An Evaluation of Machine Learning Methods for Classifying Bot Traffic in Software Defined Networks
- Van Staden, Joshua, Brown, Dane L
- Authors: Van Staden, Joshua , Brown, Dane L
- Date: 2023
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/463357 , vital:76402 , xlink:href="https://link.springer.com/chapter/10.1007/978-981-19-7874-6_72"
- Description: Internet security is an ever-expanding field. Cyber-attacks occur very frequently, and so detecting them is an important aspect of preserving services. Machine learning offers a helpful tool with which to detect cyber attacks. However, it is impossible to deploy a machine-learning algorithm to detect attacks in a non-centralized network. Software Defined Networks (SDNs) offer a centralized view of a network, allowing machine learning algorithms to detect malicious activity within a network. The InSDN dataset is a recently-released dataset that contains a set of sniffed packets within a virtual SDN. These sniffed packets correspond to various attacks, including DDoS attacks, Probing and Password-Guessing, among others. This study aims to evaluate various machine learning models against this new dataset. Specifically, we aim to evaluate their classification ability and runtimes when trained on fewer features. The machine learning models tested include a Neural Network, Support Vector Machine, Random Forest, Multilayer Perceptron, Logistic Regression, and K-Nearest Neighbours. Cluster-based algorithms such as the K-Nearest Neighbour and Random Forest proved to be the best performers. Linear-based algorithms such as the Multilayer Perceptron performed the worst. This suggests a good level of clustering in the top few features with little space for linear separability. The reduction of features significantly reduced training time, particularly in the better-performing models.
- Full Text:
- Date Issued: 2023
- Authors: Van Staden, Joshua , Brown, Dane L
- Date: 2023
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/463357 , vital:76402 , xlink:href="https://link.springer.com/chapter/10.1007/978-981-19-7874-6_72"
- Description: Internet security is an ever-expanding field. Cyber-attacks occur very frequently, and so detecting them is an important aspect of preserving services. Machine learning offers a helpful tool with which to detect cyber attacks. However, it is impossible to deploy a machine-learning algorithm to detect attacks in a non-centralized network. Software Defined Networks (SDNs) offer a centralized view of a network, allowing machine learning algorithms to detect malicious activity within a network. The InSDN dataset is a recently-released dataset that contains a set of sniffed packets within a virtual SDN. These sniffed packets correspond to various attacks, including DDoS attacks, Probing and Password-Guessing, among others. This study aims to evaluate various machine learning models against this new dataset. Specifically, we aim to evaluate their classification ability and runtimes when trained on fewer features. The machine learning models tested include a Neural Network, Support Vector Machine, Random Forest, Multilayer Perceptron, Logistic Regression, and K-Nearest Neighbours. Cluster-based algorithms such as the K-Nearest Neighbour and Random Forest proved to be the best performers. Linear-based algorithms such as the Multilayer Perceptron performed the worst. This suggests a good level of clustering in the top few features with little space for linear separability. The reduction of features significantly reduced training time, particularly in the better-performing models.
- Full Text:
- Date Issued: 2023
An Evaluation of Machine Learning Methods for Classifying Bot Traffic in Software Defined Networks
- Van Staden, Joshua, Brown, Dane L
- Authors: Van Staden, Joshua , Brown, Dane L
- Date: 2021
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/465645 , vital:76628 , xlink:href="https://link.springer.com/chapter/10.1007/978-981-19-7874-6_72"
- Description: Internet security is an ever-expanding field. Cyber-attacks occur very frequently, and so detecting them is an important aspect of preserving services. Machine learning offers a helpful tool with which to detect cyber attacks. However, it is impossible to deploy a machine-learning algorithm to detect attacks in a non-centralized network. Software Defined Networks (SDNs) offer a centralized view of a network, allowing machine learning algorithms to detect malicious activity within a network. The InSDN dataset is a recently-released dataset that contains a set of sniffed packets within a virtual SDN. These sniffed packets correspond to various attacks, including DDoS attacks, Probing and Password-Guessing, among others. This study aims to evaluate various machine learning models against this new dataset. Specifically, we aim to evaluate their classification ability and runtimes when trained on fewer features. The machine learning models tested include a Neural Network, Support Vector Machine, Random Forest, Multilayer Perceptron, Logistic Regression, and K-Nearest Neighbours. Cluster-based algorithms such as the K-Nearest Neighbour and Random Forest proved to be the best performers. Linear-based algorithms such as the Multilayer Perceptron performed the worst. This suggests a good level of clustering in the top few features with little space for linear separability. The reduction of features significantly reduced training time, particularly in the better-performing models.
