Detecting Network Anomalies using Rule-based machine learning within SNMP-MIB dataset
Abdalrahman Hwoij, Mouhammd Al-kasassbeh, Mustafa Al-Fayoumi
TL;DR
This paper presents a rule-based machine learning approach using five classifiers to detect and differentiate DoS attacks from normal network traffic with high accuracy, utilizing SNMP-MIB dataset features.
Contribution
It introduces a novel application of five rule-based classifiers for DoS attack detection within SNMP-MIB data, achieving near-perfect accuracy.
Findings
PART classifier achieved 99.7% accuracy in identifying specific DoS attacks.
PART classifier perfectly distinguished normal traffic from various DoS attacks.
ICMP variables are highly effective in detecting ICMP and HTTP flood attacks.
Abstract
One of the most effective threats that targeting cybercriminals to limit network performance is Denial of Service (DOS) attack. Thus, data security, completeness and efficiency could be greatly damaged by this type of attacks. This paper developed a network traffic system that relies on adopted dataset to differentiate the DOS attacks from normal traffic. The detection model is built with five Rule-based machine learning classifiers (DecisionTable, JRip, OneR, PART and ZeroR). The findings have shown that the ICMP variables are implemented in the identification of ICMP attack, HTTP flood attack, and Slowloris at a high accuracy of approximately 99.7% using PART classifier. In addition, PART classifier has succeeded in classifying normal traffic from different DOS attacks at 100%.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Advanced Malware Detection Techniques