Model-Based Feature Selection for Developing Network Attack Detection and Alerting System

  • Yuri Prihantono Universitas Indonesia
  • Kalamullah Ramli Universitas Indonesia
Keywords: Machine Learning, Feature Selection, IDS, Snort, ELK Stack

Abstract

Intrusion Detection Systems (IDS) still have unresolved problems, namely the lack of accuracy in attack detection, resulting in false-positive problems and many false alarms. Machine learning is one way that is often utilized to overcome challenges that arise during the implementation of IDS. We present a system that uses a machine learning approach to detect network attacks and send attack alerts in this study. The CSE-CICIDS2018 Dataset and Model-Based Feature Selection technique are used to assess the performance of eight classifier algorithms in identifying network attacks to determine the best algorithm. The resulting XGBoost Model is chosen as the model that provides the highest performance results in this comparison of machine learning models, with an accuracy rate of 99 percent for two-class classification and 98.4 percent for multi-class classification.

 

Downloads

Download data is not yet available.

References

A. Tasneem, A. Kumar, and S. Sharma, “Intrusion Detection Prevention System using SNORT,” International Journal of Computer Applications, vol. 181, pp. 21–24, Mar. 2018, doi: 10.5120/ijca2018918280.

Z. Yu and J. J. P. Tsai, Intrusion Detection A Machine Learning Approach, vol. 3. London: Imperial College Press, 2011.

Milan, H. Sardana, and K. Singh, “Reducing False Alarms in Intrusion Detection Systems-A Survey,” International Research Journal of Engineering and Technology (IRJET), vol. 05, no. 02, pp. 9–12, 2018.

B. Wahyudi, K. Ramli, and H. Murfi, “Implementation and Analysis of Combined Machine Learning Method for Intrusion Detection System,” International Journal of Communication Networks and Information Security, vol. 10, pp. 295–304, Mar. 2018.

Q. R. S. Fitni and K. Ramli, “Implementation of Ensemble Learning and Feature Selection for Performance Improvements in Anomaly-Based Intrusion Detection Systems,” in 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), Jul. 2020, pp. 118–124. doi: 10.1109/IAICT50021.2020.9172014.

S. A. R. Shah, B. Issac, and S. M. Jacob, “Intelligent Intrusion Detection System Through Combined and Optimized Machine Learning,” International Journal of Computational Intelligence and Applications, vol. 17, no. 02, p. 1850007, Jun. 2018, doi: 10.1142/S1469026818500074.

A. Erlansari, F. F. Coastera, and A. Husamudin, “Early Intrusion Detection System (IDS) using Snort and Telegram approach,” SISFORMA, vol. 7, no. 1, pp. 21–27, Jun. 2020, doi: 10.24167/sisforma.v7i1.2629.

I. Made Ari Sulistya and G. Made Arya Sasmita, “Network Security Monitoring System on Snort with Bot Telegram as a Notification,” International Journal of Computer Applications Technology and Research, vol. 9, no. 2, pp. 59–64, 2020.

R. AM and R. Manicka chezian, “Intrusion Detection System Techniques and Tools: A Survey,” Scholars Journal of Engineering and Technology (SJET), vol. 5, no. 3, pp. 122–130, 2017.

J. A. Shaheen, “Apache Kafka: Real Time Implementation with Kafka Architecture Review,” International Journal of Advanced Science and Technology, vol. 109, pp. 35–42, Dec. 2017, doi: 10.14257/ijast.2017.109.04.

T. V* and Dr. K. V, “Development of Kafka Messaging System and its Performance Test Framework using Prometheus,” International Journal of Recent Technology and Engineering (IJRTE), vol. 9, no. 1, pp. 1622–1626, May 2020, doi: 10.35940/ijrte.A2516.059120.

B. R. Hiraman, C. Viresh M., and K. Abhijeet C., “A Study of Apache Kafka in Big Data Stream Processing,” in 2018 International Conference on Information , Communication, Engineering and Technology (ICICET), Aug. 2018, pp. 1–3. doi: 10.1109/ICICET.2018.8533771.

P. Bavaskar, O. Kemker, and H. H. Syed, “A SURVEY ON: ‘LOG ANALYSIS WITH ELK STACK TOOL,’” SSRN Electronic Journal, vol. 6, pp. 965–969, Mar. 2019.

F. Ahmed, U. Jahangir, H. Rahim, K. Ali, and D.-S. Agha, “Centralized Log Management Using Elasticsearch, Logstash and Kibana,” in 2020 International Conference on Information Science and Communication Technology (ICISCT), Feb. 2020, pp. 1–7. doi: 10.1109/ICISCT49550.2020.9080053.

