Machine learning classification-based portscan attacks detection using decision table

Mahdi Nsaif Jasim, Ali Munther Abdul Rahman, Muthanna Jabbar Abdulredhi


Port scanner attackers are typically used to identify weak points or vulnerabilities in an organization's network. When attackers send a detective message to a port number, the response tells them whether the port is open and assists them in identifying potential vulnerabilities. However, machinelearning approaches are the most effective techniques for detecting and identifying port scanner attacks. This attack is regarded as one of the most dangerous internet threats. This research aims to strengthen the detection accuracy and reduce the detection time. Tagged network traffic data sets are used to train the classification machine learning techniques. On the other hand, network traffic analysis is used by unsupervised method to detect attacks. This study modifies the decision table and OneR classification algorithms as a supervised technique for portscan detection. The proposed algorithm uses the CICIDS2017 dataset for both training and testing. The proposed hybrid feature selection methods use and apply multiple training and testing through a sequence of experiments, the proposed method is capable of detecting the portscan attack with 99.8% accuracy, which is competitive in addition to the proposed combination's fast response.


CICIDS2017; Data mining; Decision table; Feature selection; Machine learning; Network security; OneR

Full Text:




  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Indonesian Journal of Electrical Engineering and Computer Science (IJEECS)
p-ISSN: 2502-4752, e-ISSN: 2502-4760
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).

shopify stats IJEECS visitor statistics