TY - GEN
T1 - Double Layer Machine Learning for Network Intrusion Detection System on Web Server
AU - Amrullah, Muhammad Hafiz
AU - Dewanta, Favian
AU - Aminanto, Muhamad Erza
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Nowadays, web application networks are experiencing rapid growth. Consequently, cybercriminals are launching more aggressive attacks on these networks. Intrusion detection systems, also known as IDS, extensively utilize pattern-matching methods based on signatures. This capability enables the systems to identify a wide variety of network-based attacks. To accurately detect anomalies or attacks, machine learning classifiers significantly enhance the robust performance of IDS compared to pattern-matching approaches based solely on packet features, such as packet lengths, flow duration, flags, and other characteristics. However, the accuracy of a single machine learning classifier method is relatively low in detecting a particular kind of attack due to the existence of different attack patterns. This research proposes a double layer machine learning approach based on the Random Forest and KNN algorithms. The aim is to identify the two most common types of attacks on web servers, namely DOS/DDOS and brute force attacks. Two distinct ML models were developed in parallel for IDS on web servers. The initial layer of the ML model comprises a 3-class classification approach using a random forest algorithm, enabling the identification of network records from the dataset as belonging to DoS, DDoS, and normal classes. The second layer of the ML model is constructed using KNN, which categorizes network records from the dataset into four classes, namely FTP-Patator, SSH-Patator, Web Brute Force, or normal. The selected features can significantly reduce both the training processing time and the prediction processing time. Based on the simulation results, the first layer, utilizing the random forest algorithm, achieved the best metrics with an accuracy of 0.9994 when using 40 features. On the other hand, the second layer obtained the best metrics with an accuracy of 0.9945 when using 64 features, but also performed well with 40 features.
AB - Nowadays, web application networks are experiencing rapid growth. Consequently, cybercriminals are launching more aggressive attacks on these networks. Intrusion detection systems, also known as IDS, extensively utilize pattern-matching methods based on signatures. This capability enables the systems to identify a wide variety of network-based attacks. To accurately detect anomalies or attacks, machine learning classifiers significantly enhance the robust performance of IDS compared to pattern-matching approaches based solely on packet features, such as packet lengths, flow duration, flags, and other characteristics. However, the accuracy of a single machine learning classifier method is relatively low in detecting a particular kind of attack due to the existence of different attack patterns. This research proposes a double layer machine learning approach based on the Random Forest and KNN algorithms. The aim is to identify the two most common types of attacks on web servers, namely DOS/DDOS and brute force attacks. Two distinct ML models were developed in parallel for IDS on web servers. The initial layer of the ML model comprises a 3-class classification approach using a random forest algorithm, enabling the identification of network records from the dataset as belonging to DoS, DDoS, and normal classes. The second layer of the ML model is constructed using KNN, which categorizes network records from the dataset into four classes, namely FTP-Patator, SSH-Patator, Web Brute Force, or normal. The selected features can significantly reduce both the training processing time and the prediction processing time. Based on the simulation results, the first layer, utilizing the random forest algorithm, achieved the best metrics with an accuracy of 0.9994 when using 40 features. On the other hand, the second layer obtained the best metrics with an accuracy of 0.9945 when using 64 features, but also performed well with 40 features.
KW - double layer
KW - KNN
KW - machine learning
KW - random forest
UR - http://www.scopus.com/inward/record.url?scp=85175646376&partnerID=8YFLogxK
U2 - 10.1109/ICITACEE58587.2023.10277350
DO - 10.1109/ICITACEE58587.2023.10277350
M3 - Conference contribution
AN - SCOPUS:85175646376
T3 - 2023 10th International Conference on Information Technology, Computer, and Electrical Engineering, ICITACEE 2023
SP - 281
EP - 286
BT - 2023 10th International Conference on Information Technology, Computer, and Electrical Engineering, ICITACEE 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 10th International Conference on Information Technology, Computer, and Electrical Engineering, ICITACEE 2023
Y2 - 31 August 2023 through 1 September 2023
ER -