DEVELOPMENT OF MACHINE LEARNING MODULE IN INTRUSION DETECTION SYSTEM FOR UNKNOWN THREAT DETECTION

DEVELOPMENT OF MACHINE LEARNING MODULE IN INTRUSION DETECTION SYSTEM FOR UNKNOWN THREAT DETECTION

Unknown threats are threats with a low occurrence, are modifications of previous threats, or are new threats that have not been recognized by the system before. The technology used to detect attacks on a system is intrusion detection system (IDS). However, IDSs that are commonly used today such a...

Full description

Saved in:
Bibliographic Details
Main Author: Hutabarat, Christine
Format: Final Project
Language:Indonesia
Online Access:https://digilib.itb.ac.id/gdl/view/82438
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Institut Teknologi Bandung
Language: Indonesia
Description
Summary:Unknown threats are threats with a low occurrence, are modifications of previous threats, or are new threats that have not been recognized by the system before. The technology used to detect attacks on a system is intrusion detection system (IDS). However, IDSs that are commonly used today such as Suricata still use attack signature for detection and are not yet able to detect unknown threats. In this Final Project, experiments were done for several machine learning models to find out the appropiate model for unknown threat detection based on the CIC- IDS 2017 dataset. The features in the dataset were reduced using the Pearson method so that 31 features were obtained from the initial 79 features. Experiments were conducted by creating training data variants in which one type of attack was removed as an unknown threat. The models trained with the training variants were then evaluated using the data with all types of attack. Model with the best performance were imported and used as detection component in the IDS for further evaluation. The experimental results show that XGBoost has an accuracy of 0.99, recall of 0.96, and recall-unknown of 0.4. One class SVM has an accuracy of 0.55, recall 0.61, and recall-unknown 0.73. Attack simulation results show that Suricata does not have the ability to detect some attacks such as port scan and DoS Slowloris. Meanwhile, the machine-learning-based IDS is able to detect previously unknown attacks but with false positives and an overhead of 5-7 minutes.

Similar Items