Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.785

Performance Evaluation of a Machine Learning Model Based on Data Feature Using Network Data Normalization Technique  

Lee, Wooho (Interdisciplinary Program of Information Security, Chonnam National University)
Noh, BongNam (Interdisciplinary Program of Information Security, Chonnam National University)
Jeong, Kimoon (Korea Institute of Science and Technology Information)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 785-794 More about this Journal
Abstract
Recently Deep Learning technology, one of the fourth industrial revolution technologies, is used to identify the hidden meaning of network data that is difficult to detect in the security arena and to predict attacks. Property and quality analysis of data sources are required before selecting the deep learning algorithm to be used for intrusion detection. This is because it affects the detection method depending on the contamination of the data used for learning. Therefore, the characteristics of the data should be identified and the characteristics selected. In this paper, the characteristics of malware were analyzed using network data set and the effect of each feature on performance was analyzed when the deep learning model was applied. The traffic classification experiment was conducted on the comparison of characteristics according to network characteristics and 96.52% accuracy was classified based on the selected characteristics.
Keywords
IDS; Deep learning; Data normalize;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. Nordrum, "Popular Internet of Things Forecast of 48Billion Devices by 2020 Is Outdated", August 2016
2 Alexander Khalimonenko, Oleg Kupreev, "DDOS attacks in Q1 2017", Securelist, 05. 2017
3 Minn, Yin Pa, et al. "IoTPOT: Analysing the rise of IoT compromises." 9th USENIX Workshop on Offensive Technologies (WOOT). USENIX Association. 2015.
4 MAL-FUQAHA, Ala, et al. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE communications surveys & tutorials, 17(4): pp. 2347-2376. 2015,   DOI
5 W. Haider, J. Hu, and M. Xie, "Towards reliable data feature retrieval and decision engine in host-based anomaly detection systems," in 2015 IEEE 10th Conference on Industrial Electronics and Applications (ICIEA), pp. 513-517. 2015,
6 WANG, Wei, et al. Malware traffic classification using convolutional neural network for representation learning. In: Information Networking (ICOIN), 2017 International Conference on. IEEE, pp. 712-717.2017.
7 Xie, Miao, Jiankun Hu, and Jill Slay. "Evaluating host-based anomaly detection systems: Application of the one-class svm algorithm to adfa-ld." Fuzzy Systems and Knowledge Discovery (FSKD), 2014 11th International Conference on. IEEE, pp. 978-982. 2014.
8 M. Guerroumi, A. Derhab, and K. Saleem, "Intrusion Detection System against Sink Hole Attack in Wireless Sensor Networks with Mobile Sink," in 2015 12th International Conference on Information Technology - New Generations, pp. 307-313. 2015,
9 Luo, Yuxuan, et al. "PU Learning in Payload-based Web Anomaly Detection." 2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC). IEEE, pp. 1-5.2018
10 Li, Yuancheng, Rong Ma, and Runhai Jiao. "A hybrid malicious code detection method based on deep learning." International Journal of Security and Its Applications 9.5 pp.205-216.. 2015   DOI
11 KONG, Deyan, et al. A Big Network Traffic Data Fusion Approach Based on Fisher and Deep Auto-Encoder. Information. pp.2078-2489, 2016,
12 Tang, Tuan A., et al. "Deep learning approach for network intrusion detection in software defined networking." Wireless Networks and Mobile Communications (WINCOM), 2016 International Conference on. IEEE, pp. 258-26 2016.
13 W. Jung, S. Kim, and S. Choi, "Poster: Deep learning for zero-day ash malware detection," 2015.
14 BEDIAKO, Peter Ken. Long Short-Term Memory Recurrent Neural Network for detecting DDoS flooding attacks within TensorFlow Implementation framework. 2017.
15 Nataraj, L., Yegneswaran, V., Porras, P., & Zhang, J. (2011, October). A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence ACM .pp. 21-30. 2011
16 KIM, Jihyun, et al. An Approach to Build an Efficient Intrusion Detection Classifier. Journal of Platform Technology, 3.(4).pp. 43-52.2015,
17 KIM, Jihyun, et al. Long short term memory recurrent neural network classifier for intrusion detection. In: Platform Technology and Service (PlatCon), 2016 International Conference on. IEEE, pp. 1-5. 2016.
18 LIU, Yuchen; LIU, Shengli; ZHAO, Xing. Intrusion detection algorithm based on convolutional neural network. DEStech Transactions on Engineering and Technology Research, iceta. 2017,
19 BATISTA, Gustavo EAPA; PRATI, Ronaldo C.; MONARD, Maria Carolina. A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD explorations newsletter, 6.1: pp. 20-29. 2004,   DOI
20 V. Chawla, A. Lazarevic, L. O. Hall, and K. W. Bowyer, "SMOTEBoost: Improving prediction of the minority class in boosting," In European Conference on Principles of Data Mining and Knowledge Discovery, pp. 107-119, 2003.
21 Michael Collins.Network Security Through Data Analysis: From Data to Action.312.2014