A Study on Supervised Machine Learning Technique to Detect Anomalies in Networks

A Study on Supervised Machine Learning Technique to Detect Anomalies in Networks

Keshav Sinha
Copyright: © 2021 |Pages: 22
DOI: 10.4018/978-1-7998-6449-3.ch011
(Individual Chapters)
No Current Special Offers


During this time, COVID-19 has affected the lifestyles of many individuals; in the meantime, an enormous amount of users are connected with the internet. This will also increase the chance of network intrusion due to congestion and overloading of the server. So, to cope with this problem, the authors proposed an automated intrusion detection system (IDS) which helps in monitoring the traffic and service request. The model is used to identify the illegal access and counterparts with static checking capabilities of the firewall. The classical KDDCup 99 dataset is used for training and testing purposes.
Chapter Preview


There is a massive amount of users is connected with the giant pool of internet. During the time of COVID-19 maximum number of users is using the internet service, which leads to the congestion and overloading of the server, in the meantime adversaries are also waited for this kind of opportunity to perform network intrusion. So to cope with this type of problem Intrusion Detection System (IDS) is implemented, where it detects the multiple requests or any suspicious activity on the internet and provides the alert to the administrator. We can say that IDS is a tool that is used for the identification of illegal access to the network. In general, the intrusion is an effective attack on the network which violate the security policies of the system. The Security Information and Event Management (SIEM) system is also present to collect the malicious activity of the network (Schultz, 2009). The working of SIEM is to collect and combine the outputs of multiple nodes and apply the filter technique. The information is separated based on false and true intrusion activity. According to Allen et al. (2000), the term intrusion means that the activities conducted by the adversary to get the information from the victim. The adversary always has some specific objective in mind which is to be executed at the time of the attack. The responsibility of the network administrator is to maintain the system such that no such type of scenario is to be executed at any time. The physiology behind the intrusion is, if the attacker will succeed in attack and it achieves the objective through which the attack was initiated then we say that it is a successful attack. It is slightly opposite in the case of the victim if the attack will successfully breach the security of the system but it doesn’t take any information just watch the network traffic then we say that intrusion is not been successfully executed. It is just a matter of perception of how the attack is apparent for different users. Some of the common examples of network attacks are Distributed Denial of Service (DDoS), Packet Sniffing, Remote Login, Trojan horse, and spyware, etc. These attacks will send multiple requests to the victim server so that they create a backdoor for intrusions.

Intrusion Detection System (IDS)

Intrusion detection is not a manual process, where it required a classification algorithm to detect the attack in a dynamic environment (Morel, 2011). The work of IDS is to detect the unauthorized access of networks in the runtime environment. In ideal systems, the firewall is used to identify all types of unwanted requests on a computer network but in the case of a dynamic attack, the static firewall is not feasible. So, to cope with this the automatic intrusion detection systems are to deploy with the data dictionary in such a way that the system will decide what type of attack is that? And what kind of measure has to be taken at the time attack? For better understanding, let us consider a situation, where attackers don’t have any login credential and they apply to guess attacks to find the information. The work of IDS is to identify the failed attempt at the time of login. According to this theory, IDS creates a flag for every doubtful activity on the network. However, the classical firewall will unable to distinguish this type of attack on the server. It would only be designed for the pre-configured work and rules for network intrusion. Nowadays, programmers and scientists are not giving more effort on developing the Intrusion Detection and Prevention Systems (IDPS) (Day, 2013). Apart from this, the scientist will propose systems that will work automatically at the time of the attack and it provide prevention. The prevention system is allowed to take all types of necessary actions that will require at the time of intrusion. A very common example is a social attack, where the user doesn’t require any skill sets to execute the attack. The dependency of users on the internet is increased this leads to the increase in security threats. To avoid this type of problem we required an intrusion detection system which will help us to avoid any type of attack.

Key Terms in this Chapter

Confusion Matrix: It is a statistical classification of a problem which is used for performance visualization.

Clustering: It is a categorization process in which the data are grouped based on the features.

Anomaly detection: It is used to identify certain points, events, an observation which diverge from normal behavior.

Trojan Horse: It is a kind of malware that misleads the users from its true intent.

Denial of Service (DoS): It is a kind of cyber-attack in which the adversary interrupts the services of the network.

Packet Sniffing: It is used to capture the packets which are flowing all across the network.

Unsupervised Learning: It is a machine learning technique that is used to find undetected patterns without using any pre-defined label data.

Decision Tree: It is a tree-like model that is used for making the decision.

Supervised Learning: It is the machine learning technique in which the input and output are based on the input-output pairs.

Complete Chapter List

Search this Book: