Real-Time Intelligent Anomaly Detection and Prevention System

Remzi Gürfidan; Şerafettin Atmaca; Tuncay Yiğit

doi:10.35377/saucis...1296210

EN

Real-Time Intelligent Anomaly Detection and Prevention System

Abstract

Real-time anomaly detection in network traffic is a method that detects unexpected and anomalous behaviour by identifying normal behaviour and statistical patterns in network traffic data. This method is used to detect potential attacks or other anomalous conditions in network traffic. Real-time anomaly detection uses different algorithms to detect abnormal activities in network traffic. These include statistical methods, machine learning and deep learning techniques. By learning the normal behaviour of network traffic, these methods can detect unexpected and anomalous situations. Attackers use various techniques to mimic normal patterns in network traffic, making it difficult to detect. Real-time anomaly detection allows network administrators to detect attacks faster and respond more effectively. Real-time anomaly detection can improve network performance by detecting abnormal conditions in network traffic. Abnormal traffic can overuse the network's resources and cause the network to slow down. Real-time anomaly detection detects abnormal traffic conditions, allowing network resources to be used more effectively. In this study, blockchain technology and machine learning algorithms are combined to propose a real-time prevention model that can detect anomalies in network traffic.

Keywords

Supporting Institution

YOK

References

[1] S. Walling and S. Lodh, “Performance Evaluation of Supervised Machine Learning Based Intrusion Detection with Univariate Feature Selection on NSL KDD Dataset,” Feb. 2023, doi: 10.21203/RS.3.RS-2537820/V1.
[2] T. S. Reddy and R. Sathya, “Ensemble Machine Learning Techniques for Attack Prediction in NIDS Environment,” Iraqi Journal For Computer Science and Mathematics, vol. 3, no. 2, pp. 78–82, Mar. 2022, doi: 10.52866/IJCSM.2022.02.01.008.
[3] S. Aktar and A. Yasin Nur, “Towards DDoS attack detection using deep learning approach,” Comput Secur, vol. 129, p. 103251, Jun. 2023, doi: 10.1016/J.COSE.2023.103251.
[4] A. N. Özalp and Z. Albayrak, “Detecting Cyber Attacks with High-Frequency Features using Machine Learning Algorithms,” Acta Polytechnica Hungarica, vol. 19, no. 7, pp. 213–233, 2022, doi: 10.12700/APH.19.7.2022.7.12.
[5] G. Fernandes, J. J. P. C. Rodrigues, L. F. Carvalho, J. F. Al-Muhtadi, and M. L. Proença, “A comprehensive survey on network anomaly detection,” Telecommunication Systems 2018 70:3, vol. 70, no. 3, pp. 447–489, Jul. 2018, doi: 10.1007/S11235-018-0475-8.
[6] V. Dutta, M. Choraś, M. Pawlicki, and R. Kozik, “A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection,” Sensors 2020, Vol. 20, Page 4583, vol. 20, no. 16, p. 4583, Aug. 2020, doi: 10.3390/S20164583.
[7] A. Rawashdeh, M. Alkasassbeh, and M. Al-Hawawreh, “An anomaly-based approach for DDoS attack detection in cloud environment,” International Journal of Computer Applications in Technology, vol. 57, no. 4, pp. 312–324, 2018, doi: 10.1504/IJCAT.2018.093533.
[8] N. Hoque, H. Kashyap, and D. K. Bhattacharyya, “Real-time DDoS attack detection using FPGA,” Comput Commun, vol. 110, pp. 48–58, Sep. 2017, doi: 10.1016/J.COMCOM.2017.05.015.

