Mitigating Unbalanced And Overlapped Problems Of Large Network Intrusion Data Using Multiplelevel Detection Techniques
Network intrusion data sets are usually unbalanced in class distribution because intrusions are rare occurrences in computer networks. Besides, data set classes may overlap because of their high similarity. These problems have caused a low detection rate for intrusions that are the minority in data...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Year Project / Dissertation / Thesis |
| Published: |
2022
|
| Subjects: | |
| Online Access: | http://eprints.utar.edu.my/4616/1/2002159_Ho_Yan_Bing.pdf http://eprints.utar.edu.my/4616/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Network intrusion data sets are usually unbalanced in class distribution because intrusions are rare occurrences in computer networks. Besides, data set classes may overlap because of their high similarity. These problems have caused a low detection rate for intrusions that are the minority in data sets because learning algorithms favour the majority class (normal traffic). Our study aims to design a multiple-level detection for detecting network intrusions by mitigating the unbalanced class distribution and overlapping class problems. We propose two two-level classifications (TLC) with different arrangements to improve the detection rate of intrusions. TLC type I detects only binary classes: one general intrusion and normal traffic at the first level. Then, detailly classifies the intrusion classes at the second level. On the other hand, TLC type II detects the intrusion classes and normal traffic at the first level and then passes the traffic that is classified as normal to the second level for further detection. To evaluate our proposed TLCs, we used two unbalanced and overlapped network intrusion data sets in this study: UNSW-NB15 and CICIDS2017. Our proposed TLC Type II achieved an overall accuracy of 0.9817 and 0.999 for UNSW-NB15 and CICIDS2017, respectively. The unbalanced and overlapped problems were mitigated using the proposed TLC Type II. The classifiers in TLC- Type II are arranged so that the occurrences of misclassified intrusions are minimised. |
|---|