Machine Learning Algorithms for Classifying Network Anomalies and Intrusions
RNNs and BLS Models Using BGP Datasets
Detecting, analyzing, and defending against cyber threats is an important topic in cyber security.
A variety of machine learning models have been designed to help detect malicious intentions of network users.
We employ two deep learning Recurrent Neural Networks (RNNs) with a variable number of hidden layers:
Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU).
An alternative to deep learning networks is the recently proposed Broad Learning System (BLS).
We evaluate the original BLS and its extensions that employ radial basis function (RBF) and cascades of mapped features and enhancement nodes.
The models are trained and tested using Border Gateway Protocol (BGP) datasets that contain routing records collected from Reseaux
IP Europeens (RIPE) and BCNET and the NLS-KDD dataset. The algorithms are compared based on accuracy and F-Score.
Download RNN
The latest version of the RNN code is available at:
RNN_anomaly_intrusion_detection.zip
Download BLS
The latest version of the BLS code is available at:
BLS_anomaly_intrusion_detection.zip
Run the Python code
Type the following command in the directories BGP_anamoly_detection or NSL-KDD_intrusion_detection:
> python xxx.py
Note: xxx.py are Python files.
Paper:
Z. Li, P. Batta, and Lj. Trajkovic,
"Comparison
of machine learning algorithms for detection of network intrusions,"
IEEE International Conference on Systems, Man, and Cybernetics (SMC 2018),
Miyazaki, Japan, Oct. 2018, pp. 4238-4243.
Poster:
Z. Li, P. Batta, and Lj. Trajkovic,
"Comparison
of machine learning algorithms for detection of network intrusions,"
IEEE International Conference on Systems, Man, and Cybernetics (SMC 2018),
Miyazaki, Japan, Oct. 2018 (poster session paper).
Qingye Ding's M.A.Sc. thesis:
"Application
of machine learning techniques for detecting anomalies in communication networks" and
presentation slides, June 2018.
Book chapter:
Q. Ding, Z. Li, S. Haeri, and Lj. Trajkovic,
"Application
of machine learning techniques to detecting anomalies in communication networks: datasets and feature selection algorithms,"
in Cyber Threat Intelligence, M. Conti, A. Dehghantanha, and T. Dargahi, Eds., Berlin: Springer, pp. 47-70, 2018.
Book chapter:
Z. Li, Q. Ding, S. Haeri, and Lj. Trajkovic,
"Application
of machine learning techniques to detecting anomalies in communication networks: classification algorithms,"
in Cyber Threat Intelligence, M. Conti, A. Dehghantanha, and T. Dargahi, Eds., Berlin: Springer, pp. 71-92, 2018.
Paper:
P. Batta, M. Singh, Z. Li, Q. Ding, and Lj. Trajkovic,
"Evaluation of support vector machine kernels for detecting network anomalies,"
IEEE Int. Symp. Circuits and Systems, Florence, Italy, May 2018, pp. 1-4.
Presentation:
P. Batta, M. Singh, Z. Li, Q. Ding, and Lj. Trajkovic,
"Evaluation
of support vector machine kernels for detecting network anomalies,"
Proc. IEEE Int. Symp. Circuits and Systems,
Florence, Italy, May 2018, pp. 1-4.
Publication: Q. Ding, Z. Li, P. Batta, and Lj. Trajkovic,
"Detecting BGP anomalies using machine learning techniques,"
in Proc. IEEE International Conference on Systems, Man, and Cybernetics (SMC 2016),
Budapest, Hungary, Oct. 2016, pp. 3352-3355.
Poster: Q. Ding, Z. Li, P. Batta, and Lj. Trajkovic,
"Detecting BGP anomalies using machine learning techniques,"
in Proc. IEEE International Conference on Systems, Man, and Cybernetics (SMC 2016),
Budapest, Hungary, Oct. 2016, pp. 3352-3355.
If you have any questions, please contact Zhida Li at <zhidal at sfu.ca>.