| Intrusion detection has become essential to network security because of the increasing connectivity between computers.In recent years,internal attacks based on system destruction,information theft and electronic fraud have caused serious threats to individuals and enterprises,and even to national security,because of their concealed and destructive characteristics.This paper uses machine learning methods to design two internal threat detection systems for different scenarios from host-based masquerading intrusion detection and internal network trafficbased intrusion detection.For host-based masquerading intrusion detection,this article uses the SEA dataset,a labeled user command line dataset collected on a UNIX platform.Based on existing researches,we designed a new MLP and Random Forest masquerading intrusion detection model based on command sequences.The experimental results show that two proposed methods achieve good results in both detection accuracy and detection cost.For intrusion detection of internal network traffic,this paper uses the CIDDS-002 data set,a labelled internal flow-based dataset.In this article,a detailed analysis of CIDDS-002 dataset was conducted and a wide range of machine learning techniques were used to analyze the complexity of the dataset.Evaluation metrics including detection rate,accuracy,false positive rate were utilised to assess the performance of employed machine learning techniques,and we also proved the validity of the CIDDS-002 data set used for network intrusion detection system evaluation.The research content of this paper solves some existing problems in the hostbased masquerading intrusion detection and internal network-based intrusion detection,and achieved the goal of high availability and high accuracy. |
PDF Full Text Request