahtar Kelimeler

• Makine Öğrenmesi,Yapay Sinir Ağları,Saldırı Tespir Sistemi

Network Intrusion Detection Using Machine Learning Techniques/Makine Öğrenmesi Teknikleri Kullanılarak Ağ Saldırı Tespit Sistemi

Öz

Abstract

Recently, it has become important to use advanced intrusion detection techniques to protect networks from the

developing network attacks, which are becoming more complex and difficult to detect. For this reason, machine

learning techniques have been employed in the Intrusion Detection Systems (IDS), so that, more complex features

can be detected in the characteristics of the packets incoming to the network. As these techniques require training

data, many datasets are collected for this purpose. Some of these datasets have known issues that limit the

ability to apply intrusion detection systems built, based on these datasets, in real-life applications.

In this study, the existing intrusion datasets are illustrated alongside with the known issues of each dataset, as well

as, the existing intrusion detection systems that employ machine learning techniques and use these datasets, are

discussed. As machine learning techniques extract different knowledge from different datasets, and each technique

has different approaches to extract that knowledge, the performance of each technique is different from

one dataset to another. The results of the discussed studies show the great potential of using machine learning

techniques to implement IDS, where the Artificial Neural Networks (ANN) have shown the highest average performance,

among other machine learning techniques.

Anahtar Kelimeler

• Machine Learning,Artificial Neural Network,Intrusion Detection Systems

Kaynakça

1. D. Acemoglu, A. Malekian, and A. Ozdaglar, “Network security and contagion,” Journal of Economic Theory, vol. 166, pp. 536-585, 2016.
2. D. Yu, Y. Jin, Y. Zhang, and X. Zheng, “A survey on security issues in services communication of Microservices‐ enabled fog applications,” Concurrency and Computation: Practice and Experience, p. e4436.
3. V. C. Storey and I.-Y. Song, “Big data technologies and Management: What conceptual modeling can do,” Data & Knowledge Engineering, vol. 108, pp. 50-67, 2017.
4. I. H. Witten, E. Frank, M. A. Hall, and C. J. Pal, Data Mining: Practical machine learning tools and techniques: Morgan Kaufmann, 2016.
5. M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016.
6. K. Simonyan and A. Zisserman, “Very deep convolutional networks for large-scale image recognition,” arXiv preprint arXiv:1409.1556, 2014.
7. K. Cup, “Dataset,” available at the following website http://kdd. ics. uci. edu/databases/kddcup99/kddcup99. html, vol. 72, 1999.
8. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, 2009, pp. 1-6.

9. J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Transactions on Information and System Security (TISSEC), vol. 3, pp. 262-294, 2000.
10. M. S. Pervez and D. M. Farid, “Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs,” in Software, Knowledge, Information Management and Applications (SKIMA), 2014 8th International Conference on, 2014, pp. 1-6.
11. N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in Military Communications and Information Systems Conference (MilCIS), 2015, 2015, pp. 1-6.
12. J. Suuronen and M. Bergenwall, “System and method of providing virus protection at a gateway,” ed: Google Patents, 2016.
13. Y. Liao and V. R. Vemuri, “Use of k-nearest neighbor classifier for intrusion detection1,” Computers & security, vol. 21, pp. 439-448, 2002.
14. J. R. Quinlan, C4. 5: programs for machine learning: Elsevier, 2014.
15. J. Zhang, M. Zulkernine, and A. Haque, “Random-forests-based network intrusion detection systems,” IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 38, pp. 649-659, 2008.
16. J. A. Suykens and J. Vandewalle, “Least squares support vector machine classifiers,” Neural processing letters, vol. 9, pp. 293-300, 1999.
17. M. Kubat, “Artificial neural networks,” in An Introduction to Machine Learning, ed: Springer, 2015, pp. 91-111. W.-C. Lin, S.-W. Ke, and C.-F. Tsai, “CANN: An intrusion detection system based on combining cluster centers and nearest neighbors,” Knowledge-based systems, vol. 78, pp. 13-21, 2015.
18. N. G. Relan and D. R. Patil, “Implementation of network intrusion detection system using variant of decision tree algorithm,” in Nascent Technologies in the Engineering Field (ICNTE), 2015 International Conference on, 2015, pp. 1-5.]
19. M. Al-Zewairi, S. Almajali, and A. Awajan, “Experimental Evaluation of a Multi-layer Feed-Forward Artificial Neural Network Classifier for Network Intrusion Detection System,” in 2017 International Conference on New Trends in Computing Sciences (ICTCS), 2017, pp. 167-172.