본문 바로가기
  • Home

Intrusion Detection System based on Packet Payload Analysis using LightGBM

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2023, 28(6), pp.47-54
  • DOI : 10.9708/jksci.2023.28.06.047
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : May 9, 2023
  • Accepted : June 8, 2023
  • Published : June 30, 2023

Gun-Nam Kim 1 Han-Seok Kim 1 Soojin Lee 1

1국방대학교

Accredited

ABSTRACT

Most studies on machine learning-based intrusion detection systems use metadata. However, since metadata is information generated by analyzing packets, it is difficult to ensure real-time intrusion detection in a real network environment. Therefore, in this paper, we proposed a machine learning-based intrusion detection system that can quickly detect network intrusions by directly analyzing the payload of packets. The UNSW-NB15 Dataset and the LightGBM model were used to verify the detection performance of the proposed technique. We first used the 'Payload-Byte' technique to label PCAP files in the Dataset, then conducted learning with the LightGBM model and analyzed detection performance. Experimental results showed that our approach can achieve a significant improvement in the binary classification with accuracy of 99.33% and F1-score of 98.73%. However, Multi-class classification showed similar detection performance to previous studies with accuracy of 85.63% and F1-score of 85.68%.

Citation status

* References for papers published after 2022 are currently being built.