Scribd
Upload
77 views14 pages

Enhanced Network Anomaly Detection Model Based On Supervised Learning Techniques With Qualitative Features Selection

The document proposes an enhanced network anomaly detection model based on supervised learning techniques and qualitative feature selection. It discusses problems with existing intrusion detection systems only considering quantitative features. The proposed model aims to improve accuracy by using both qualitative and quantitative features of attacks, with qualitative features encoded before use. It will be trained and tested on the UNSW-NB15 dataset and evaluate performance using precision, recall, accuracy and ROC curves. The model will classify several types of attacks using techniques like nearest neighbor, random forest, and decision trees.

Uploaded by

Shahid Azeem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
77 views14 pages

Enhanced Network Anomaly Detection Model Based On Supervised Learning Techniques With Qualitative Features Selection

The document proposes an enhanced network anomaly detection model based on supervised learning techniques and qualitative feature selection. It discusses problems with existing intrusion detection systems only considering quantitative features. The proposed model aims to improve accuracy by using both qualitative and quantitative features of attacks, with qualitative features encoded before use. It will be trained and tested on the UNSW-NB15 dataset and evaluate performance using precision, recall, accuracy and ROC curves. The model will classify several types of attacks using techniques like nearest neighbor, random forest, and decision trees.

Uploaded by

Shahid Azeem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Enhanced Network Anomaly Detection Model

Based on Supervised Learning Techniques with


Qualitative Features Selection

Name: Muhammad Shahid Azeem


VU Id: MS160400843
Supervised By: Mr. Hasnain Ahmed
Virtual University of Pakistan
Agenda

 Background
 Problem Statement
 Related Work
 Research Gap
 Proposed Model
 Performance Evaluation Measures
Background

 Massive growth in the Internet


 Increasing Importance of cyber security
 New threats to data
 Intrusion Detection System (IDS)
 Primary defence mechanism
 Secure data and resources from illegal disclosure and unauthorized access
 Data Security Approaches
 Signature based IDS
 Anomaly Detection based IDS
Background

 Accuracy of Intrusion Detection

 Features selection

 Quantitative Features
 Number of bytes in source packets, Source to Destination Packet Count

 Qualitative Feature
 Attack type, Protocol Used, Timing of Attack, Source IP Address, Destination IP Address
Problem Statement

 Existing IDS consider only quantitative and ignore qualitative features


of attack, therefore, their Anomaly Detection Accuracy suboptimal.

 In this research we’ll propose an Anomaly Detection Based IDS for


Communication Networks using Supervised Learning Techniques

 To Enhanced Anomaly Detection Accuracy

 Use of Qualitative Features along with Quantitative Features

 Encoding Of Qualitative Features


Related Work

Author Technique Data Set Accuracy


Reported
Bhavesh Borisaniya N-gram feature extraction ADFA-LD and ADFA-WD Accuracy: 92%
(2015) technique datasets 20% false positive
      rate
Al-Yaseen et al. Support vector machine. With IDS.KD Cup 1999 dataset. Up to 95.75%.
(2017) Modified K-mean algorithm    
 
Aygun&Yavuz et al. Vanilla and de-noising deep NSLKDD dataset. Accuracy Range:
(2017) Auto-encoders.  88.28%and 88.6%
Assem N., Rachidi et  Markov chain model UNM datasets Accuracy: 97%
al. (2018)   FPR: 3%
 
Naseer et al. Deep learning technique NSLKDDTest+ and 85% and 89%
(2018) Convolutional Neural & NSLKDDTest21 Dataset  
  ,Networks (CNNs)  
Research Gap

 Most of the research in the area of anomaly detection has focused on


quantitative features of attacks

 Furthermore, this is due to reason that Qualitative features are difficult


to measure

 In this research, we shall use qualitative features along with


quantitative features to detect anomalies in network traffic more
efficiently
Proposed Model
Supervised Learning Techniques

 Supervised Learning Techniques

 Nearest Neighbour

 Random Forest

 Multilevel perceptron

 Decision tree
Encoding of Qualitative Features

Quantification of Qualitative Features


Encoders:
 Binary Encoder  SumEncoder
 Hashing Encoder  PolynomialEncoder
 Helmert Encoder  BaseNEncoder
 OneHotEncoder  LeaveOneOutEncoder
 OrdinalEncoder  TargetEncoder
Performance Evaluation Measures

 Performance Evaluation Techniques

 Precision

 Recall

 Accuracy

 ROC curve
Types of Attacks Considered

 Analysis

 Backdoors

 Exploits

 Reconnaissance

 Fuzzers

 Generic

 DoS

 Shellcode
Training and Testing

Model will be Trained and Tested on UNSW-NB15 data set

Comparison with UNSW-NB15 data set and state of the art IDSs
from literature
Any Question

Allah Hafiz

You might also like