Open AccessMachine Learning Based Network Anomaly Detection
Author(s) -
Michael Kazim,
Doreswamy
Publication year - 2019
Publication title -
international journal of recent technology and engineering
Language(s) - English
Resource type - Journals
ISSN - 2277-3878
DOI - 10.35940/ijrte.d7271.118419
Subject(s) - computer science , anomaly detection , categorization , precision and recall , malware , recall , artificial intelligence , data set , data mining , feature (linguistics) , artificial neural network , random forest , anomaly (physics) , machine learning , set (abstract data type) , training set , network security , pattern recognition (psychology) , computer security , philosophy , linguistics , physics , programming language , condensed matter physics
Network Anomaly Detection Systems (NADSs) play prominent role in network security. Due to dynamic change of malware in network traffic data, traditional tools and techniques are failing to protect networks from attack penetration. In this paper we propose a two-phase model to detect and categorize anomalies. First, we selected Random Forest based on the highest accuracy-score out of eleven commonly used algorithms tested with the same set of data. The RF is used to detect anomalies and generate an extra feature named “attack-or-not”. Secondly we fed Neural Network with the data having “attack-or-not” feature to differentiate attack categories, which will help treating each type accordingly. The model performance was good, it scored 0.99 for both Precision and Recall in anomaly detection phase and 0.93 for Precision and 0.88 for Recall in attack categorization phase. We used UNSW-NB15 data set in our study.