Ağ Saldırı Tespiti için Ağaç Temelli Makine Öğrenimi ve Derin Öğrenme Sınıflandırması

Yıl 2021, Sayı: 31, 104 - 113, 31.12.2021

Şeyma Cihan Murat Aydos Nihat Yılmaz Şimşek

https://doi.org/10.31590/ejosat.889994

Öz

Ağ teknolojisindeki gelişmelere paralel olarak ağa yönelik saldırıların sayısı önemli ölçüde artmıştır. Ağ güvenliğini ve istikrarını korumak için güçlü izinsiz giriş tespit sistemlerine olan ihtiyaç her geçen gün artmaktadır. Bu çalışma, geleneksel makine öğrenimi ve derin öğrenme algoritmalarını kullanan bir saldırı tespit sistemi önermektedir. Bu çalışmada, NSL-KDD veri seti Random Forest, Decision Tree ve Deep Neural Network algoritmaları kullanılarak sınıflandırılmıştır. Ayrıca, veri kümesinin boyutunu azaltmak için Gini indeksi ve CFS (Korelasyona Dayalı Özellik Seçimi) kullanılarak değişken alt kümeleri belirlenmiştir. Çalışma sonucunda en yüksek doğruluk oranı %99.97 olarak CFS yöntemi ile 11 değişkene indirgenen veri kümesi üzerinde uygulanan Random Forest algoritması ile elde edilmiştir. Ayrıca özellik mühendisliği olmadan Deep Neural Network'ten %99,64 doğruluk oranı elde edilmiştir.

Anahtar Kelimeler

Saldırı tespit sistemi, Makine öğrenimi, NSL-KDD veri kümesi, Sınıflandırma, Karar ağacı

A Tree Based Machine Learning and Deep Learning Classification for Network Intrusion Detection

Öz

Parallel to the developments in network technology, the number of attacks on the network has increased significantly. The need for powerful intrusion detection systems to maintain network security and stability is increasing on a daily basis. This study proposes an intrusion detection system using traditional machine learning and deep learning algorithms. In this study, the NSL-KDD dataset has been classified using Random Forest, Decision Tree and Deep Neural Network algorithms. In addition, variable subsets were determined by using the Gini index and CFS (Corelation Based Feature Selection) to decrease dimension of the dataset. As a result of the study, the highest accuracy rate was 99.972%, and it was obtained from Random Forest algorithm applied on the dataset that was reduced to 11 variables by CFS method. In addition, 99.64% accuracy rate was obtained from Deep Neural Network without feature engineering.

Anahtar Kelimeler

Intrusion detection system, Machine learning, NSL-KDD dataset, Classification, Decision tree

