MALICIOUS TRAFFIC DETECTION WITH MACHINE LEARNING TECHNIQUES
<p align="justify">Network protection nowadays are mostly use Intrusion Detection System (IDS), but the IDS used are signature-based, which are more difficult to be done and relatively expensive because the need of knowledge-base. Signature-based has many vulnerabilities in detecting...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/31278 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | <p align="justify">Network protection nowadays are mostly use Intrusion Detection System (IDS), but the IDS used are signature-based, which are more difficult to be done and relatively expensive because the need of knowledge-base. Signature-based has many vulnerabilities in detecting new generation threats and attacks. Hence, solution offered including anomaly-based IDS as an alternative, but the lack of research on the field cause it to be overseen by experts.This paper discusses and offers a solution with anomaly-based approach. Anomaly-based IDS topics which are used including algorithms and its optimizations, which features are effective to be used, and the advantages of anomaly-based over signature-based. There are numerous algorithms studied in various research, but in this paper, Support Vector Machine (SVM) and Decision Tree are chosen. SVM is an algorithm which data are modelled into some coordinates and separated by a computed threshold called hyperplanes. Decision Tree is an algorithm which is input are imagined as state and each of them intertwined by paths determined by value of Information Gain (IG). This paper compares learning results between SNORT, SVM and Decision Tree. It turns out that decision tree has higher accuracy but lack of recall, and SVM has less accuracy but high recall. The size of data train and feature chosen are the deciding factors whether anomaly-based detection has given desirable results or not. Besides, the type and size of network traffic payloads has to be more varied in order to be closer to real-life events and different hyphoteses.<p align="justify"> |
|---|