Weighted Trustworthiness for ML Based Attacks Classification

Recently, machine learning techniques are gaining a lot of interest in security applications as they exhibit fast processing with real-time predictions. One of the significant challenges in the implementation of these techniques is the collection of a large amount of training data for each new potential attack category, which is most of the time, unfeasible. However, learning from datasets that contain a small training data of the minority class usually produces a biased classifiers that have a higher predictive accuracy for majority class(es), but poorer predictive accuracy over the minority class. In this paper, we propose a new designed attacks weighting model to alleviate the problem of imbalanced data and enhance the accuracy of minority classes detection. In the proposed system, we combine a supervised machine learning algorithm with the node1 past information. The machine learning algorithm is used to generate a classifier that differentiates between the investigated attacks. Then, the system stores these decisions in a database and exploits them for the weighted attacks classification model. Thus, for each attack class, the weight that maximizes the detection of the minority classes will be computed and the final combined decision is generated. In this work, we use the UNSW dataset to train the supervised machine learning model. The simulation results show that the proposed model can effectively detect intrusion attacks and provide better accuracy, detection rates and lower false alarm rates compared to state-of-the art techniques.1In this document we will use the words “node” to represent computing, storage, physical, and virtual machines.

[1]  Xin Huang,et al.  Use of Machine Learning in Detecting Network Security of Edge Computing System , 2019, 2019 IEEE 4th International Conference on Big Data Analytics (ICBDA).

[2]  Ali Ghorbani,et al.  Alert correlation survey: framework and techniques , 2006, PST.

[3]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[4]  Mohammed Samaka,et al.  Feasibility of Supervised Machine Learning for Cloud Security , 2016, 2016 International Conference on Information Science and Security (ICISS).

[5]  Kakali Chatterjee,et al.  Cloud security issues and challenges: A survey , 2017, J. Netw. Comput. Appl..

[6]  Sugata Sanyal,et al.  A Survey on Security Issues in Cloud Computing , 2011, 1109.5388.

[7]  Mazen O. Hasna,et al.  Location privacy preservation in secure crowdsourcing-based cooperative spectrum sensing , 2016, EURASIP J. Wirel. Commun. Netw..

[8]  Aditi Roy,et al.  Multi-classification of UNSW-NB15 Dataset for Network Anomaly Detection System , 2020 .

[9]  Mohammed Samaka,et al.  Machine Learning for Anomaly Detection and Categorization in Multi-Cloud Environments , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[10]  Zeki Erdem,et al.  Online Naive Bayes classification for network intrusion detection , 2014, 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014).

[11]  Taghi M. Khoshgoftaar,et al.  Impact of noise and data sampling on stability of feature ranking techniques for biological datasets , 2012, 2012 IEEE 13th International Conference on Information Reuse & Integration (IRI).

[12]  Taghi M. Khoshgoftaar,et al.  RUSBoost: A Hybrid Approach to Alleviating Class Imbalance , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[13]  Susan T. Dumais,et al.  Hierarchical classification of Web content , 2000, SIGIR '00.