Computer
doaa nteesha mhawi; Soukaena H. hashem
Abstract
Due to sophisticated cyber-attacks, and to produce false alarms on suspicious or unusual behavior to monitor computer resources, Intrusion Detection Systems (IDSs) are required. Hence, Many Machine Learning (ML) and data mining techniques have been proposed to increase the effectiveness of IDSs, whereas ...
Read More ...
Due to sophisticated cyber-attacks, and to produce false alarms on suspicious or unusual behavior to monitor computer resources, Intrusion Detection Systems (IDSs) are required. Hence, Many Machine Learning (ML) and data mining techniques have been proposed to increase the effectiveness of IDSs, whereas current IDS algorithms are still struggling to perform effectively while many IDSs depend on a single classifier to detect intrusions. Single- classifier IDSs cannot achieve high accuracy and low false alarm rates because of zero-day attacks. In this paper, a hybrid ensemble method using AdaBoosting and Bagging for IDS is proposed. This study aims to identify unknown (zero-day attacks) and known (well-known) attacks. So, the proposed model comprises three stages. The first stage is preprocessing. The second stage involves the application of AdaBoosting and Bagging methods by four different classifiers modifying (i.e., Naïve Bayesian (NB), Support Vector Machine (SVM), random forest (RF), and K_Nearest Neighbor (KNN)). Such a modification is performed for the AdaBoosting methods. The AdaBoosting classifier is then combined to work in the Bagging method. For attack recognition, uses the voting technique as the third stage. Experimental results reveal that using the UNSW BN15 dataset yields testing with 85.49% accuracy, 99.96% detection rate, and 0.006 false alarm rate. Therefore, the proposed Hybrid AdaBoosting and Bagging Method (HABBM) can outperform other comparable and state-of-the-art techniques across a variety of parameters.
Computer
Ali khalid Hilool; Soukaena H. hashem; Shatha H. Jafer
Abstract
Computer worms execute damaging functions in the network systems, compromising system security. Although researchers use a variety of methods to detect worms and prevent their spread. Detecting worms remains a challenge for the following reasons: First, a huge volume of irrelevant data affects classification ...
Read More ...
Computer worms execute damaging functions in the network systems, compromising system security. Although researchers use a variety of methods to detect worms and prevent their spread. Detecting worms remains a challenge for the following reasons: First, a huge volume of irrelevant data affects classification accuracy. Second, frequently used individual classifiers in systems are poor at detecting all types of worms, Third, many systems are built on out-of-date information, rendering them useless for new worm species. As a result, providing a network intrusion detection system is vital for ensuring security and reducing the harm caused by worms on networks to information systems. The goal of the study is to discover computer worms in the computer networks and protect the systems from their damages. The proposed method uses the UNSW NB15 dataset to train and test the ensemble Ada boosting and Bagging algorithms with the Support Vector Nachine (SVM) as a contribution rather than a decision tree. Due to Correlation Feature Selection (CFS) identifying relationships between features and classes, and Chi-square (Chi2) determining whether features and classes are independent or not, we combined these two algorithms as a contribution in a method called CFS&Chi2fs to select the relevant features and reduce the time. The system achieved accuracy reaching 0.998 with Bagging(SVM), and 0.989 with Ada boost(SVM).