Abstract
To respond to recent network threats that are using increasingly intelligent techniques, the intelligent security technology on cloud computing is required. Especially it supports small and medium enterprises to build IT security solution with low cost and less effort because it is provided as Security as a Service on a cloud environment. In this paper, we particularly propose the network threat detection and classification method based on machine learning, which is a part of the intelligent threat analysis technology. In order to improve the performance of detection and classification of network threat, it was built in a hybrid way such as applying an unsupervised learning approach with unlabeled data, naming clusters with labeled data, and using a supervised learning approach for feature selection.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ransomware, Wikipedia. https://en.wikipedia.org/wiki/Ransomware
Divyatmika, Sreekesh, Manasa: Two-tier network anomaly detection model: a machine learning approach. In: International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT), pp. 42–47 (2016)
Wagner, C., Francois, J., State, R., Engel, T.: Machine learning approach for IP-flow record anomaly detection. https://hal.inria.fr/inria-00613602 (2011)
Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Ahmed, M., Mahmood, A.N.: Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection, pp. 111–130. Springer, Berlin (2015). https://doi.org/10.1007/s40745-015-0035-y
Aissa, N.B., Guerroumi, M.: Semi-supervised statistical approach for network anomaly detection. In: The 6th International Symposium on Frontiers in Ambient and Mobile Systems (FAMS), pp. 1090–1095 (2016)
Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS’11), pp. 29–36 (2011)
Song, J., Takakura, H., Okabe, Y.: Description of Kyoto University Benchmark Data, pp. 1–3. http://www.takakura.com/Kyoto data/BenchmarkDataDescription-v5.pdf (2006)
KDD Cup 99. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kyoto 2006+. http://www.takakura.com/Kyoto data/
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA) (2009)
Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning. Springer Series in Statistics, Chapter 15, pp. 587–603
James, G., Witten, D., Hastie, T., Tibshirani, R.: An Introduction to Statistical Learning with Applications in R. Springer Texts in Statistics, Chapter 10, pp. 373–413 (Springer ISSN 1431-875X)
Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of 2nd International Conference on Knowledge Discovery and Data Mining (KDD-96) (1996)
Acknowledgements
This work was supported by Institute for Information & communications Technology Promotion (IITP) Grant funded by the Korea government (MSIP) (No. 2016-0-00078, Cloud-based Security Intelligence Technology Development for the Customized Security Service Provisioning).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, H., Kim, J., Kim, Y. et al. Design of network threat detection and classification based on machine learning on cloud computing. Cluster Comput 22 (Suppl 1), 2341–2350 (2019). https://doi.org/10.1007/s10586-018-1841-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-018-1841-8