[9] A. Gurina and V. Eliseev, “Anomaly-Based Method for Detecting Multiple Classes of Network Attacks,” Information 2019, Vol. 10, Page 84, vol. 10, no. 3, p. 84, Feb. 2019, doi: 10.3390/INFO10030084.
[10] J. Alsamiri and K. Alsubhi, “Internet of Things Cyber Attacks Detection using Machine Learning,” IJACSA) International Journal of Advanced Computer Science and Applications, vol. 10, no. 12, 2019, Accessed: May 10, 2023. [Online]. Available: www.ijacsa.thesai.org
[11] S. J. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. K. Chan, “Cost-based modeling for fraud and intrusion detection: Results from the JAM project,” Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 130–144, 2000, doi: 10.1109/DISCEX.2000.821515.
[12] “UCI Machine Learning Repository: KDD Cup 1999 Data Data Set.” https://archive.ics.uci.edu/ml/datasets/kdd+cup+1999+data (accessed Mar. 29, 2023).
[13] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, Dec. 2009, doi: 10.1109/CISDA.2009.5356528.
[14] R. Vishwakarma and A. K. Jain, “A survey of DDoS attacking techniques and defence mechanisms in the IoT network,” Telecommun Syst, vol. 73, no. 1, pp. 3–25, Jan. 2020, doi: 10.1007/S11235-019-00599-Z/TABLES/5.
[15] D. Sklavounos, “Statistical Process Control Method for Cyber Intrusion Detection (DDoS, U2R, R2L, Probe),” International Journal of Cyber-Security and Digital Forensics, vol. 8, no. 1, pp. 82–88, 2019, doi: 10.17781/P002560.
[16] M. Amini, R. Jalili, and H. R. Shahriari, “RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks,” Comput Secur, vol. 25, no. 6, pp. 459–468, Sep. 2006, doi: 10.1016/J.COSE.2006.05.003.
[17] M. Ahsan, K. E. Nygard, R. Gomes, M. M. Chowdhury, N. Rifat, and J. F. Connolly, “Cybersecurity Threats and Their Mitigation Approaches Using Machine Learning—A Review,” Journal of Cybersecurity and Privacy 2022, Vol. 2, Pages 527-555, vol. 2, no. 3, pp. 527–555, Jul. 2022, doi: 10.3390/JCP2030027.
[18] L. Breiman, “Random forests,” Mach Learn, vol. 45, no. 1, pp. 5–32, Oct. 2001, doi: 10.1023/A:1010933404324/METRICS.
[19] K. Shah, H. Patel, D. Sanghvi, and M. Shah, “A Comparative Analysis of Logistic Regression, Random Forest and KNN Models for the Text Classification,” Augmented Human Research 2020 5:1, vol. 5, no. 1, pp. 1–16, Mar. 2020, doi: 10.1007/S41133-020-00032-0.
[20] V. F. Rodriguez-Galiano, B. Ghimire, J. Rogan, M. Chica-Olmo, and J. P. Rigol-Sanchez, “An assessment of the effectiveness of a random forest classifier for land-cover classification,” ISPRS Journal of Photogrammetry and Remote Sensing, vol. 67, no. 1, pp. 93–104, Jan. 2012, doi: 10.1016/J.ISPRSJPRS.2011.11.002.
[21] C. Iwendi et al., “COVID-19 patient health prediction using boosted random forest algorithm,” Front Public Health, vol. 8, p. 357, Jul. 2020, doi: 10.3389/FPUBH.2020.00357/BIBTEX.
[22] J. Magidi, L. Nhamo, S. Mpandeli, and T. Mabhaudhi, “Application of the Random Forest Classifier to Map Irrigated Areas Using Google Earth Engine,” Remote Sensing 2021, Vol. 13, Page 876, vol. 13, no. 5, p. 876, Feb. 2021, doi: 10.3390/RS13050876.
[23] X. Cheng and B. Huang, “A center-based secure and stable clustering algorithm for VANETs on highways,” Wirel Commun Mob Comput, vol. 2019, 2019, doi: 10.1155/2019/8415234.
[24] D. Liu and K. Sun, “Random forest solar power forecast based on classification optimization,” Energy, vol. 187, p. 115940, Nov. 2019, doi: 10.1016/J.ENERGY.2019.115940.
[25] M. A. Chandra and S. S. Bedi, “Survey on SVM and their application in image classification,” International Journal of Information Technology (Singapore), vol. 13, no. 5, pp. 1–11, Oct. 2021, doi: 10.1007/S41870-017-0080-1/TABLES/1.
[26] S. Dong, “Multi class SVM algorithm with active learning for network traffic classification,” Expert Syst Appl, vol. 176, p. 114885, Aug. 2021, doi: 10.1016/J.ESWA.2021.114885.
[27] J. Nalepa and M. Kawulok, “Selecting training sets for support vector machines: a review,” Artificial Intelligence Review 2018 52:2, vol. 52, no. 2, pp. 857–900, Jan. 2018, doi: 10.1007/S10462-017-9611-1.
[28] M. Tanveer, T. Rajani, R. Rastogi, Y. H. Shao, and M. A. Ganaie, “Comprehensive review on twin support vector machines,” Ann Oper Res, pp. 1–46, Mar. 2022, doi: 10.1007/S10479-022-04575-W/TABLES/8.
