Abstract
Port scanning attacks remain one of the major penetration testing schemes attackers employ to undertake maliferous intentions. With the increasingly sophisticated nature of cyber criminals and advanced technology and the failure of traditional network intrusion detection systems, the challenge of effectively detecting open ports with much efficiency in minimal time continues to linger. Thus, several recent studies, particularly those that employed machine learning approaches, have attempted to resolve and address the issue of enhancing this intrusion detection technique, yet suffer many performance challenges demanding further investigation. This paper employed seven machine learning classifiers to detect port scanning attacks after successfully using principal component analysis to resolve the relevant component and enhance the results. Comparison is made between the outcome of the various models and previous studies using accuracy, precision, recall, area-under-curve, f1-score, false-positive rate, and training time as performance metrics. Our results indicate that XGBoost was the best classifier with the highest accuracy of 99.98%, no false positive detected, a precision of 99.99%, a recall of 99.98, and an area-under-curve of 99.99% compared with the other classifiers and previous studies on port scan attack detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mell, P.: Understanding intrusion detection systems. Auerbach Publications (2003)
Cyber Kill Chain®, https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html. Accessed 05 Aug 2022
Sridharan, A., Ye, T., Bhattacharyya, S.: Connectionless port scan detection on the backbone. In: 2006 IEEE International Performance Computing and Communications Conference, pp. 567–576. IEEE, Phoenix, AX, USA (2006)
Nisa, M.u., Kifayat, K.: Detection of slow port scanning attacks. In: 2020 International Conference on Cyber Warfare and Security (ICCWS), pp. 1–7. IEEE, Islamabad (2020)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Surveying port scans and their detection methodologies. Comput. J. 54(10), 1565–1581 (2011)
Saranya, T., Sridevi, S., Deisy, C., Chung, T.D., Khan, M.K.A.A.: Performance analysis of machine learning algorithms in intrusion detection system: a review. Procedia Comput. Sci. 171, 1251–1260 (2020)
Saidi, F., Trabelsi, Z., Ghazela, H.B.: Fuzzy logic based intrusion detection system as a service for malicious port scanning traffic detection. In: 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), pp. 1–9. IEEE, Abu Dhabi (2019)
Camacho, J., Theron, R., Garcia-Gimenez, J.M., Macia-Fernandez, G., Garcia-Teodoro, P.: Group-wise principal component analysis for exploratory intrusion detection. IEEE Access 7, 113081–113093 (2019)
Aksu, D., Ali Aydin, M.: Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), Ankara, Turkey, pp. 77–80 (2018)
Ring, M., Landes, D., Hotho, A.: Detection of slow port scans in flow-based network traffic. PLoS ONE 13(9), e0204507 (2018)
Kumar, M.S., Ben-Othman, J., Srinivasagan, K.G., Krishnan, G.U.: Artificial intelligence managed network defense system against port scanning outbreaks. In: 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), Vellore, India, pp. 1–5 (2019)
Liu, J., Kantarci, B., Adams, C.: Machine learning-driven intrusion detection for Contiki-NG-based IoT networks exposed to NSL-KDD dataset. In: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, pp. 25–30. ACM, Linz (2020)
Algaolahi, A.Q.M., Hasan, A.A., Sallam, A., Sharaf, A.M., Abdu, A.A., Alqadi, A.A.: Port-scanning attack detection using supervised machine learning classifiers. In: 2021 1st International Conference on Emerging Smart Technologies and Applications (eSmarTA), pp. 1–5. IEEE, Sana'a (2021)
Al-Haija, Q. A., Saleh, E., Alnabhan, M.: Detecting port scan attacks using logistic regression. In: 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pp. 1–5. IEEE, Alkhobar (2021)
Bertoli, G.D.C., et al.: An end-to-end framework for machine learning-based network intrusion detection system. IEEE Access 9, 106790–106805 (2021)
Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, pp. 108–116. IEEE, Funchal (2018)
Ibrahimi, K., Ouaddane, M.: Management of intrusion detection systems based-KDD99: analysis with LDA and PCA. In: 2017 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 1–6. IEEE, Rabat (2017)
Kumar, A., Lim, T. J.: EDIMA: Early detection of iot malware network activity using machine learning techniques. In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), pp. 289–294. IEEE, Limerick (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Baah, E.K. et al. (2022). Enhancing Port Scans Attack Detection Using Principal Component Analysis and Machine Learning Algorithms. In: Ahene, E., Li, F. (eds) Frontiers in Cyber Security. FCS 2022. Communications in Computer and Information Science, vol 1726. Springer, Singapore. https://doi.org/10.1007/978-981-19-8445-7_8
Download citation
DOI: https://doi.org/10.1007/978-981-19-8445-7_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-8444-0
Online ISBN: 978-981-19-8445-7
eBook Packages: Computer ScienceComputer Science (R0)