IDS malicious flow classification

I. Hsien Liu; Cheng Hsiang Lo; Ta Che Liu; Jung Shian Li; Chuan Gang Liu; Chu Fen Li

doi:10.2991/jrnal.k.200528.006

IDS malicious flow classification

I. Hsien Liu, Cheng Hsiang Lo, Ta Che Liu, Jung Shian Li, Chuan Gang Liu, Chu Fen Li

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

Abstract

We will display two different kinds of experiments, which are Network-based Intrusion Detection System (NIDS)-based and dynamic-based analysis shows how artificial intelligence helps us detecting and classify malware. On the NID, we use CICIDS2017 as a research dataset, embedding high dimensional features and find out redundant features in the raw dataset by Random Forest algorithm, reach 99.93% accuracy and 0.3% of the false alert rate. We extract the function calls in malware data by the method proposed in this paper to generate text data. The algorithm n-gram and Term Frequency-Inverse Document Frequency (TF-IDF) are used to process text data, converts them into numeric features, and by another feature selection methods, we reduce the training time, achieve 87.08% accuracy, and save 87.97% training time in dynamic-based analysis.

Original language	English
Pages (from-to)	103-106
Number of pages	4
Journal	Journal of Robotics, Networking and Artificial Life
Volume	7
Issue number	2
DOIs	https://doi.org/10.2991/jrnal.k.200528.006
Publication status	Published - 2020 Sept

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Computer Networks and Communications

Access to Document

10.2991/jrnal.k.200528.006

Cite this

@article{6bc06e0d67304f21ba86ae823b808dcc,

title = "IDS malicious flow classification",

abstract = "We will display two different kinds of experiments, which are Network-based Intrusion Detection System (NIDS)-based and dynamic-based analysis shows how artificial intelligence helps us detecting and classify malware. On the NID, we use CICIDS2017 as a research dataset, embedding high dimensional features and find out redundant features in the raw dataset by Random Forest algorithm, reach 99.93% accuracy and 0.3% of the false alert rate. We extract the function calls in malware data by the method proposed in this paper to generate text data. The algorithm n-gram and Term Frequency-Inverse Document Frequency (TF-IDF) are used to process text data, converts them into numeric features, and by another feature selection methods, we reduce the training time, achieve 87.08% accuracy, and save 87.97% training time in dynamic-based analysis.",

author = "Liu, {I. Hsien} and Lo, {Cheng Hsiang} and Liu, {Ta Che} and Li, {Jung Shian} and Liu, {Chuan Gang} and Li, {Chu Fen}",

note = "Funding Information: This work was supported by the MOST, Taiwan under contracts numbers MOST 108-2221-E-006-110-MY3 and MOST 108-2218-E-006-035-. Publisher Copyright: {\textcopyright} 2020 The Authors. Published by Atlantis Press SARL. This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).",

year = "2020",

month = sep,

doi = "10.2991/jrnal.k.200528.006",

language = "English",

volume = "7",

pages = "103--106",

journal = "Journal of Robotics, Networking and Artificial Life",

issn = "2405-9021",

publisher = "Atlantis Press",

number = "2",

}

TY - JOUR

T1 - IDS malicious flow classification

AU - Liu, I. Hsien

AU - Lo, Cheng Hsiang

AU - Liu, Ta Che

AU - Li, Jung Shian

AU - Liu, Chuan Gang

AU - Li, Chu Fen

N1 - Funding Information: This work was supported by the MOST, Taiwan under contracts numbers MOST 108-2221-E-006-110-MY3 and MOST 108-2218-E-006-035-. Publisher Copyright: © 2020 The Authors. Published by Atlantis Press SARL. This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).

PY - 2020/9

Y1 - 2020/9

N2 - We will display two different kinds of experiments, which are Network-based Intrusion Detection System (NIDS)-based and dynamic-based analysis shows how artificial intelligence helps us detecting and classify malware. On the NID, we use CICIDS2017 as a research dataset, embedding high dimensional features and find out redundant features in the raw dataset by Random Forest algorithm, reach 99.93% accuracy and 0.3% of the false alert rate. We extract the function calls in malware data by the method proposed in this paper to generate text data. The algorithm n-gram and Term Frequency-Inverse Document Frequency (TF-IDF) are used to process text data, converts them into numeric features, and by another feature selection methods, we reduce the training time, achieve 87.08% accuracy, and save 87.97% training time in dynamic-based analysis.

AB - We will display two different kinds of experiments, which are Network-based Intrusion Detection System (NIDS)-based and dynamic-based analysis shows how artificial intelligence helps us detecting and classify malware. On the NID, we use CICIDS2017 as a research dataset, embedding high dimensional features and find out redundant features in the raw dataset by Random Forest algorithm, reach 99.93% accuracy and 0.3% of the false alert rate. We extract the function calls in malware data by the method proposed in this paper to generate text data. The algorithm n-gram and Term Frequency-Inverse Document Frequency (TF-IDF) are used to process text data, converts them into numeric features, and by another feature selection methods, we reduce the training time, achieve 87.08% accuracy, and save 87.97% training time in dynamic-based analysis.

UR - http://www.scopus.com/inward/record.url?scp=85097041801&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85097041801&partnerID=8YFLogxK

U2 - 10.2991/jrnal.k.200528.006

DO - 10.2991/jrnal.k.200528.006

M3 - Article

AN - SCOPUS:85097041801

SN - 2405-9021

VL - 7

SP - 103

EP - 106

JO - Journal of Robotics, Networking and Artificial Life

JF - Journal of Robotics, Networking and Artificial Life

IS - 2

ER -

IDS malicious flow classification

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this