Machine learning approach for detection of non-Tor Traffic

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.

LanguageEnglish
Article number4
Pages171-194
Number of pages24
JournalJournal of Cyber Security and Mobility
Volume6
Issue number2
DOIs
Publication statusPublished - 24 Nov 2017

Fingerprint

Learning systems
Classifiers
Intrusion detection
Support vector machines
Feature extraction
Tunnels
Internet
Neural networks
Industry

Keywords

  • artificial neural network
  • intrusion detection systems
  • Naïve Bayes
  • support vector machines
  • Tor and nonTor
  • UNB-CIC Tor network traffic dataset

Cite this

@article{a1631fe17e7a4982b7baae37b10b28e3,
title = "Machine learning approach for detection of non-Tor Traffic",
abstract = "Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and na{\"i}ve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.",
keywords = "artificial neural network, intrusion detection systems, Na{\"i}ve Bayes, support vector machines, Tor and nonTor, UNB-CIC Tor network traffic dataset",
author = "Elike Hodo and Xavier Bellekens and Ephraim Iorkyase and Andrew Hamilton and Christos Tachtatzis and Robert Atkinson",
year = "2017",
month = "11",
day = "24",
doi = "10.13052/jcsm2245-1439.624",
language = "English",
volume = "6",
pages = "171--194",
journal = "Journal of Cyber Security and Mobility",
issn = "2245-1439",
number = "2",

}

TY - JOUR

T1 - Machine learning approach for detection of non-Tor Traffic

AU - Hodo, Elike

AU - Bellekens, Xavier

AU - Iorkyase, Ephraim

AU - Hamilton, Andrew

AU - Tachtatzis, Christos

AU - Atkinson, Robert

PY - 2017/11/24

Y1 - 2017/11/24

N2 - Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.

AB - Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.

KW - artificial neural network

KW - intrusion detection systems

KW - Naïve Bayes

KW - support vector machines

KW - Tor and nonTor

KW - UNB-CIC Tor network traffic dataset

UR - http://www.scopus.com/inward/record.url?scp=85047405692&partnerID=8YFLogxK

U2 - 10.13052/jcsm2245-1439.624

DO - 10.13052/jcsm2245-1439.624

M3 - Article

VL - 6

SP - 171

EP - 194

JO - Journal of Cyber Security and Mobility

T2 - Journal of Cyber Security and Mobility

JF - Journal of Cyber Security and Mobility

SN - 2245-1439

IS - 2

M1 - 4

ER -