Building an Efficient System to Detect Computer Worms in Websites Based on Ensemble Ada Boosting and SVM Classifiers Algorithms

Abstract

Computer worms perform harmful tasks in network systems due to their rapid spread, which leads to harmful consequences on system security. However, existing worm detection algorithms are still suffered a lot to achieve good performance. The reasons for that are: First, a large number of irrelevant data impacts classification accuracy (irrelevant feature gives estimator new ways to go wrong without any expected benefit also can cause overfitting, which will generally lead to decreased accuracy). Second, the individual classifiers used extensively in the systems do not effectively detect all types of worms. Third, many systems are built based on old datasets, making them less suitable for new types of worms. The research aims to detect computer worms in the network based on data mining algorithms for their high ability to automatically and accurately detect new types of computer worms. The proposal uses misuse and anomaly detection techniques based on the UNSW_NB15 dataset to train and test the ensemble Ada Boosting algorithm using SVM and DT classifiers. To select the most important features, we propose to conduct the similar features selected by Correlation and Chi-Square feature selection (since correlation finds the relations between features and classes whereas Chi finds whether features and classes are independent or not). The contribution suggests using SVM in the boosting ensemble algorithm as base estimators instead of DT to efficiently detect various types of worms. The system achieved accuracy, reaching 100% with CFS+Chi2fs and 99.38, 99.89 with correlation and chi-square separately.