Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network

Tufan E., TEZCAN C., ACARTÜRK C.

IEEE ACCESS, cilt.9, ss.50078-50092, 2021 (SCI-Expanded) identifier identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 9
  • Basım Tarihi: 2021
  • Doi Numarası: 10.1109/access.2021.3068961
  • Dergi Adı: IEEE ACCESS
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Sayfa Sayıları: ss.50078-50092
  • Anahtar Kelimeler: Data models, Computational modeling, Intrusion detection, Biological system modeling, Organizations, Machine learning, Probabilistic logic, Anomaly-based, misuse-based, intrusion detection systems, probing attacks, UNSW-NB15 DATA SET, DETECTION SYSTEM, FEATURE-SELECTION, CLASSIFICATION
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

Cyber attacks constitute a significant threat to organizations with implications ranging from economic, reputational, and legal consequences. As cybercriminals' techniques get sophisticated, information security professionals face a more significant challenge to protecting information systems. In today's interconnected realm of computer systems, each attack vector has a network dimension. The present study investigates network intrusion attempts with anomaly-based machine learning models to provide better protection than the conventional misuse-based models. Two models, namely an ensemble learning model and a convolutional neural network model, were built and implemented on a data set gathered from a real-life, institutional production environment. To demonstrate the models' reliability and validity, they were applied to the UNSW-NB15 benchmarking data set. The type of attack was limited to probing attacks to keep the scope of the study manageable. The findings revealed high accuracy rates, the CNN model being slightly more accurate.