Machine Learning for the Identification of Network Anomalies

Abstract

The most popular technique for identifying and blocking malicious network requests is the intrusion detection system, or IDS for short. They are positioned carefully to keep an eye on network traffic going to and coming from every device. Most networking devices can employ an IDS with the use of virtual machines and sophisticated switches. While having good accuracy, the classic SIDS (Signature-Based Intrusion Detection System) cannot identify many modern incursions, such as zero-day attacks, as it relies on a pattern matching technique. Instead, the majority of recently launched attacks can be detected using machine learning, statistical, and knowledge-based methods. An anomaly is defined as any significant difference between the observed behavior and the model.The training phase and the testing phase make up the two stages of the development of these models. During the training phase, a model of typical behavior is learned using the average traffic profile. The system's ability to generalize to as-yet-undiscovered intrusions is then determined during the testing step using a fresh data set. In order to identify network traffic anomalies, we have used an unsupervised machine-learning approach called Isolation Forest in this paper. Using the anomaly score, the algorithm finds the outliers. The KDD data set, a well-known benchmark in the study of Intrusion Detection methods, has been used for training and testing. Keywords: anomaly detection; machine learning; network security