Data Mining for Network Intrusion Detection : A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks

Petersen, Rebecca

January 2015

Data mining can be defined as the extraction of implicit, previously un-known, and potentially useful information from data. Numerous re-searchers have been developing security technology and exploring new methods to detect cyber-attacks with the DARPA 1998 dataset for Intrusion Detection and the modified versions of this dataset KDDCup99 and NSL-KDD, but until now no one have examined the performance of the Top 10 data mining algorithms selected by experts in data mining. The compared classification learning algorithms in this thesis are: C4.5, CART, k-NN and Naïve Bayes. The performance of these algorithms are compared with accuracy, error rate and average cost on modified versions of NSL-KDD train and test dataset where the instances are classified into normal and four cyber-attack categories: DoS, Probing, R2L and U2R. Additionally the most important features to detect cyber-attacks in all categories and in each category are evaluated with Weka’s Attribute Evaluator and ranked according to Information Gain. The results show that the classification algorithm with best performance on the dataset is the k-NN algorithm. The most important features to detect cyber-attacks are basic features such as the number of seconds of a network connection, the protocol used for the connection, the network service used, normal or error status of the connection and the number of data bytes sent. The most important features to detect DoS, Probing and R2L attacks are basic features and the least important features are content features. Unlike U2R attacks, where the content features are the most important features to detect attacks.

Data mining

machine learning

cyber-attack

NSL-KDD

fea-tures

DoS

Probing

R2L

U2R.

MACHINE LEARNING ALGORITHMS and THEIR APPLICATIONS in CLASSIFYING CYBER-ATTACKS on a SMART GRID NETWORK

Aribisala, Adedayo, Khan, Mohammad S., Husari, Ghaith

01 January 2021

Smart grid architecture and Software-defined Networking (SDN) have evolved into a centrally controlled infrastructure that captures and extracts data in real-time through sensors, smart-meters, and virtual machines. These advances pose a risk and increase the vulnerabilities of these infrastructures to sophisticated cyberattacks like distributed denial of service (DDoS), false data injection attack (FDIA), and Data replay. Integrating machine learning with a network intrusion detection system (NIDS) can improve the system's accuracy and precision when detecting suspicious signatures and network anomalies. Analyzing data in real-time using trained and tested hyperparameters on a network traffic dataset applies to most network infrastructures. The NSL-KDD dataset implemented holds various classes, attack types, protocol suites like TCP, HTTP, and POP, which are critical to packet transmission on a smart grid network. In this paper, we leveraged existing machine learning (ML) algorithms, Support vector machine (SVM), K-nearest neighbor (KNN), Random Forest (RF), Naïve Bayes (NB), and Bagging; to perform a detailed performance comparison of selected classifiers. We propose a multi-level hybrid model of SVM integrated with RF for improved accuracy and precision during network filtering. The hybrid model SVM-RF returned an average accuracy of 94% in 10-fold cross-validation and 92.75%in an 80-20% split during class classification.

denial of service attack

detecting Cyberat-tacks

FDIA

hybrid SVM

NSL-KDD data set

SVM

Computing

Hybrid Machine and Deep Learning-based Cyberattack Detection and Classification in Smart Grid Networks

Aribisala, Adedayo

01 May 2022

Power grids have rapidly evolved into Smart grids and are heavily dependent on Supervisory Control and Data Acquisition (SCADA) systems for monitoring and control. However, this evolution increases the susceptibility of the remote (VMs, VPNs) and physical interfaces (sensors, PMUs LAN, WAN, sub-stations power lines, and smart meters) to sophisticated cyberattacks. The continuous supply of power is critical to power generation plants, power grids, industrial grids, and nuclear grids; the halt to global power could have a devastating effect on the economy's critical infrastructures and human life. Machine Learning and Deep Learning-based cyberattack detection modeling have yielded promising results when combined as a Hybrid with an Intrusion Detection System (IDS) or Host Intrusion Detection Systems (HIDs). This thesis proposes two cyberattack detection techniques; one that leverages Machine Learning algorithms and the other that leverages Artificial Neural networks algorithms to classify and detect the cyberattack data held in a foundational dataset crucial to network intrusion detection modeling. This thesis aimed to analyze and evaluate the performance of a Hybrid Machine Learning (ML) and a Hybrid Deep Learning (DL) during ingress packet filtering, class classification, and anomaly detection on a Smart grid network.

NSL-KDD Dataset

Smart Grid Network

Machine Learning

Deep Learning

Multi Layer Perceptron

Artificial Neural Network

Anomaly Detection

Ingress Packet Filtering

Packet Classification.

Computer Sciences