Skip to main content
SpringerLink
Log in

Proactive Network Packet Classification Using Artificial Intelligence

  • Chapter
  • First Online:
Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities

Part of the book series: Studies in Computational Intelligence ((SCI,volume 972))

Abstract

A malicious packet attack is defined as a severe attack created or received over the network. Recently, researchers have made modern intrusion detection systems in order to detect advanced and custom malicious attacks. Meanwhile, it is essential to efficiently distinguish from normal network packets to malicious packets with a high positive detection rate. The work proposes a system to identify and detect malicious packets over a wide range of attacks using a machine learning classifier model. The KDD dataset is trained and evaluated for performance in terms of accuracy to provide a high-quality detection system. The proposed work uses machine learning algorithms such as Support Vector Machine (SVM) and Naïve Bayesian to train the model and validated using incoming live network packets for Denial of Service (DoS) type of attack. The experimental results indicate that Naïve Bayesian yields better accuracy of 88% when compared to the SVM model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 279.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://usa.ingrammicro.com/cms/media/Documents/vendors/s/symantec/istr_24_es.pdf. Last accessed December 30, 2020.

  2. Grobler, C. C. (2010). A multi-component view of digital forensics. In ARES ‘10 International Conference Availability, Reliability, and Security. ARES.

    Google Scholar 

  3. Pilli, E. S., Joshi, R. C., & Niyogi, R. (2010) A framework for network forensic analysis. In V. V. Das, R. Vijaykumar (Eds.), Information and communication technologies. ICT 2010. Communications in computer and information science, vol 101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15766-0_21.

  4. Pilli, E. S., Joshi, R. C., & Niyogi, R. (2010). Network forensic frameworks: Survey and research challenges. Digital Investigation, 7(1–2), 14–27. ISSN 1742-2876. https://doi.org/10.1016/j.diin.2010.02.003.

  5. Chhabra, G. (2015). Distributed network forensics framework: A systematic review. International Journal of Computer Applications., 119, 31–35. https://doi.org/10.5120/21178-4201.

    Article  Google Scholar 

  6. Tafazzoli, T., Salahi, E., & Gharaee, H. (2015). A proposed architecture for network forensic system in large-scale networks. International Journal of Computer Networks & Communications, 7. https://doi.org/10.5121/ijcnc.2015.7403.

  7. Kaur, P., Bijalwan, A., Joshi, R., & Awasthi, A. (2018). Network forensic process model and framework: An alternative scenario. https://doi.org/10.1007/978-981-10-5903-2_50.

  8. Kebande, V., & Ray, I. (2016). A generic digital forensic investigation framework for internet of things (IoT).

    Google Scholar 

  9. Reith, M., Carr, C., & Gunsch, G. (2003). An examination of digital forensic models. 1.

    Google Scholar 

  10. Yusoff, Y., Ismail, R., & Hassan, Z. (2011). Common phases of computer forensics investigation models. International Journal of Computer Science & Information Technology (IJCSIT), 3. https://doi.org/10.5121/ijcsit.2011.3302.

  11. Stephenson, P. (2002). End-to-end digital forensics. Computer Fraud & Security, 2002, 17–19. https://doi.org/10.1016/S1361-3723(02)00914-4.

    Article  Google Scholar 

  12. Mandia, K., & Prosise, C. (2003). Incident response and computer forensics (2nd ed., p. 507). McGraw-Hill/Osborne.

    Google Scholar 

  13. Baryamureeba, V., & Tushabe, F. (2004). The enhanced digital investigation process model.

    Google Scholar 

  14. Carrier, B., & Spafford, E. (2004). An event-based digital forensic investigation framework. In Digital Forensic Research Workshop (DFRWS).

    Google Scholar 

  15. Ciardhuáin, S. O. (2004). An extended model of cybercrime investigations. IJDE, 3.

    Google Scholar 

  16. Beebe, N., & Clark, J. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation., 2, 147–167. https://doi.org/10.1016/j.diin.2005.04.002.

