Over the past decades, the Internet and information technologies have elevated security issues due to the huge use of networks. Because of this advance information and communication and sharing information, the threats of cybersecurity have been increasing daily. Intrusion Detection System (IDS) is considered one of the most critical security components which detects network security breaches in organizations. However, a lot of challenges raise while implementing dynamics and effective NIDS for unknown and unpredictable attacks. Consider the machine learning approach to developing an effective and flexible IDS. A deep neural network model is proposed to increase the effectiveness of intrusions detection system. This chapter presents an efficient mechanism for network attacks detection and attack classification using the Management Information Base (MIB) variables with machine learning techniques. During the evaluation test, the proposed model seems highly effective with deep neural network implementation with a precision of 99.6% accuracy rate.
TopI. Introduction
The fast development of the internet and network communication have expanded security threats and cybersecurity attacks. A network can be protected against cybersecurity threats using an intrusion detection system. An IDS can protect intrusions and malicious activities by an alert when attacks occur. IDS work as network analyzer for all network traffic. Intrusion detection systems require a lot of maintenance to keep its database updated with the latest attacks. Considering this, it shows the importance of. There are two main types of intrusion detection system namely, host-based and network Base.
Host intrusion detection system captures and monitors activities of an individual host or computer device which are installed. The main concern of host-based is on the operating system activity and event logs. Because of Host-based rely on event logs, they become limited by them. Another drawback for host-based can have a huge impact on the performance on the device is installed by parsing every monitored log. Network-based intrusion system monitors multiple connected systems in a network in parallel. Network-based and firewall work together to increase protecting and monitoring the network packet traversing through the network to detect abnormal activities. Network-based also analyze the traffic using different techniques to determine whether normal or abnormal activity (Alom, Bontupalli, & Taha, 2015).
For large enterprise organizations, this considers a difficult task to perform detect classification on an enormous amount of data pass through a network. Standard intrusion system cannot perform such detection. Considering machine learning methodology has been applied widely in IDS. However, applying machine learning while implementing IDS can increase efficiency and higher detection rate against out of the box intrusion detection system.
In the paper, we provided the following contributions:
- 1.
Present MIB for network attacks detection and attacks classification using machine learning.
- 2.
We used a recent dataset provided by SNMP-MIB for classification training.
- 3.
The proposed model shows high accuracy and perfect detection rate.
The rest of the paper is organized as follows. Section 2 includes an overview of some of existing related work in the domain. Section 3 describes the machine learning classifier approach in the deep neural network. Section 4 introduces the proposed architecture model for attacks detection based on SNMP MIB dataset. Finally, section 5 presents the results of the proposed model.
TopMany researchers have applied machine learning on anomaly and attacks detection in computer networks field. Applying different techniques of machine learning classifier were performed on KDD dataset for example in (Obeidat, Hamadneh, Alkasassbeh, Almseidin, & AlZubi, 2019; Siddique, Akhtar, Khan, & Kim, 2019) and others. The approach was focused on two main elements false negative and false positive detection metrics to improve the detection rate of an IDS. After the performance test, it is confirmed the building approach was effective to lower the false negative alerts, on the other hand, random forest classifier has achieved a higher accuracy rate.
DOS or knowns as Denial of service is one of the most popular network attacks currently which requires an effective approach for better detection by implemented Management Information Base (MIB), MIB`s database relates to the Simple Network Management Protocol (SNMP) using machine learning approach. Old and new works in this area have been done to investigate the ability of using MIB data for network faults and security like in (Al-Kasassbeh & Adda, Network fault detection with Wiener filter-based agent, 2009; Yu, Lee, Kim, & Park, 2008) and others as we will see below.