Kaynakça

• Yan, J., Jin, D., Lee, C. W., & Liu, P. (2018). A Comparative Study of Off-Line Deep Learning Based Network Intrusion Detection. In 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN) (pp. 299-304).
• Horng, S. J., Su, M. Y., Chen, Y. H., Kao, T. W., Chen, R. J., Lai, J. L., & Perkasa, C. D. (2011). A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert systems with Applications, 38(1), 306-313.
• Lin, S. W., Ying, K. C., Lee, C. Y., & Lee, Z. J. (2012). An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Applied Soft Computing, 12(10), 3285-3290.
• Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 dataset. In Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on (pp. 1-6).
• Olusola, A. A., Oladele, A. S., & Abosede, D. O. (2010). Analysis of KDD’99 intrusion detection dataset for selection of relevance features. In Proceedings of the World Congress on Engineering and Computer Science (Vol. 1, pp. 20-22).
• Özgür, A., & Erdem, H. (2016). A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ PrePrints, 4, e1954v1.
• Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, 152-160.
• Shone, N., Ngoc, T. N., Phai, V. D., & Shi, Q. (2018). A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1), 41-50.
• Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5, 21954-21961.
• Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H.,.. & Wang, C. (2018). Machine Learning and Deep Learning Methods for Cybersecurity. IEEE Access, 6, 35365-35381.
• George, A. (2012). Anomaly detection based on machine learning: dimensionality reduction using PCA and classification using SVM. International Journal of Computer Applications, 47(21).
• Neethu, B. (2012). Classification of intrusion detection dataset using machine learning approaches. International Journal of Electronics and Computer Science Engineering, 1(3), 1044-1051.
• Revathi, S., & Malathi, A. (2013). A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. International Journal of Engineering Research and Technology. ESRSA Publications.
• Siddiqui, M. K., & Naahid, S. (2013). Analysis of KDD CUP 99 dataset using clustering based data mining. International Journal of Database Theory and Application, 6(5), 23-34.
• Shrivas, A. K., & Dewangan, A. K. (2014). An ensemble model for classification of attacks with feature selection based on KDD99 and NSL-KDD dataset. International Journal of Computer Applications, 99(15), 8-13.
• Al-Jarrah, O. Y., Siddiqui, A., Elsalamouny, M., Yoo, P. D., Muhaidat, S., & Kim, K. (2014). Machine-learning-based feature selection techniques for large-scale network intrusion detection. In Distributed Computing Systems Workshops (ICDCSW), 2014 IEEE 34th International Conference on (pp. 177-181).
• Hasan, M. A. M., Nasser, M., Pal, B., & Ahmad, S. (2014). Support vector machine and random forest modeling for intrusion detection system (IDS). Journal of Intelligent Learning Systems and Applications, 6(01), 45.
• [18] Dhanabal, L., & Shantharajah, S. P. (2015). A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4(6), 446-452.
• Farnaaz, N., & Jabbar, M. A. (2016). Random forest modeling for network intrusion detection system. Procedia Computer Science, 89, 213-217.
• Javaid, A., Niyaz, Q., Sun, W., & Alam, M. (2016). A deep learning approach for network intrusion detection system. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS) (pp. 21-26).
• Tang, T. A., Mhamdi, L., McLernon, D., Zaidi, S. A. R., & Ghogho, M. (2016). Deep learning approach for network intrusion detection in software defined networking. In 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM) (pp. 258-263).
• Biswas, S. K. (2018). Intrusion Detection Using Machine Learning: A Comparison Study, International Journal of Pure and Applied Mathematics, 118(19), 101-114.
• Özgür, A., & Erdem, H. (2018). Saldırı tespit sistemlerinde genetik algoritma kullanarak nitelik seçimi ve çoklu sınıflandırıcı füzyonu. Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi, 33(1).
• Gurung, S., Ghose, M. K., & Subedi, A. (2019). Deep learning approach on network intrusion detection system using NSL-KDD dataset. International Journal of Computer Network and Information Security (IJCNIS), 11(3), 8-14.
• Kumar, V., Chauhan, H., & Panwar, D. (2013). K-means clustering approach to analyze NSL-KDD intrusion detection dataset. International Journal of Soft Computing and Engineering (IJSCE).
• Kaushik, S. S., & Deshmukh, P. R. (2011). Detection of attacks in an intrusion detection system. International Journal of Computer Science and Information Technologies (IJCSIT), 2(3), 982-986.
• Meng, Y. X. (2011). The practice on using machine learning for network anomaly intrusion detection. In Machine Learning and Cybernetics (ICMLC), 2011 International Conference on(Vol. 2, pp. 576-581).
• Pushpalatha, K. R., & Karegowda, A. G. (2017). CFS Based Feature Subset Selection for Enhancing Classification of Similar Looking Food Grains-A Filter Approach. In 2017 2nd International Conference On Emerging Computation and Information Technologies (ICECIT) (pp. 1-6).
• Breiman, L. (2001). Random forests. Machine learning, 45(1), 5-32.
• Archer, K. J., & Kimes, R. V. (2008). Empirical characterization of random forest variable importance measures. Computational Statistics & Data Analysis, 52(4), 2249-2260.
• Calle, M. L., & Urrea, V. (2010). Letter to the editor: stability of random forest importance measures. Briefings in bioinformatics, 12(1), 86-89.
• Akman, M., Genç, Y., & Ankarali, H. (2011). Random forests yöntemi ve sağlık alanında bir uygulama. Turkiye Klinikleri Journal of Biostatistics, 3(1), 36-48.
• Kawakubo, H., & Yoshida, H. (2012). Rapid feature selection based on random forests for high-dimensional data. Expert Syst Appl, 40, 6241-6252.
• Lantz, B. Machine Learning With R. Packt Publishing Ltd, Birmingham, 2013.
• Deng, Li & Yu, Dong. (2013). Deep Learning: Methods and Applications. Foundations and Trends in Signal Processing. 7.
• Bengio, Y.. (2009). Learning Deep Architectures for AI. Foundations. 2. 1-55.
• Hinton, Geoffrey & Deng, li & Yu, Dong & Dahl, George & Mohamed, Abdel-rahman & Jaitly, Navdeep & Senior, Andrew & Vanhoucke, Vincent & Nguyen, Phuongtrang & Sainath, Tara & Kingsbury, Brian. (2012). Deep Neural Networks for Acoustic Modeling in Speech Recognition: The Shared Views of Four Research Groups. Signal Processing Magazine, IEEE. 29. 82-97.