Fig. 1. UNSW-NB15 Testbed
Fig. 2. Formula of class imbalance ratio
Fig. 3. Flowchart of data pre-processing and feature selection
Fig. 4. Features selected by the wrapper-based experiments (A:SVM_GA, B:3NN_GA, C:DT_GA, D:DT_ANT, E:DT_PSO)
Table 9. Comparison of experimental results with other study
Fig. 8. Comparison of experimental results with other study (subset2, ROC curve)
Fig. 5. Comparison of classification performance of rare classes by feature subset (Recall)
Fig. 6. Comparison of classification performance of rare classes by feature subset (ROC curve)
Fig. 7. Comparison of experimental results with other study (subset1, ROC curve)
Table 1. Comparisons of related works
Table 2. Class imbalance ratio for each class
Table 3. The number of instances according to the class imbalance ratio
Table 4. Recalls according to the number of instances of Normal class
Table 5. Recalls according to the number of instances of Generic class
Table 6. Features used in the proposed method
Table 7. Comparison of classification performance of rare classes by feature subset (Recall)
Table 8. Comparison of classification performance of rare classes by feature subset (ROC curve)
References
- T. Janarthanan & S. Zargari. (2017). Feature selection in UNSW-NB15 and KDDCUP'99 datasets. In Industrial Electronics (ISIE), IEEE 26th International Symposium on. (pp. 1881-1886). IEEE.
- C. Khammassi & S. Krichen. (2017). A GA-LR wrapper approach for feature selection in network intrusion detection. computers & security, 70, 255-277. https://doi.org/10.1016/j.cose.2017.06.005
- N. Moustafa & J. Slay. (2015). A hybrid feature selection for network intrusion detection systems: Central points. arXiv preprint arXiv:1707.05505.
- M. Kamarudin, C. Maple, T. Watson, & N. Safa. (2017). A logitboost-based algorithm for detecting known and unknown web attacks. IEEE Access, 5, 26190-26200. https://doi.org/10.1109/ACCESS.2017.2766844
- K. Mwitondi & S. Zargari. (2017). A Repeated Sampling and Clustering Method for Intrusion Detection. In International Conference in Data Mining (DMIN'17). (pp. 91-96). CSREA Press.
- M. Belouch, S. E. Hadai, & M. Idhammad. (2017). A two-stage classifier approach using reptree algorithm for network intrusion detection. International Journal of Advanced Computer Science and Applications (ijacsa), 8(6), 389-394.
- S. Guha. (2016). Attack detection for cyber systems and probabilistic state estimation in partially observable cyber environments. Arizona State University.
- N. Moustafa, G. Creech & J. Slay. (2017). Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data.
- M. Idhammad, K. Afdel, & M. Belouch. (2017). Dos detection method based on artificial neural networks. International Journal of Advanced Computer Science and Applications, 8(4), 465-471.
- The UNSW-NB15 dataset. (2018). www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets.
- CVE (Common Vulnerabilities and Exposures). (2018). cve.mitre.org.
- WEKA. (2018). www.cs.waikato.ac.nz/ml/weka.
- N. V. Chawla. (2009). Data mining for imbalanced datasets: An overview. In Data mining and knowledge discovery handbook. (pp. 875-886). Springer, Boston, MA.
- R. Kohavi & H. J. George. (1997). Wrappers for feature subset selection. Artificial Intelligence, 97(1-2), 273-324. https://doi.org/10.1016/S0004-3702(97)00043-X
- J. rey Horn, N. Nafpliotis, & D. E. Goldberg. (1994). A niched Pareto genetic algorithm for multiobjective optimization. In Proceedings of the first IEEE conference on evolutionary computation, IEEE world congress on computational intelligence, (pp. 82-87).
- M. Dorigo, M. Birattari, C. Blum, M. Clerc, T. Stutzle, & A. Winfield. (2008). Ant Colony Optimization and Swarm Intelligence. The 6th International Conference, ANTS 2008, Springer.
- Y. Shi. (2001). Particle swarm optimization: developments, applications and resources. In evolutionary computation, 2001. Proceedings of the 2001 Congress on. (pp. 81-86). IEEE.