Enhanced Network Anomaly Detection Model

Based on Supervised Learning Techniques with

Qualitative Features Selection

Name: Muhammad Shahid Azeem

VU Id: MS160400843
Supervised By: Mr. Hasnain Ahmed
Virtual University of Pakistan
 Agenda

 Background
 Problem Statement
 Related Work
 Research Gap
 Proposed Model
 Performance Evaluation Measures
 Background

 Massive growth in the Internet

 Increasing Importance of cyber security
 New threats to data
 Intrusion Detection System (IDS)
 Primary defence mechanism
 Secure data and resources from illegal disclosure and unauthorized access
 Data Security Approaches
 Signature based IDS
 Anomaly Detection based IDS
 Background

 Accuracy of Intrusion Detection

 Features selection

 Quantitative Features
 Number of bytes in source packets, Source to Destination Packet Count

 Qualitative Feature
 Attack type, Protocol Used, Timing of Attack, Source IP Address, Destination IP Address
 Problem Statement

 Existing IDS consider only quantitative and ignore qualitative features

of attack, therefore, their Anomaly Detection Accuracy suboptimal.

 In this research we’ll propose an Anomaly Detection Based IDS for

Communication Networks using Supervised Learning Techniques

 To Enhanced Anomaly Detection Accuracy

 Use of Qualitative Features along with Quantitative Features

 Encoding Of Qualitative Features

 Related Work

Author Technique Data Set Accuracy

Reported
Bhavesh Borisaniya N-gram feature extraction ADFA-LD and ADFA-WD Accuracy: 92%
(2015) technique datasets 20% false positive
      rate
Al-Yaseen et al. Support vector machine. With IDS.KD Cup 1999 dataset. Up to 95.75%.
(2017) Modified K-mean algorithm    
 
Aygun&Yavuz et al. Vanilla and de-noising deep NSLKDD dataset. Accuracy Range:
(2017) Auto-encoders.  88.28%and 88.6%
Assem N., Rachidi et  Markov chain model UNM datasets Accuracy: 97%
al. (2018)   FPR: 3%
 
Naseer et al. Deep learning technique NSLKDDTest+ and 85% and 89%
(2018) Convolutional Neural & NSLKDDTest21 Dataset  
  ,Networks (CNNs)  
 Research Gap

 Most of the research in the area of anomaly detection has focused on

quantitative features of attacks

 Furthermore, this is due to reason that Qualitative features are difficult

to measure

 In this research, we shall use qualitative features along with

quantitative features to detect anomalies in network traffic more
efficiently
Proposed Model
 Supervised Learning Techniques

 Supervised Learning Techniques

 Nearest Neighbour

 Random Forest

 Multilevel perceptron

 Decision tree
 Encoding of Qualitative Features

Quantification of Qualitative Features

Encoders:
 Binary Encoder  SumEncoder
 Hashing Encoder  PolynomialEncoder
 Helmert Encoder  BaseNEncoder
 OneHotEncoder  LeaveOneOutEncoder
 OrdinalEncoder  TargetEncoder
 Performance Evaluation Measures

 Performance Evaluation Techniques

 Precision

 Recall

 Accuracy

 ROC curve
 Types of Attacks Considered

 Analysis

 Backdoors

 Exploits

 Reconnaissance

 Fuzzers

 Generic

 DoS

 Shellcode
 Training and Testing

Model will be Trained and Tested on UNSW-NB15 data set

Comparison with UNSW-NB15 data set and state of the art IDSs
from literature
Any Question

Allah Hafiz