D. v Uday and G. S. Mamatha, “An Analysis of Health System Log Files using ELK Stack,” in 2019 4th International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), May 2019, pp. 891–894. doi: 10.1109/RTEICT46194.2019.9016706.

Q. Long, ElastAlert Documentation, Release 0.0.1. 2019.

J. Botha, C. van ’t Wout, and L. Leenen, A Comparison of Chat Applications in Terms of Security and Privacy. 2019.

M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A survey of network-based intrusion detection data sets,” Computers & Security, vol. 86, pp. 147–167, Sep. 2019, doi: 10.1016/j.cose.2019.06.005.

M. Labonne, Anomaly-based network intrusion detection using machine learning. 2020.

T. Akhtar et al., “Effective Voting Ensemble of Homogenous Ensembling with Multiple Attribute-Selection Approaches for Improved Identification of Thyroid Disorder,” Electronics (Basel), vol. 10, no. 23, p. 3026, Dec. 2021, doi: 10.3390/electronics10233026.

M. Huljanah, Z. Rustam, S. Utama, and T. Siswantining, “Feature Selection using Random Forest Classifier for Predicting Prostate Cancer,” IOP Conference Series: Materials Science and Engineering, vol. 546, no. 5, p. 052031, Jun. 2019, doi: 10.1088/1757-899X/546/5/052031.

M. Sarhan, S. Layeghy, N. Moustafa, and M. Portmann, “NetFlow Datasets for Machine Learning-Based Network Intrusion Detection Systems,” 2021, pp. 117–135. doi: 10.1007/978-3-030-72802-1_9.

Kurniabudi, D. Stiawan, Darmawijoyo, M. Y. bin Idris, A. M. Bamhdi, and R. Budiarto, “CICIDS-2017 Dataset Feature Analysis With Information Gain for Anomaly Detection,” IEEE Access, vol. 8, pp. 132911–132921, 2020, doi: 10.1109/ACCESS.2020.3009843.

M. Iqbal, M. M. Abid, M. N. Khalid, and A. Manzoor, “Review of feature selection methods for text classification,” International Journal of Advanced Computer Research, vol. 10, no. 49, pp. 138–152, Jul. 2020, doi: 10.19101/IJACR.2020.1048037.

M. Gong, “A Novel Performance Measure for Machine Learning Classification,” International Journal of Managing Information Technology, vol. 13, no. 1, pp. 11–19, Feb. 2021, doi: 10.5121/ijmit.2021.13101.

M. F. Fibrianda and A. Bhawiyuga, “ Analisis Perbandingan Akurasi Deteksi Serangan Pada Jaringan Komputer Dengan Metode Naïve Bayes Dan Support Vector Machine (SVM),” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 2, no. 9, pp. 3112–3123, 2018, [Online]. Available: https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/2559

X. Gao, C. Shan, C. Hu, Z. Niu, and Z. Liu, “An Adaptive Ensemble Machine Learning Model for Intrusion Detection,” IEEE Access, vol. 7, pp. 82512–82521, 2019, doi: 10.1109/ACCESS.2019.2923640.

M. Rabbani et al., “A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies,” Entropy, vol. 23, no. 5, p. 529, Apr. 2021, doi: 10.3390/e23050529.

I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018, pp. 108–116. doi: 10.5220/0006639801080116.

F. Inigo Solomon, “Securing Websites & Webapplications Using Data Analytics,” in 2019 International Conference on Computational Intelligence in Data Science (ICCIDS), Feb. 2019, pp. 1–4. doi: 10.1109/ICCIDS.2019.8862089.

C. Stumpf, “A machine learning based approach towards building an Intrusion Detection System,” Dec. 11, 2019. https://github.com/cstub/ml-ids (accessed Apr. 18, 2022).

R. Liang, “Feature selection using Python for classification problems,” https://towardsdatascience.com/feature-selection-using-python-for-classification-problem-b5f00a1c7028, Aug. 07, 2019.

S. Galli, “Feature Selection for Machine Learning - Code Repository,” https://github.com/solegalli/feature-selection-for-machine-learning, Feb. 2018.

P. Schober, C. Boer, and L. A. Schwarte, “Correlation Coefficients,” Anesthesia & Analgesia, vol. 126, no. 5, pp. 1763–1768, May 2018, doi: 10.1213/ANE.0000000000002864

Published
2022-04-29
How to Cite
Prihantono, Y., & Kalamullah Ramli. (2022). Model-Based Feature Selection for Developing Network Attack Detection and Alerting System. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 6(2), 322 - 329. https://doi.org/10.29207/resti.v6i2.3989
Section
Information Technology Articles