Machine Learning Based Network Anomaly Detection

Abstract

Network Anomaly Detection Systems (NADSs) play prominent role in network security. Due to dynamic change of malware in network traffic data, traditional tools and techniques are failing to protect networks from attack penetration. In this paper we propose a two-phase model to detect and categorize anomalies. First, we selected Random Forest based on the highest accuracy-score out of eleven commonly used algorithms tested with the same set of data. The RF is used to detect anomalies and generate an extra feature named “attack-or-not”. Secondly we fed Neural Network with the data having “attack-or-not” feature to differentiate attack categories, which will help treating each type accordingly. The model performance was good, it scored 0.99 for both Precision and Recall in anomaly detection phase and 0.93 for Precision and 0.88 for Recall in attack categorization phase. We used UNSW-NB15 data set in our study.