TY - GEN
T1 - A Study on Network Anomaly Detection Using Stacking-Based Machine Learning Algorithms for ASNM Datasets
AU - Murugan, Thangavel
AU - Patel, Het Bhavinkumar
AU - Khokhawala, Adil Mustafa
AU - Jaisingh, W.
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.
PY - 2024
Y1 - 2024
N2 - Detecting and analyzing the root cause of network traffic log problems is a labor-intensive and time-consuming operation, particularly for previously undiscovered failure patterns. To identify malicious logs from the advanced security network metrics datasets, our proposed solution is based on a stacking mechanism. According to training data input, there have been roughly three orthogonal approaches to developing intrusion detectors: (1) Detection based on knowledge, which models and matches the characteristics of malicious intrusions, (2) Detection based on anomalies, which models normal behavior and identifies deviations, and (3) Detection based on classification, which concurrently models dangerous and acceptable behavior. In the case of unknown or zero-day assaults evading detection, these strategies have a high false-negative rate, need extensive training and profiling, and are vulnerable. To overcome these problems, our proposed work is based on a stacking model, in which we deployed four machine learning algorithms, one at a time at level 1 and the other at level 0 for a better rate of testing accuracy. The performance of these approaches is relatively comparable, with Naive Bayes being the most effective at level 1 and support vector machines, decision tree, and K-nearest neighbor at level 0.
AB - Detecting and analyzing the root cause of network traffic log problems is a labor-intensive and time-consuming operation, particularly for previously undiscovered failure patterns. To identify malicious logs from the advanced security network metrics datasets, our proposed solution is based on a stacking mechanism. According to training data input, there have been roughly three orthogonal approaches to developing intrusion detectors: (1) Detection based on knowledge, which models and matches the characteristics of malicious intrusions, (2) Detection based on anomalies, which models normal behavior and identifies deviations, and (3) Detection based on classification, which concurrently models dangerous and acceptable behavior. In the case of unknown or zero-day assaults evading detection, these strategies have a high false-negative rate, need extensive training and profiling, and are vulnerable. To overcome these problems, our proposed work is based on a stacking model, in which we deployed four machine learning algorithms, one at a time at level 1 and the other at level 0 for a better rate of testing accuracy. The performance of these approaches is relatively comparable, with Naive Bayes being the most effective at level 1 and support vector machines, decision tree, and K-nearest neighbor at level 0.
KW - Anomaly Detection
KW - Machine Learning
KW - Networks
KW - Security
KW - Stacking
UR - http://www.scopus.com/inward/record.url?scp=85205348774&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85205348774&partnerID=8YFLogxK
U2 - 10.1007/978-981-97-5412-0_35
DO - 10.1007/978-981-97-5412-0_35
M3 - Conference contribution
AN - SCOPUS:85205348774
SN - 9789819754113
T3 - Lecture Notes in Networks and Systems
SP - 501
EP - 512
BT - Intelligent Computing Systems and Applications - Proceedings of the 2nd International Conference, ICICSA 2023
A2 - Bandyopadhyay, Sivaji
A2 - Balas, Valentina Emilia
A2 - Biswas, Saroj Kumar
A2 - Saha, Anish Kumar
A2 - Thounaojam, Dalton Meitei
PB - Springer Science and Business Media Deutschland GmbH
T2 - 2nd International Conference on Intelligent Computing Systems and Applications, ICICSA 2023
Y2 - 21 September 2023 through 22 September 2023
ER -