期刊
COMPUTER NETWORKS
卷 144, 期 -, 页码 111-119出版社
ELSEVIER
DOI: 10.1016/j.comnet.2018.07.025
关键词
Restricted Boltzmann Machine; Anomaly Network Intrusion Detection; Systems; NetFlow traffic; Cybersecurity; Machine learning; ISCX dataset
类别
资金
- Pacific Northwest National Laboratory (PNNL), under U.S. Department of Energy [DE-AC05-76RL01830]
- Air Force Research Laboratory (AFRL) [FA8750-18-1-0096]
- Fulbright Distinguished Chair grant
The continuous increase in the number of attacks on computer networks has raised serious concerns regarding the importance of establishing a methodology that can learn and adapt to new and novel attacks, such a model should be able to act or react to such threats within a timely manner, so that measures are undertaken to counter any potential breaches within the network. Training a model to distinguish between normal and anomalous network behavior is a difficult task due to the high dimensionality of the network traffic data. One of the key requirements of a successful Anomaly Network Intrusion Detection Systems (A-NIDS) is the ability to recognize new patterns of attacks that it has never before seen. This objective can be achieved through incorporating machine leaning techniques in the learning model of the A-NIDS. In this study, we demonstrate the use of a powerful machine learning technique called the Restricted Boltzmann Machine (RBM) to distinguish between normal and anomalous NetFlow traffic. We evaluate our approach through testing it on the newly renowned Information Security Center of Excellence (ISCX) dataset. Our results indicate that RBMs can be trained successfully to classify normal and anomalous NetFlow traffic. Unlike previous studies, we employ measures of true positives and negatives along with the accuracy to test the effectiveness of RBM as a classifier for A-NIDS. We also utilize the usage of a balanced set to reduce any biases that appear during the RBM training. (C) 2018 The Authors. Published by Elsevier B.V.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据