Advancements in computer networks and communication technologies like software defined networks (SDN), Internet of things (IoT), microservices architecture, cloud computing and network function virtualization (NFV) have opened new fronts and challenges for security experts to combat against modern cyberattacks. Relying on perimeter defense and signature-based network security solutions like Intrusion Detection and Prevention Systems (IDS/IPS) have failed to deliver adequate level of security against new attack vectors such as advance persistent threats, zero days, ransomware, botnets and other forms of targeted attacks. Recent developments in machine learning and cognitive computing have shown great potential to detect unknown and new intrusion events where legacy misuse and anomaly based intrusion detection systems usually fail. In this research study we applied state of the art machine learning algorithms on UNSW-NB15 dataset for potential applicability to detect new attacks. We also proposed a novel wrapper based feature selection technique TS-RF using metaheuristic Tabu Search (TS) algorithm and Random Forest (RF) ensemble classifier. Results obtained by applying proposed feature selection technique i.e. TS-RF on UNSW-NB15 dataset show improvement in overall intrusion detection accuracy while it reduces computation complexity as it removes more than 60% features.
翻译:计算机网络和通信技术的进步,如软件定义网络(SDN)、物联网(IoT)、微观服务结构、云计算和网络功能虚拟化(NFV)等计算机网络和通信技术的进步,为安全专家打击现代网络攻击开辟了新的战线和挑战;依靠周边防御和基于签名的网络安全解决方案,如入侵探测和预防系统(IDS/IPS)等,未能提供足够程度的安全,防止新的攻击矢量,如前期持续威胁、零日、赎金软件、赎金软件、肉网和其他形式的定点攻击;机器学习和认知计算的最新发展显示,在遗留的误用和异常入侵探测系统通常失灵的情况下,极有可能发现未知和新的入侵事件;在这项研究中,我们采用了UNSW-NB15数据集的艺术机器学习算法,以可能适用于探测新的攻击;我们还提议采用新型基于地物选择技术TTS-RF,使用美术的算法和随机森林(RF)混合分类;通过应用拟议的地物选择技术,即对UNSW-RF的精确度进行60号探测,同时减少联合国SW-NB15的精确度数据改进。