İki Seviyeli Hibrit Makine Öğrenmesi Yöntemi ile Saldırı Tespiti

Yıl 2019, Cilt: 5 Sayı: 3, 258 - 272, 30.12.2019

Meltem Kurt Pehlivanoğlu Remzi Atay Duygu Evrim Odabaş

https://doi.org/10.30855/gmbd.2019.03.07

Öz

Bu çalışmada
CSE-CIC-IDS2018 veri kümesi üzerinde saldırı tespiti amaçlanmıştır.
Kullanılacak yöntemler tek seviyeli yöntem ve iki seviyeli hibrit yöntem olarak
iki bölüme ayrılmıştır. Çalışmada Evrişimsel Sinir Ağı (CNN), Rastgele Orman,
Hafif Gradyan Artırma (LGBM), (CNN + Rastgele Orman), (LGBM + Rastgele Orman)
ve (Rastgele Orman + Rastgele Orman) makine öğrenmesi yöntemleri kullanılarak
veri kümesi ele alınmıştır. %98 doğruluk oranı ve 0.86 macro F-skoru ile (CNN +
Rastgele Orman) hibrit modelinin en iyi saldırı tespiti yaptığı görülmüştür.
Ayrıca, GridSearch ile hiperparametre optimizasyonu yapılmış, Sentetik Azınlık
Aşırı Örnekleme Tekniği (SMOTE) ve yüksek korelasyonlu özniteliklerin tespit
üzerindeki etkisi incelenmiştir.

Anahtar Kelimeler

Saldırı Tespiti, CSE-CIC-IDS2018 Veri Kümesi, Makine Öğrenmesi

Kaynakça

• 1] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, in ICISSP, Prague, Czech Republic, 2018, pp. 108-116
• [2] S. Wankhede and D. Kshirsagar, "DoS Attack Detection Using Machine Learning and Neural Network," 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), Pune, India, 2018, pp. 1-5. Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018.
• [3] D. Aksu and M. Ali Aydin, "Detecting Port Scan Attempts with Comparative Analysis of Deep Learning and Support Vector Machine Algorithms," 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), Ankara, Turkey, 2018, pp. 77-80. [4] V. Kanimozhi and T. P. Jacob, "Artificial Intelligence based Network Intrusion Detection with Hyper-Parameter Optimization Tuning on the Realistic Cyber Dataset CSE-CIC-IDS2018 using Cloud Computing," 2019 International Conference on Communication and Signal Processing (ICCSP), Chennai, India, 2019, pp. 33-36.
• [5] Zhou, Qianru and Dimitrios Pezaros. “Evaluation of Machine Learning Classifiers for Zero-Day Intrusion Detection - An Analysis on CIC-AWS-2018 dataset.” ArXiv abs/1905.03685v1, 2019.
• [6] Yulianto, Arif & Sukarno, Parman & Anggis Suwastika, Novian, “Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset,” Journal of Physics: Conference Series, 1192.
• [7] I. Ullah and Q. H. Mahmoud, "A Two-Level Hybrid Model for Anomalous Activity Detection in IoT Networks," 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 2019, pp. 1-6.
• [8] A. R. Wani, Q. P. Rana, U. Saxena and N. Pandey, "Analysis and Detection of DDoS Attacks on Cloud Computing Environment using Machine Learning Techniques," 2019 Amity International Conference on Artificial Intelligence (AICAI), Dubai, United Arab Emirates, 2019, pp. 870-875.
• [9] Yang Y, Zheng K, Wu C, Niu X, Yang Y. “Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks,” Applied Sciences, 9(2):238, 2019, Doi: 10.3390/app9020238.
• [10] Yılmaz, Selim & Sen, Sevil, “Early Detection of Botnet Activities Using Grammatical Evolution,” Theory and Applications of Models of Computation, pp.395-404, 2019.
• [11] McKay, Rob & Pendleton, Brian & Britt, James & Nakhavanit, Ben, “Machine Learning Algorithms on Botnet Traffic: Ensemble and Simple Algorithms,” The International Conference on Compute and Data Analysis 2019 (ICCDA), 2019.
• [12] CICFlowMeter: Network Traffic Flow Analyzer,http://netflowmeter.ca/netflowmeter.html, Accessed 28 July 2018.