Detection of Anomalies in the Computer Network Behaviour

Authors

  • Danijela Protić MSc, Centre of Applied Mathematics and Electronics, Belgrade, Serbia Author
  • Miomir Stanković PhD, Mathematical Institute, Serbian Academy of Science and Arts, Belgrade, Serbia Author

DOI:

https://doi.org/10.26417/ejef.v4i1.p7-13

Keywords:

intrusion detection, Kyoto 2006 , k-NN, wk-NN, SVM, decision tree, FNN

Abstract

The goal of anomaly-based intrusion detection is to build a system which monitors computer network behaviour and generates alerts if either a known attack or an anomaly is detected. Anomaly-based intrusion detection system detects intrusions based on a reference model which identifies normal behaviour of the computer network and flags an anomaly. Basic challenges in anomaly-based detection are difficulties to identify a ‘normal’ network behaviour and complexity of the dataset needed to train the intrusion detection system. Supervised machine learning can be used to train the binary classifiers in order to recognize the notion of normality. In this paper we present an algorithm for feature selection and instances normalization which reduces the Kyoto 2006+ dataset in order to increase accuracy and decrease time for training, testing and validating intrusion detection systems based on five models: k-Nearest Neighbour (k-NN), weighted k-NN (wk-NN), Support Vector Machine (SVM), Decision Tree, and Feedforward Neural Network (FNN).

Downloads

Published

2022-09-12