A brute force attack is a kind of attack on the internet that aims for personal information. Even though brute force is an old attack, but it can crack the encrypted data. The research has been conducted on identifying Brute Force attack, but they did not focus on the application layer of network. Therefore, this research aims on identifying brute force attacks on application layer. The CICIDS 2017 dataset was used and consists of three kinds of label network traffic, normal traffic, FTP Patator, and SSH Patator as brute force attack traffic. Decision trees and random forest are the classifiers used in this research. The research results are both of decision trees and random forests reach 99.9% accuracies. The precision result for the decision tree is 99.9% for normal traffic, 99.9 for FTP Patator, and 99.8 for SSH Patator. The recall result for the decision tree is 99.9% for normal, 99.9% for FTP Patator, and 100% for SSH Patator. The precision for the random forest is 100% for normal, 100% for FTP brute Patator, and 99.7% for SSH Patator. The recall for the random forest is 99.9% for normal, 100% for FTP Patator, and 100% for SSH Patator. Although the performance did not differ significantly, the decision tree has the advantage over the random forest in running time. The decision tree is seven seconds faster than the random forest. Furthermore, this research contributes in defining five importance features to recognize the brute force attack. The five features are Destination Port, Maximal Forward Packet Length, Backward Init Win Bytes, Mean Packet Length, and Average Packet Size.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Model Development and Features Selection of Brute Force Attack Classification on Application Layer Network

  • Muhammad Afrizal Amrustian,
  • Bita Parga Zen,
  • Muhammad Ikhwani Saputra

摘要

A brute force attack is a kind of attack on the internet that aims for personal information. Even though brute force is an old attack, but it can crack the encrypted data. The research has been conducted on identifying Brute Force attack, but they did not focus on the application layer of network. Therefore, this research aims on identifying brute force attacks on application layer. The CICIDS 2017 dataset was used and consists of three kinds of label network traffic, normal traffic, FTP Patator, and SSH Patator as brute force attack traffic. Decision trees and random forest are the classifiers used in this research. The research results are both of decision trees and random forests reach 99.9% accuracies. The precision result for the decision tree is 99.9% for normal traffic, 99.9 for FTP Patator, and 99.8 for SSH Patator. The recall result for the decision tree is 99.9% for normal, 99.9% for FTP Patator, and 100% for SSH Patator. The precision for the random forest is 100% for normal, 100% for FTP brute Patator, and 99.7% for SSH Patator. The recall for the random forest is 99.9% for normal, 100% for FTP Patator, and 100% for SSH Patator. Although the performance did not differ significantly, the decision tree has the advantage over the random forest in running time. The decision tree is seven seconds faster than the random forest. Furthermore, this research contributes in defining five importance features to recognize the brute force attack. The five features are Destination Port, Maximal Forward Packet Length, Backward Init Win Bytes, Mean Packet Length, and Average Packet Size.