[29] S. Agarwal, D. Tomar, and Siddhant, “Prediction of software defects using twin support vector machine,” Proceedings of the 2014 International Conference on Information Systems and Computer Networks, ISCON 2014, pp. 128–132, Nov. 2014, doi: 10.1109/ICISCON.2014.6965232.
[30] N. Rezaeian and G. Novikova, “Persian Text Classification using naive Bayes algorithms and Support Vector Machine algorithm,” Indonesian Journal of Electrical Engineering and Informatics (IJEEI), vol. 8, no. 1, pp. 178–188, Mar. 2020, doi: 10.52549/IJEEI.V8I1.1696.
[31] F. E. H. Tay and L. Cao, “Application of support vector machines in financial time series forecasting,” Omega (Westport), vol. 29, no. 4, pp. 309–317, Aug. 2001, doi: 10.1016/S0305-0483(01)00026-3.
[32] I. D. Mienye, Y. Sun, and Z. Wang, “Prediction performance of improved decision tree-based algorithms: a review,” Procedia Manuf, vol. 35, pp. 698–703, Jan. 2019, doi: 10.1016/J.PROMFG.2019.06.011.
[33] G. Stein, B. Chen, A. S. Wu, and K. A. Hua, “Decision tree classifier for network intrusion detection with GA-based feature selection,” Proceedings of the Annual Southeast Conference, vol. 2, pp. 2136–2141, 2005, doi: 10.1145/1167253.1167288.
[34] S. Hota, S. P.-Int. J. Eng. Technol, and undefined 2018, “KNN classifier based approach for multi-class sentiment analysis of twitter data,” scholar.archive.org, vol. 7, no. 3, pp. 1372–1375, 2018, doi: 10.14419/ijet.v7i3.12656.
[35] F. Moreno-Seco, L. Micó, and J. Oncina, “A modification of the LAESA algorithm for approximated k-NN classification,” Pattern Recognit Lett, vol. 24, no. 1–3, pp. 47–53, Jan. 2003, doi: 10.1016/S0167-8655(02)00187-3.
[36] S. Tan, “An effective refinement strategy for KNN text classifier,” Expert Syst Appl, vol. 30, no. 2, pp. 290–298, Feb. 2006, doi: 10.1016/J.ESWA.2005.07.019.
[37] A. Murugan, S. A. H. Nair, and K. P. S. Kumar, “Detection of Skin Cancer Using SVM, Random Forest and kNN Classifiers,” J Med Syst, vol. 43, no. 8, pp. 1–9, Aug. 2019, doi: 10.1007/S10916-019-1400-8/FIGURES/6.
[38] Imandoust SB and Bolandraftar M. Int. Journal of Engineering Research and Applications. Vol. 3, Issue 5, Sep-Oct 2013, pp.605-610
[39] J. Bains, K. Kaki, K. S.-I. J. of Computer, and undefined 2013, “Intrusion detection system with multi layer using Bayesian networks,” Citeseer, vol. 67, no. 5, pp. 975–8887, 2013, Accessed: Mar. 29, 2023
[40] Geurts, P., Ernst, D., & Wehenkel, L. (2006). Extremely randomized trees. Machine learning, 63, 3-42.
[41] John, V., Liu, Z., Guo, C., Mita, S., & Kidono, K. (2016). Real-time lane estimation using deep features and extra trees regression. In Image and Video Technology: 7th Pacific-Rim Symposium, PSIVT 2015, Auckland, New Zealand, November 25-27, 2015, Revised Selected Papers 7 (pp. 721-733). Springer International Publishing.
[42] Otchere, D. A., Ganat, T. O. A., Ojero, J. O., Tackie-Otoo, B. N., & Taki, M. Y. (2022). Application of gradient boosting regression model for the evaluation of feature selection techniques in improving reservoir characterisation predictions. Journal of Petroleum Science and Engineering, 208, 109244.
[43] D. H. Deshmukh, T. Ghorpade, and P. Padiya, “Improving classification using preprocessing and machine learning algorithms on NSL-KDD dataset,” in Proceedings - 2015 IEEE International Conference on Communication, Information and Computing Technology, ICCICT 2015, 2015.
[44] K. Rai, M. S. Devi, and A. Guleria, “Decision Tree Based Algorithm for Intrusion Detection,” vol. 2834, pp. 2828–2834, 2016.
[45] S. Aljawarneh, M. Aldwairi, and M. B. Yassein, “Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model,” J. Comput. Sci., vol. 25, pp. 152– 160, 2016.
[46] D. Velásquez et al., "A Hybrid Machine-Learning Ensemble for Anomaly Detection in Real-Time Industry 4.0 Systems," in IEEE Access, vol. 10, pp. 72024-72036, 2022, doi: 10.1109/ACCESS.2022.3188102.
[47] W. Hao, T. Yang and Q. Yang, "Hybrid Statistical-Machine Learning for Real-Time Anomaly Detection in Industrial Cyber–Physical Systems," in IEEE Transactions on Automation Science and Engineering, vol. 20, no. 1, pp. 32-46, Jan. 2023, doi: 10.1109/TASE.2021.3073396.

