Development of a Machine Learning Model to Enhance Incremental Approaches for Anomaly Detection in a Network
Keywords:
Computer network attacks, Incremental approach, Intrusion detection systems, One-Class Support Vector Machine, hyperparametersAbstract
The widespread availability of advanced networking technologies has led to a high rate of threat from spammers,
intruders or attackers, and criminals. Over years, attempts have been made by System administrators to prevent
network attacks using available signature-based Intrusion Detection Systems (IDSs). A special type of IDSs,
called Anomaly Detection Systems are capable of detecting both known and unknown attacks and able to work
in online mode but with challenges of a high rate of false alarm. Therefore, this research work aimed at developing
a model to enhance an incremental approach for anomaly detection in a network using a One-class Support Vector
Machine to improve the classification for novel attacks and as well reduce the false alarm rate of the system. A
model for detection and classification of network anomaly was developed using a One-class Support vector
machine (OCSVM) and Incremental approach to reasonably reduce the false alarm rate by building a model
suitable for a rea-time network with the use of KDD'99 datasets to create a fast, scalable and adaptive anomaly
detection. The dataset has 494,021 observations which contain 24 training attack types, with an additional 14
types in the test data only. This research work provides a scope that is possible to identify network anomaly using
default Sklearn's OC-SVM parameter values and varying values for the "gamma" Parameter. In the One-class
Support Vector Machine (OCSVM) technique, the network anomaly was predicted accurately at a 95 percent
accuracy rate.