Evaluation of Multilayer Perceptron algorithms for an analysis of network flow data
Jędrzej Bieniasz , Mariusz Rawski , Krzysztof Skowron , Mateusz Trzepiński
AbstractThe volume of exchanged information through IP networks is the largest than ever and still grows up. It creates a space for both benign and malicious activities. The second ones rise awareness on security of network devices, as well as network infrastructure and a system as a whole. One of the basic tools to prevent cyber attacks is Network Instrusion Detection System (NIDS). NIDS could be realized as a signature-based detector or an anomaly-based one. In the last few years the emphasis has been placed on the latter type, because of the possibility of applying smart and intelligent solutions. An ideal NIDS of next generation should be composed of self-learning algorithms that could react on known and unknown malicious network activities respectively. In this paper we evaluated a machine learning approach for detection of anomalies in IP network data represented as NetFlow records. We considered Multilayer Perceptron (MLP) as the classifier and we used two types of learning algorithms – Backpropagation (BP) and Particle Swarm Optimization (PSO). This paper includes a comprehensive survey on determining the most optimal MLP learning algorithm for the classification problem in application to network flow data. The performance, training time and convergence of BP and PSO methods were compared. The results show that PSO algorithm implemented by the authors outperformed other solutions if accuracy of classifications is considered. The major disadvantage of PSO is training time, which could be not acceptable for larger data sets or in real network applications. At the end we compared some key findings with the results from the other papers to show that in all cases results from this study outperformed them.
|Pages||100314G-1 - 100314G-13|
|Publication size in sheets||0.3|
|Book||Romaniuk Ryszard (eds.): Proc. SPIE. 10031, Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2016, vol. 10031, 2016, SPIE , ISBN 9781510604858, [781510604865 (electronic) ], 1170 p., DOI:10.1117/12.2257157|
|Keywords in English||Network Intrusion Detection Systems, Flow-based anomaly detection, NetFlow, Machine Learning, Neural Networks, Backpropagation, Particle Swarm Optimization|
|project||The Develpment of Digital Communicatios. Project leader: Siuzdak Jerzy,
, Phone: +48 22 234-7232, start date 27-04-2015, end date 31-12-2016, IT/2015/statut, Completed
|Score|| = 15.0, 27-03-2017, BookChapterMatConf|
= 15.0, 27-03-2017, BookChapterMatConf
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.