Intrusion Detection System based on Packet Payload Analysis using LightGBM (LightGBM을 활용한 패킷 페이로드 분석 기반의 침입탐지시스템)

Gun-Nam Kim (김건남); Han-Seok Kim (김한석); Soojin Lee (이수진)

doi:10.9708/jksci.2023.28.06.047

Intrusion Detection System based on Packet Payload Analysis using LightGBM

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2023, 28(6), pp.47-54
DOI : 10.9708/jksci.2023.28.06.047
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : May 9, 2023
Accepted : June 8, 2023
Published : June 30, 2023

Gun-Nam Kim ¹, Han-Seok Kim ¹, Soojin Lee ¹

¹국방대학교

Accredited

ABSTRACT

Most studies on machine learning-based intrusion detection systems use metadata. However, since metadata is information generated by analyzing packets, it is difficult to ensure real-time intrusion detection in a real network environment. Therefore, in this paper, we proposed a machine learning-based intrusion detection system that can quickly detect network intrusions by directly analyzing the payload of packets. The UNSW-NB15 Dataset and the LightGBM model were used to verify the detection performance of the proposed technique. We first used the 'Payload-Byte' technique to label PCAP files in the Dataset, then conducted learning with the LightGBM model and analyzed detection performance. Experimental results showed that our approach can achieve a significant improvement in the binary classification with accuracy of 99.33% and F1-score of 98.73%. However, Multi-class classification showed similar detection performance to previous studies with accuracy of 85.63% and F1-score of 85.68%.

KEYWORDS

Machine Learning, IDS, Packet Payload, LightGBM, UNSW-NB15

Citation status

* References for papers published after 2023 are currently being built.

[web] Ministry of Science and ICT / Statistics Information / https://www.msit.go.kr/bbs/list.do?sCode=user&mPid=74&mId=99

[confproc] N. Moustafa / 2015 / UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) / 2015 Military Communications and Information Systems Conference (MilCIS) : 1~6

[web] Australian Center for Cyber Security / UNSW-NB15 Data Set / https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/

[journal] Nour Moustafa / 2016 / The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set / Information Security Journal: A Global Perspective / Informa UK Limited 25(1-3) : 18~31

[journal] 정구현 / 2018 / Performance Analysis of Detection Algorithms for the Specific Pattern in Packet Payloads / 한국정보통신학회논문지 / 한국정보통신학회 22(5) : 794~804

[confproc] K. Wang / 2004 / Anomalous Payload-Based Network Intrusion Detection / Recent Advances in Intrusion Detection : 7th International Symposium : 203~222

[confproc] M. V. Mahoney / 2002 / Learning nonstationary models of normal network traffic for detecting novel attacks / Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining : 376~385

[journal] Wei Wang / 2018 / HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection / IEEE Access / Institute of Electrical and Electronics Engineers (IEEE) 6 : 1792~1806

[confproc] B. A. Pratomo / 2018 / Unsupervised Approach for Detecting Low Rate Attacks on Network Traffic with Autoencoder / 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) : 1~8

[journal] Hongyu Liu / 2019 / CNN and RNN based payload classification methods for attack detection / Knowledge-Based Systems / Elsevier BV 163 : 332~341

[journal] 김태원 / 2010 / DoS/DDoS attacks Detection Algorithm and System using Packet Counting / 한국시뮬레이션학회 논문지 / 한국시뮬레이션학회 19(4) : 151~159

[thesis] B. H Lee / 2020 / Deep Learning LSTM Model based TCP SYN Flood Detection System / Master / Graduate School, KNU

[confproc] D. Jing / 2019 / SVM Based Network Intrusion Detection for the UNSW-NB15 Dataset / 2019 IEEE 13th International Conference on ASIC (ASICON) : 1~4

[confproc] M. H. Kabir / 2022 / Network Intrusion Detection Using UNSW-NB15Dataset: Stacking Machine Learning Based Approach / 2022International Conference on Advancement in Electrical and Electronic Engineering (ICAEEE) : 1~6

[journal] Fares Meghdouri / 2018 / Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic / Applied Sciences / MDPI AG 8(11) : 2196~

[confproc] Y. A. Farrukh / 2022 / Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets : 58~67

[other] KE, Guolin / 2017 / Lightgbm: A highly efficient gradient boosting decision tree / Advances in neural information processing systems 30 : 3149~3157

[confproc] J. Li / 2019 / The comparison and verification of some efficient packet capture and processing technologies / IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) : 967~973

[journal] 남태우 / 2010 / Study on the Semantic Extension of the Concept of Metadata / 한국문헌정보학회지 / 한국문헌정보학회 44(4) : 373~393

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Intrusion Detection System based on Packet Payload Analysis using LightGBM

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Intrusion Detection System based on Packet Payload Analysis using LightGBM

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (19) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.