Performance Evaluation of a Combined Anomaly Detection Platform
Loading...
Access rights
openAccess
URL
Journal Title
Journal ISSN
Volume Title
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Date
2019-07-24
Major/Subject
Mcode
Degree programme
Language
en
Pages
15
100964-100978
100964-100978
Series
IEEE Access, Volume 7, issue 2169-3536
Abstract
Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining techniques to tackle effectively the security issues in high load communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time to detect cyber-attacks over existing solutions. While authors’ previous paper evaluated HADM efficiency (accuracy and computation time) against related studies, this paper, concentrates on HADM robustness and scalability. For this purpose, five datasets, including ISCX-2012, UNSW-NB15 Jan, UNSW-NB15 Feb, ISCX-2017, and MAWILab-2018, with various size and diverse attacks have been used. Different feature selection methods are applied to find the best features. The feature selection methods are selected based on the algorithms’ computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets and based on the metrics such as cross-entropy loss, precision, recall, and computation time. The result of HADM platform shows robustness and scalability against datasets with different size and diverse attacks.Description
Keywords
Anomaly Detection, Data Mining, feature selection, machine learning, security
Other note
Citation
Monshizadeh, M, Khatri, V, Atli, B, Kantola, R & Yan, Z 2019, ' Performance Evaluation of a Combined Anomaly Detection Platform ', IEEE Access, vol. 7, no. 2169-3536, pp. 100964-100978 . https://doi.org/10.1109/ACCESS.2019.2930832