Browse > Article
http://dx.doi.org/10.7472/jksii.2022.23.5.79

Anomaly detection and attack type classification mechanism using Extra Tree and ANN  

Kim, Min-Gyu (Department of Computer Engineering, Gachon University)
Han, Myung-Mook (Department of Software, Gachon University)
Publication Information
Journal of Internet Computing and Services / v.23, no.5, 2022 , pp. 79-85 More about this Journal
Abstract
Anomaly detection is a method to detect and block abnormal data flows in general users' data sets. The previously known method is a method of detecting and defending an attack based on a signature using the signature of an already known attack. This has the advantage of a low false positive rate, but the problem is that it is very vulnerable to a zero-day vulnerability attack or a modified attack. However, in the case of anomaly detection, there is a disadvantage that the false positive rate is high, but it has the advantage of being able to identify, detect, and block zero-day vulnerability attacks or modified attacks, so related studies are being actively conducted. In this study, we want to deal with these anomaly detection mechanisms, and we propose a new mechanism that performs both anomaly detection and classification while supplementing the high false positive rate mentioned above. In this study, the experiment was conducted with five configurations considering the characteristics of various algorithms. As a result, the model showing the best accuracy was proposed as the result of this study. After detecting an attack by applying the Extra Tree and Three-layer ANN at the same time, the attack type is classified using the Extra Tree for the classified attack data. In this study, verification was performed on the NSL-KDD data set, and the accuracy was 99.8%, 99.1%, 98.9%, 98.7%, and 97.9% for Normal, Dos, Probe, U2R, and R2L, respectively. This configuration showed superior performance compared to other models.
Keywords
Extreme Random Forest; Artificial Neural Network; Anomaly Detection; Anomaly Detection and Attack type Classification; Network Intrusion Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. Liu, Y. Wang and T. Li, "SFE-GACN: A novel unknown attack detection under insufficient data via intra categories generation in embedding space", Computers & Security, vol. 105, 2021. https://doi.org/10.48550/arXiv.2004.05693   DOI
2 Y. Kim, "Self-supervised auto-encoder for anomaly detection", Master's diss, Pohang University of Science and Technology, 2019.2. http://www.riss.kr/link?id=T15273279
3 K. Kug, B. Gong, "Security technology development trend using artificial intelligence", Institute of Information and Communication Planning and Evaluation Weekly Technology Trend, pp. 2-15, 2019. https://www.iitp.kr/kr/1/knowledge/periodicalViewA.it?searClassCode=B_ITA_01&masterCode=publication&identifier=1095
4 N. Moustafa and, J. Slay, "A hybrid feature selection for network intrusion detection systems: Central points", 16th Australian Information Warfare Conference, pp. 5-13, 2015. http://dx.doi.org/10.13140/RG.2.1.3905.5122   DOI
5 Y. Mirsky, T. Doitshman, Y. Elovici and A. Shabtai, "Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection", Network and Distributed Systems Security Symposium(NDSS), 2018. https://doi.org/10.48550/arXiv.1802.09089   DOI
6 X. Li, D. Chang, T. Tian and J. Cao, "Large-Margin Regularized Softmax Cross-Entropy Loss.", IEEE Access, vol. 7, pp. 19572-19578, 2019. https://doi.org/10.1109/ACCESS.2019.2897692   DOI
7 G. Creech and J. Hu, "A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns", IEEE Transactions on Computers, vol. 63, no. 4, pp. 807-819, 2014. https://doi.org/10.1109/TC.2013.13   DOI
8 M. Tavallaee, E. Bagheri, W. Lu and A. Ghorbani, "Nsl-kdd dataset", 2012. http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDDdataset.html
9 S. Ahn, H. Yi, Y. Lee, W. R. Ha, G. Kim and Y. Paek, "Hawkware: Network Intrusion Detection based on Behavior Analysis with ANNs on an IoT Device" 57th ACM/IEEE Design Automation Conference (DAC), pp. 1-6, 2020. https://doi.org/10.1109/DAC18072.2020.9218559   DOI
10 M. Tavallaee, E. Bagheri, W. Lu and A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set", 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1-6, 2009. https://doi.org/10.1109/CISDA.2009.5356528   DOI