Detecting Network Anomalies using Rule-based machine learning within SNMP-MIB dataset
This work addresses network security threats for cybercriminals targeting network performance, but it is incremental as it applies existing rule-based methods to a specific dataset.
The paper tackled the problem of detecting Denial of Service (DoS) attacks in network traffic using a rule-based machine learning system, achieving high accuracy of approximately 99.7% for specific attacks and 100% for classifying normal traffic from DoS attacks with the PART classifier.
One of the most effective threats that targeting cybercriminals to limit network performance is Denial of Service (DOS) attack. Thus, data security, completeness and efficiency could be greatly damaged by this type of attacks. This paper developed a network traffic system that relies on adopted dataset to differentiate the DOS attacks from normal traffic. The detection model is built with five Rule-based machine learning classifiers (DecisionTable, JRip, OneR, PART and ZeroR). The findings have shown that the ICMP variables are implemented in the identification of ICMP attack, HTTP flood attack, and Slowloris at a high accuracy of approximately 99.7% using PART classifier. In addition, PART classifier has succeeded in classifying normal traffic from different DOS attacks at 100%.