Network Intrusion Detection Using Machine Learning Anomaly Detection Algorithms


Hanıfı K., Bank H., Karslıgıl M. E., Yavuz A. G., Güvensan M. A.

25th Signal Processing and Communications Applications Conference (SIU), Antalya, Türkiye, 15 - 18 Mayıs 2017 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/siu.2017.7960616
  • Basıldığı Şehir: Antalya
  • Basıldığı Ülke: Türkiye
  • Yıldız Teknik Üniversitesi Adresli: Evet

Özet

Attacks on the network are exceptional cases that are not observed in normal traffic behavior. In this work, in order to detect network attacks, using k-means algorithm a new semi-supervised anomaly detection system has been designed and implemented. During the training phase, normal samples were separated into clusters by applying k-means algorithm. Then, in order to be able to distinguish between normal and abnormal samples according to their distances from the clusters' centers and using a validation dataset a threshold value was calculated. New samples that are far from the clusters' centers more than the threshold value is detected as anomalies. We used NSL-KDD a labelled dataset of network connection traces for testing our method's effectiveness. The experiments result on the NSL-KDD data set, shows that we achieved an accuracy of 80.119%.