    Article  Google Scholar 

  17. Ren, W., & Jin, H. (2005). Modeling the network forensics behaviors. In Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (pp. 1–8). https://doi.org/10.1109/seccmw.2005.1588287.

  18. Kohn, M., Olivier, M., & Eloff, J. (2006). Framework for a Digital Forensic Investigation (pp. 1–7).

    Google Scholar 

  19. Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication.

    Google Scholar 

  20. Ieong, R. S. C. (2006). FORZA—digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3, 29–36. ISSN 1742-2876. https://doi.org/10.1016/j.diin.2006.06.004.

  21. Khatir, M., Hejazi, S., & Sneiders, E. (2008). Two-dimensional evidence reliability amplification process model for digital forensics. In Workshop on Digital Forensics and Incident Analysis, International (pp. 21–29). https://doi.org/10.1109/wdfia.2008.11.

  22. Freiling, F., & Schwittay, B. (2007). A common process model for incident response and computer forensics. In Proceedings of Conference on IT Incident Management and IT Forensics. Germany.

    Google Scholar 

  23. Shin, Y.-D. (2008). New digital forensics investigation procedure model. In Proceedings—4th International Conference on Networked Computing and Advanced Information Management. NCM, vol. 1, pp. 528–531. https://doi.org/10.1109/ncm.2008.116.

  24. Alharbi, S., Weber, J., & Traore, I. (2011). The proactive and reactive digital forensics investigation process: A systematic literature review. International Journal of Security and Its Applications, 5, 87–100. https://doi.org/10.1007/978-3-642-23141-4.

    Article  Google Scholar 

  25. Rahayu, S., Robiah, Y., & Sahib, S. (2008). Mapping process of digital forensic investigation framework.

    Google Scholar 

  26. Rasmi, M., Jantan, A., & Al-Mimi, H. (2013). A new approach for resolving cyber crime in network forensics based on generic process model. In ICIT 2013 The 6th International Conference on Information Technology.

    Google Scholar 

  27. Labayen, V., Magaña, E., Morató, D., & Izal, M. (2020). Online classification of user activities using machine learning on network traffic. Computer Networks, 181, 107557. ISSN 1389-1286. https://doi.org/10.1016/j.comnet.2020.107557.

  28. Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE Symposium Computational Intelligence for Security and Defense Applications, CISDA, vol 2. https://doi.org/10.1109/cisda.2009.5356528.

  29. Jeya, P. G. (2012). Efficient classifier for R2L and U2R attacks. International Journal of Computer Applications (0975–8887), 45(21) (Department of Computer Science and Engineering Sri Venkateswara College of Engineering, Chennai).

    Google Scholar 

  30. Liao, Y., & Vemuri, V. R. (2002). Using K-nearest neighbor classifier for intrusion detection (Deprtment of Computer Science, University of California, Davis).

    Google Scholar 

  31. Staudemeyer, R., & Omlin, C. (2014). Extracting salient features for network intrusion detection using machine learning methods. South African Computer Journal. https://doi.org/10.18489/sacj.v52i0.200.

  32. Zargari, S., & Voorhis, D. (2012). Feature selection in the corrected KDD-dataset. In Third International Conference on Emerging Intelligent Data and Web Technologies, Bucharest (pp. 174–180). https://doi.org/10.1109/eidwt.2012.10.

  33. Abdulrazaq, M., & Abid Salih, A. (2015). Combination of multi classification algorithms for intrusion detection system. International Journal of Scientific & Engineering Research, 6(1).

    Google Scholar 

  34. Effendy, D. A., & Kusrini, S. (2017). Classification of intrusion detection system (IDS) based on computer network. In 2nd International Conferences on Information Technology, Information Systems and Electrical Engineering (ICITISEE).