Details

Primary Language

English

Subjects

Artificial Intelligence

Journal Section

Research Article

Authors

Remzi Gürfidan ^*
0000-0002-4899-2219
Türkiye

Şerafettin Atmaca
0000-0003-2407-1113
Türkiye

Tuncay Yiğit
0000-0003-3074-6818
Türkiye

Early Pub Date

December 27, 2023

Publication Date

December 31, 2023

Submission Date

May 12, 2023

Acceptance Date

September 24, 2023

Published in Issue

Year 2023 Volume: 6 Number: 3

DOI

https://doi.org/10.35377/saucis...1296210

IZ

https://izlik.org/JA55YW46MW

Cite

RIS / Bibtex

APA

Gürfidan, R., Atmaca, Ş., & Yiğit, T. (2023). Real-Time Intelligent Anomaly Detection and Prevention System. Sakarya University Journal of Computer and Information Sciences, 6(3), 160-171. https://doi.org/10.35377/saucis...1296210

AMA

1.Gürfidan R, Atmaca Ş, Yiğit T. Real-Time Intelligent Anomaly Detection and Prevention System. SAUCIS. 2023;6(3):160-171. doi:10.35377/saucis.1296210

Chicago

Gürfidan, Remzi, Şerafettin Atmaca, and Tuncay Yiğit. 2023. “Real-Time Intelligent Anomaly Detection and Prevention System”. Sakarya University Journal of Computer and Information Sciences 6 (3): 160-71. https://doi.org/10.35377/saucis. 1296210.

EndNote

Gürfidan R, Atmaca Ş, Yiğit T (December 1, 2023) Real-Time Intelligent Anomaly Detection and Prevention System. Sakarya University Journal of Computer and Information Sciences 6 3 160–171.

IEEE

[1]R. Gürfidan, Ş. Atmaca, and T. Yiğit, “Real-Time Intelligent Anomaly Detection and Prevention System”, SAUCIS, vol. 6, no. 3, pp. 160–171, Dec. 2023, doi: 10.35377/saucis...1296210.

ISNAD

Gürfidan, Remzi - Atmaca, Şerafettin - Yiğit, Tuncay. “Real-Time Intelligent Anomaly Detection and Prevention System”. Sakarya University Journal of Computer and Information Sciences 6/3 (December 1, 2023): 160-171. https://doi.org/10.35377/saucis. 1296210.

JAMA

1.Gürfidan R, Atmaca Ş, Yiğit T. Real-Time Intelligent Anomaly Detection and Prevention System. SAUCIS. 2023;6:160–171.

MLA

Gürfidan, Remzi, et al. “Real-Time Intelligent Anomaly Detection and Prevention System”. Sakarya University Journal of Computer and Information Sciences, vol. 6, no. 3, Dec. 2023, pp. 160-71, doi:10.35377/saucis. 1296210.

Vancouver

1.Remzi Gürfidan, Şerafettin Atmaca, Tuncay Yiğit. Real-Time Intelligent Anomaly Detection and Prevention System. SAUCIS. 2023 Dec. 1;6(3):160-71. doi:10.35377/saucis. 1296210