- Full Text:
- Date Issued: 2021
- Authors: Van Staden, Joshua , Brown, Dane L
- Date: 2021
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/465645 , vital:76628 , xlink:href="https://link.springer.com/chapter/10.1007/978-981-19-7874-6_72"
- Description: Internet security is an ever-expanding field. Cyber-attacks occur very frequently, and so detecting them is an important aspect of preserving services. Machine learning offers a helpful tool with which to detect cyber attacks. However, it is impossible to deploy a machine-learning algorithm to detect attacks in a non-centralized network. Software Defined Networks (SDNs) offer a centralized view of a network, allowing machine learning algorithms to detect malicious activity within a network. The InSDN dataset is a recently-released dataset that contains a set of sniffed packets within a virtual SDN. These sniffed packets correspond to various attacks, including DDoS attacks, Probing and Password-Guessing, among others. This study aims to evaluate various machine learning models against this new dataset. Specifically, we aim to evaluate their classification ability and runtimes when trained on fewer features. The machine learning models tested include a Neural Network, Support Vector Machine, Random Forest, Multilayer Perceptron, Logistic Regression, and K-Nearest Neighbours. Cluster-based algorithms such as the K-Nearest Neighbour and Random Forest proved to be the best performers. Linear-based algorithms such as the Multilayer Perceptron performed the worst. This suggests a good level of clustering in the top few features with little space for linear separability. The reduction of features significantly reduced training time, particularly in the better-performing models.
- Full Text:
- Date Issued: 2021
An Evaluation of YOLO-Based Algorithms for Hand Detection in the Kitchen
- Van Staden, Joshua, Brown, Dane L
- Authors: Van Staden, Joshua , Brown, Dane L
- Date: 2021
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/465134 , vital:76576 , xlink:href="https://ieeexplore.ieee.org/abstract/document/9519307"
- Description: Convolutional Neural Networks have offered an accurate method with which to run object detection on images. Specifically, the YOLO family of object detection algorithms have proven to be relatively fast and accurate. Since its inception, the different variants of this algorithm have been tested on different datasets. In this paper, we evaluate the performances of these algorithms on the recent Epic Kitchens-100 dataset. This dataset provides egocentric footage of people interacting with various objects in the kitchen. Most prominently shown in the footage is an egocentric view of the participants' hands. We aim to use the YOLOv3 algorithm to detect these hands within the footage provided in this dataset. In particular, we examine the YOLOv3 algorithm using two different backbones: MobileNet-lite and VGG16. We trained them on a mixture of samples from the Egohands and Epic Kitchens-100 datasets. In a separate experiment, average precision was measured on an unseen Epic Kitchens-100 subset. We found that the models are relatively simple and lead to lower scores on the Epic Kitchens 100 dataset. This is attributed to the high background noise on the Epic Kitchens 100 dataset. Nonetheless, the VGG16 architecture was found to have a higher Average Precision (AP) and is, therefore, more suited for retrospective analysis. None of the models was suitable for real-time analysis due to complex egocentric data.
- Full Text:
- Date Issued: 2021
- Authors: Van Staden, Joshua , Brown, Dane L
- Date: 2021
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/465134 , vital:76576 , xlink:href="https://ieeexplore.ieee.org/abstract/document/9519307"
- Description: Convolutional Neural Networks have offered an accurate method with which to run object detection on images. Specifically, the YOLO family of object detection algorithms have proven to be relatively fast and accurate. Since its inception, the different variants of this algorithm have been tested on different datasets. In this paper, we evaluate the performances of these algorithms on the recent Epic Kitchens-100 dataset. This dataset provides egocentric footage of people interacting with various objects in the kitchen. Most prominently shown in the footage is an egocentric view of the participants' hands. We aim to use the YOLOv3 algorithm to detect these hands within the footage provided in this dataset. In particular, we examine the YOLOv3 algorithm using two different backbones: MobileNet-lite and VGG16. We trained them on a mixture of samples from the Egohands and Epic Kitchens-100 datasets. In a separate experiment, average precision was measured on an unseen Epic Kitchens-100 subset. We found that the models are relatively simple and lead to lower scores on the Epic Kitchens 100 dataset. This is attributed to the high background noise on the Epic Kitchens 100 dataset. Nonetheless, the VGG16 architecture was found to have a higher Average Precision (AP) and is, therefore, more suited for retrospective analysis. None of the models was suitable for real-time analysis due to complex egocentric data.
- Full Text:
- Date Issued: 2021
- «
- ‹
- 1
- ›
- »