Framework for identifying network attacks through packet inspection using machine learning

Abstract

Read online

In every network, traffic anomaly detection system is an essential field of study. In the communication system, there are various protocols and intrusions. It is still a testing area to find high precision to boost the correct distribution ratio. Many authors have worked on various algorithms such as simple classification, K-Means, Genetic Algorithm, and Support Vector Machine approaches, and they presented the efficiency and accuracy of these algorithms. In this article, we have proposed a feature extraction technique known as “k-means clustering,” which has its roots in signal processing and is employed to divide a set of n observations into k clusters, each of which has its origin from the observation with the closest mean. K-Means method is applied in this study to investigate the stream and its implementation and applications using Python and the dataset on the KDDcup99. The effectiveness of the outcome indicates the planned work’s efficiency in relation to other widely available alternatives. Apart from the applied method, a web-based framework is designed, which can inspect an actual network traffic packet for identifying network attacks. Instead of using a static file for testing the network attack, a web page-based solution uses database to collect and test the information. Real-time packet inspection is provided in the proposed work for identifying new attacks.

Keywords

• anomaly
• network layer
• packets
• dos
• ids
• attacks
• machine learning
• kddcup99
• knn
• k-means.