Machine learning-based PortScan attacks detection using OneR classifier

Abstract

PortScan attacks are a common security threat in computer networks, where an attacker systematically scans a range of network ports on a target system to identify potential vulnerabilities. Detecting such attacks in a timely and accurate manner is crucial to ensure network security. Attackers can determine whether a port is open by sending a detective message to it, which helps them find potential vulnerabilities. However, the best methods for spotting and identifying port scanner attacks are those that use machine learning. One of the most dangerous online threats is PortScan attack, according to experts. The research is work on detection while improving detection accuracy. Dataset containing tags from network traffic is used to train machine learning techniques for classification. The JRip algorithm is trained and tested using the CICIDS2017 dataset. As a consequence, the best performance results for JRip-based detection schemes were 99.84%, 99.80%, 99.80%, and 0.09 ms for accuracy, precision, recall, F-score, and detection overhead, respectively. Finally, the comparison with current models demonstrated our model's proficiency and advantage with increased attack discovery speed.