Vis enkel innførsel

dc.contributor.authorHagos, Desta Haileselassie
dc.contributor.authorYazidi, Anis
dc.contributor.authorKure, Øivind
dc.contributor.authorEngelstad, Paal E.
dc.date.accessioned2019-01-18T12:27:08Z
dc.date.available2019-01-18T12:27:08Z
dc.date.created2017-08-04T14:03:17Z
dc.date.issued2017
dc.identifier.citationAdvanced Information Networking and Applications. 2017, 909-918.nb_NO
dc.identifier.issn1550-445X
dc.identifier.urihttp://hdl.handle.net/11250/2581304
dc.description.abstractWith the increasing threats of security attacks, Machine learning (ML) has become a popular technique to detect those attacks. However, most of the ML approaches are black-box methods and their inner-workings are difficult to understand by human beings. In the case of network security, understanding the dynamics behind the classification model is a crucial element towards creating safe and human-friendly systems. In this article, we investigate the most important features in identifying well-known security attacks by using Support Vector Machines (SVMs) and l1-regularized method with Least Absolute Shrinkage and Selection Operator (LASSO) for robust regression both to binary and multiclass attack classification. SVMs are one of the standards of ML classification techniques that give a reasonably good performance but with some drawbacks in terms of interpretability. On the other hand, LASSO is a regularized regression method often performing comparably well and it has extra compelling advantages of being very easily interpretable. LASSO provides coefficients that contribute how individual features affect the probability of specific security attack classes to occur. Hence, we finally use LASSO in particular for multiclass classification to help us better understand which actual features shared by attacks in a network are the most important ones. To perform our analysis, we use the recent NSL-KDD intrusion detection public dataset where the data are labeled into either anomalous (denial-of-service (DoS), remote-to-local (R2L), user-to-root (U2R) and probe attack classes) or normal. Empirical results of the analysis and computational performance comparison over the competing methods used are also presented and discussed. We believe that the methodology presented in this paper may strengthen a future research in network intrusion detection settings.nb_NO
dc.language.isoengnb_NO
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)nb_NO
dc.titleEnhancing security attacks analysis using regularized machine learning techniquesnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.description.versionpublishedVersionnb_NO
dc.source.pagenumber909-918nb_NO
dc.source.journalAdvanced Information Networking and Applicationsnb_NO
dc.identifier.doi10.1109/AINA.2017.19
dc.identifier.cristin1484258
dc.description.localcodeThis article will not be available due to copyright restrictions (c) 2017 by Institute of Electrical and Electronics Engineers (IEEE)nb_NO
cristin.unitcode194,63,30,0
cristin.unitnameInstitutt for informasjonssikkerhet og kommunikasjonsteknologi
cristin.ispublishedtrue
cristin.fulltextoriginal
cristin.qualitycode1


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel