Background: Cybersecurity is a prominent concern in today's interconnected world, encompassing both local and remote wireless and wired access across diverse communication technology platforms. It is important to recognize the threat posed by hackers who are currently compromising organizational functionalities, bypassing security measures, and stealing hypersensitive information. Common hacking techniques such as Portscan, Distributed Denial of Service (DDoS) attacks, and the use of Botnets, are frequently utilized by hackers. Materials and Methods: The authors explore the advantages of using Machine Learning (ML) to classify attacks such as Port Scanning, DDoS, Botnet, and Botnet-Attempt in a mixture of both benign and attack traffic. They use various Artificial Neural Networks (ANN) structures, each having distinct properties, to train and test on a benchmark dataset (CICIDS2017). The aim is to identify the most effective ANN model and the optimal number of input features required to classify data that contains events of Portscan, DDoS, Botnet, and Botnet-Attempt attacks. Results: Various features are used as inputs for an ML model with single and multiple hidden layers, each with different neurons, to evaluate their impact on classification accuracy using a Python language. The best accuracy obtained is 99.71%, achieved by using all features of the dataset and 4 hidden layers, while the accuracy obtained using only 7 features is 97.6%. Conclusion: ANN models can perform well in classifying network traffic against adversarial attacks by using an optimal combination of features as input and hidden layers.
Read full abstract