Optimization of network traffic anomaly detection using machine learning

ChoXuan Do, Nguyen Quang Dam

Abstract


Nowadays, the optimization of the cyber-attack detection process is a very important problem in the context of a rapid increase of cyber-attacks in both the number and the danger level. In this paper, to optimize the process of detecting cyber-attacks, we choose to propose 2 main optimization solutions: optimizing the detection method and optimizing features. Both of these two optimization solutions are to ensure the aim is to increase accuracy and reduce the time for analysis and detection. Accordingly, for the detection method, we recommend using the Random Forest supervised classification algorithm. The Random Forest algorithm is an algorithm that has been proven to be very effective for problems of detecting abnormal behavior on bigdata sets. The experimental results in Section 4.1 have proven that our proposal that use the Random Forest algorithm for abnormal behavior detection is completely correct because the results of this algorithm are much better than some other detection algorithms on all measures. For the feature optimization solution, we propose to use some data dimensional reduction techniques such as Information Gain, Principal Component Analysis, and correlation coefficient method. Based on the results shown in Section 4.2, we provided network monitoring systems with a number of criteria to choose from for feature dimensional reduction because the proposed dimensional reduction methods in the paper gave significantly better results in terms of both detection time and accuracy. The results of the research proposed in our paper have proven that: to optimize the cyber-attack detection process, it is not necessary to use advanced algorithms with complex and cumbersome computational requirements, it must depend on the monitoring data for selecting the reasonable feature extraction and optimization algorithm as well as the appropriate attack classification and detection algorithms.

Keywords


feature optimization; machine learning; network traffic anomaly detection; network traffic; optimization;



DOI: http://doi.org/10.11591/ijece.v11i3.pp%25p
Total views : 0 times


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

ISSN 2088-8708, e-ISSN 2722-2578