Performance Evaluation of a Combined Anomaly Detection Platform

Research output: Contribution to journalArticleScientificpeer-review

Standard

Performance Evaluation of a Combined Anomaly Detection Platform. / Monshizadeh, Mehrnoosh; Khatri, Vikramajeet; Atli, Buse; Kantola, Raimo; Yan, Zheng.

In: IEEE Access, Vol. 7, No. 2169-3536 , 24.07.2019, p. 100964-100978.

Research output: Contribution to journalArticleScientificpeer-review

Harvard

APA

Vancouver

Author

Bibtex - Download

@article{ed48e09eb7bb496481d7a9462ddf6529,
title = "Performance Evaluation of a Combined Anomaly Detection Platform",
abstract = "Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining techniques to tackle effectively the security issues in high load communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time to detect cyber-attacks over existing solutions. While authors’ previous paper evaluated HADM efficiency (accuracy and computation time) against related studies, this paper, concentrates on HADM robustness and scalability. For this purpose, five datasets, including ISCX-2012, UNSW-NB15 Jan, UNSW-NB15 Feb, ISCX-2017, and MAWILab-2018, with various size and diverse attacks have been used. Different feature selection methods are applied to find the best features. The feature selection methods are selected based on the algorithms’ computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets and based on the metrics such as cross-entropy loss, precision, recall, and computation time. The result of HADM platform shows robustness and scalability against datasets with different size and diverse attacks.",
keywords = "Anomaly Detection, Data Mining, feature selection, machine learning, security",
author = "Mehrnoosh Monshizadeh and Vikramajeet Khatri and Buse Atli and Raimo Kantola and Zheng Yan",
year = "2019",
month = "7",
day = "24",
doi = "10.1109/ACCESS.2019.2930832",
language = "English",
volume = "7",
pages = "100964--100978",
journal = "IEEE Access",
issn = "2169-3536",
number = "2169-3536",

}

RIS - Download

TY - JOUR

T1 - Performance Evaluation of a Combined Anomaly Detection Platform

AU - Monshizadeh, Mehrnoosh

AU - Khatri, Vikramajeet

AU - Atli, Buse

AU - Kantola, Raimo

AU - Yan, Zheng

PY - 2019/7/24

Y1 - 2019/7/24

N2 - Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining techniques to tackle effectively the security issues in high load communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time to detect cyber-attacks over existing solutions. While authors’ previous paper evaluated HADM efficiency (accuracy and computation time) against related studies, this paper, concentrates on HADM robustness and scalability. For this purpose, five datasets, including ISCX-2012, UNSW-NB15 Jan, UNSW-NB15 Feb, ISCX-2017, and MAWILab-2018, with various size and diverse attacks have been used. Different feature selection methods are applied to find the best features. The feature selection methods are selected based on the algorithms’ computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets and based on the metrics such as cross-entropy loss, precision, recall, and computation time. The result of HADM platform shows robustness and scalability against datasets with different size and diverse attacks.

AB - Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining techniques to tackle effectively the security issues in high load communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time to detect cyber-attacks over existing solutions. While authors’ previous paper evaluated HADM efficiency (accuracy and computation time) against related studies, this paper, concentrates on HADM robustness and scalability. For this purpose, five datasets, including ISCX-2012, UNSW-NB15 Jan, UNSW-NB15 Feb, ISCX-2017, and MAWILab-2018, with various size and diverse attacks have been used. Different feature selection methods are applied to find the best features. The feature selection methods are selected based on the algorithms’ computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets and based on the metrics such as cross-entropy loss, precision, recall, and computation time. The result of HADM platform shows robustness and scalability against datasets with different size and diverse attacks.

KW - Anomaly Detection

KW - Data Mining

KW - feature selection

KW - machine learning

KW - security

U2 - 10.1109/ACCESS.2019.2930832

DO - 10.1109/ACCESS.2019.2930832

M3 - Article

VL - 7

SP - 100964

EP - 100978

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

IS - 2169-3536

ER -

ID: 36169359