Machine learning classification-based portscan attacks detection using decision table
Abstract
Port scanner attackers are typically used to identify weak points or vulnerabilities in an organization's network. When attackers send a detective message to a port number, the response tells them whether the port is open and assists them in identifying potential vulnerabilities. However, machinelearning approaches are the most effective techniques for detecting and identifying port scanner attacks. This attack is regarded as one of the most dangerous internet threats. This research aims to strengthen the detection accuracy and reduce the detection time. Tagged network traffic data sets are used to train the classification machine learning techniques. On the other hand, network traffic analysis is used by unsupervised method to detect attacks. This study modifies the decision table and OneR classification algorithms as a supervised technique for portscan detection. The proposed algorithm uses the CICIDS2017 dataset for both training and testing. The proposed hybrid feature selection methods use and apply multiple training and testing through a sequence of experiments, the proposed method is capable of detecting the portscan attack with 99.8% accuracy, which is competitive in addition to the proposed combination's fast response.
Keywords
CICIDS2017; Data mining; Decision table; Feature selection; Machine learning; Network security; OneR
Full Text:
PDFDOI: http://doi.org/10.11591/ijeecs.v29.i3.pp1466-1472
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Indonesian Journal of Electrical Engineering and Computer Science (IJEECS)
p-ISSN: 2502-4752, e-ISSN: 2502-4760
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).