Exploiting SNMP-MIB Data to Detect Network Anomalies using Machine Learning Techniques

TL;DR

This paper explores using SNMP-MIB data with machine learning classifiers to detect and classify network attacks, especially DoS attacks, achieving high detection accuracy.

Contribution

It introduces an effective detection mechanism leveraging SNMP-MIB data and compares multiple classifiers for improved attack detection.

Findings

High detection rate achieved with machine learning classifiers

SNMP-MIB data significantly improves attack detection accuracy

Effective classification of different attack types

Abstract

The exponential increase in the number of malicious threats on computer networks and Internet services due to a large number of attacks makes the network security at continuous risk. One of the most prevalent network attacks that threaten networks is Denial of Service (DoS) flooding attack. DoS attacks have recently become the most attractive type of attacks to attackers and these have posed devastating threats to network services. So, there is a need for effective approaches, which can efficiently detect any intrusion in the network. This paper presents an efficient mechanism for network attacks detection and types of attack classification using the Management Information Base (MIB) database associated with the Simple Network Management Protocol (SNMP) through machine learning techniques. This paper also investigates the impact of SNMP-MIB data on network anomalies detection. Three classifiers, namely, Random Forest, AdaboostM1 and MLP are used to build the detection model. The use of different classifiers presents a comprehensive study on the effectiveness of SNMP-MIB data in detecting different types of attack. Empirical results show that the machine learning techniques were quite successful in detecting and classifying the attacks with a high detection rate.