The rapid development of the internet has been accompanied by an increase in threats posed by intruders, including DDoS attacks, backdoors, exploits, and worms, among others. To address these attacks, accurate techniques for classifying attacks are necessary. Attack classification aims to identify detected threat activities, which can then be analysed using network forensics. This study identifies threats based on network data collected in a dataset known as UNSW-NB15. The quality of the UNSW-NB15 dataset is improved through the use of pre-processing techniques, including feature encoding and normalization. The ensemble feature selection technique is used to obtain the best features based on the highest ranking of the dataset attribute features. Furthermore, threat anomaly detection is performed using machine learning to classify threats using hybrid classification algorithms, namely Naïve Bayes, Random Forest, Support Vector Machine (SVM), K-Nearest Neighbourhood (K-NN), Neural Network (NN), and C.45. The threat classification results using the Naïve Bayes algorithm show that the accuracy measurement reaches 0.9848. The precision, recall, and F1 score measurements reach 0.9847. Threat classification using Random Forest reaches 0.9626, and the F1 score reaches 0.9624. Threat classification using the Neural Network algorithm achieved an accuracy of 0.9463, a precision of 0.946, a recall of 0.939, and an F1 score of 0.93.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Threat Detection and Classification for Cyber Security Against Network Data Using a Hybrid Classification Model

  • Shah Khadafi,
  • Miswanto,
  • Rimuljo Hendradi,
  • Tutuk Indriyani

摘要

The rapid development of the internet has been accompanied by an increase in threats posed by intruders, including DDoS attacks, backdoors, exploits, and worms, among others. To address these attacks, accurate techniques for classifying attacks are necessary. Attack classification aims to identify detected threat activities, which can then be analysed using network forensics. This study identifies threats based on network data collected in a dataset known as UNSW-NB15. The quality of the UNSW-NB15 dataset is improved through the use of pre-processing techniques, including feature encoding and normalization. The ensemble feature selection technique is used to obtain the best features based on the highest ranking of the dataset attribute features. Furthermore, threat anomaly detection is performed using machine learning to classify threats using hybrid classification algorithms, namely Naïve Bayes, Random Forest, Support Vector Machine (SVM), K-Nearest Neighbourhood (K-NN), Neural Network (NN), and C.45. The threat classification results using the Naïve Bayes algorithm show that the accuracy measurement reaches 0.9848. The precision, recall, and F1 score measurements reach 0.9847. Threat classification using Random Forest reaches 0.9626, and the F1 score reaches 0.9624. Threat classification using the Neural Network algorithm achieved an accuracy of 0.9463, a precision of 0.946, a recall of 0.939, and an F1 score of 0.93.