Knowledge Discovery in Cyber Attacks Data
Journal
2018 26th Telecommunications Forum (TELFOR)
Date Issued
2018-11
Author(s)
Ilievska, Blagorodna
DOI
10.1109/telfor.2018.8612072
Abstract
One of the major challenges in managing security in broadband and high-speed networks is the detection of suspicious anomalies in network traffic. In recent years a lot of effort is focused on developing automatic detection of cyber-attacks using data mining techniques on the data generated from network traffic. In this paper a methodology for automatic detection of cyber-attacks is proposed. To improve the performance, the network traffic data is first preprocessed by filtering and combining features from the original data. The new augmented and refined data is then used to build a classification model that can discriminate between normal network traffic and cyber-attacks. Experimental scenarios are set up to evaluate the effect of preprocessing on the final performance, and additionally to provide insight on possible recommendations in terms of a most suitable classification algorithm. The obtained results indicate performance improvement with data preprocessing. All used classification algorithms provide very high AUC of over 0.95 which attests that the proposed methodology is highly promising for the development and improvement of current and future cyber-attacks detection systems.