    Google Scholar 

  35. Almseidin, M., Alzubi, M., Kovacs, S., & Alkasassbeh, M. (2017). Evaluation of machine learning algorithms for intrusion detection system. In IEEE 15th International Symposium Intelligent Systems and Informatics (SISY).

    Google Scholar 

  36. Nadiammai, G. V., & Hemalatha, M. (2014). Effective approach toward intrusion detection system using data mining techniques. Egyptian Informatics Journal, 15, 37–50.

    Google Scholar 

  37. Olusola, A. A., Oladele, A. S., & Abosede, D. O. (2010). Analysis of KDD ‘99 intrusion detection dataset for selection of relevance features. In Proceedings of the World Congress on Engineering and Computer Science 2010 Vol I WCECS 2010, October 20–22, 2010, San Francisco, USA.

    Google Scholar 

  38. Al-mamory, S. O. (2013). Evaluation of different data mining algorithms with KDD CUP 99 data set. Journal of Babylon University/Pure and Applied Sciences, 21(8).

    Google Scholar 

  39. Arunesh, K., & Manoj Kumar, M. (2017). A comparative study of classification techniques for intrusion detection using Nsl-Kdd data sets. International Journal of Advanced Technology in Engineering and Science. ISSN 2348-7550.

    Google Scholar 

  40. Paliwal, S., & Gupta, R. (2012). Denial-of-service, probing and remote to user (R2L) attack detection using genetic algorithm. International Journal of Computer Applications (0975–8887), 60(19).

    Google Scholar 

  41. Fares, A., & Sharawy, M. (2011). Intrusion detection: Supervised machine learning. https://doi.org/10.5626/jcse.2011.5.4.305.

  42. Rampure, V., & Tiwari, A. (2015). A rough set based feature selection on KDD CUP 99 data set. International Journal of Database Theory and Application, 8(1), 149–156.

    Google Scholar 

  43. Zheng, J., & Hu, M. (2005). Intrusion detection of DoS/DDoS and probing attacks for web services. In W. Fan, Z. Wu, & J. Yang (Eds.), Advances in Web-Age Information Management. WAIM 2005. Lecture Notes in Computer Science, vol 3739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563952_30.

  44. Pande, S., Khamparia, A., Gupta, D., & Thanh, D. (2020). DDOS detection using machine learning technique. https://doi.org/10.1007/978-981-15-8469-5_5.

  45. Hossin, M., & Sulaiman, M. N. (2015). A review on evaluation metrics for data classification evaluations. International Journal of Data Mining & Knowledge Management Process., 5, 01–11. https://doi.org/10.5121/ijdkp.2015.5201.

    Article  Google Scholar 

  46. Aggarwal, P., & Sharma, S. K. (2015). Analysis of KDD dataset attribute-class wise for intrusion detection. In 3rd International Conference on Recent Trends in Computing (ICRTC-2015).

    Google Scholar 

  47. Farnaaz, N., & Jabbar, M. A. (2016). Random forest modeling for network intrusion detection system. In Twelfth International Multi-Conference on Information Processing-2016 (IMCIP-2016) Science Direct Procedia Computer Science (vol. 89, pp. 213–217).

    Google Scholar 

  48. Jain, A., Verma, B., & Rana, J. L. (2016). Classifier selection models for intrusion detection system. Informatics Engineering, an International Journal(IEIJ), 4(1).

    Google Scholar 

  49. Agrawal, S., & Agrawal, J. Survey on anomaly detection using data mining techniques. In 19th International Conference on Knowledge Based and Intelligent Information and Engineering Systems.

    Google Scholar 

  50. Sivaprasad, A., Ghawalkar, N., Hodge, S., Sanghavi, M., & Shinde, V. (2018). Machine learning based traffic classification using statistical analysis. International Journal on Recent and Innovation Trends in Computing and Communication, 6(3). ISSN: 2321-8169.

    Google Scholar 

  51. Sivaprasad, A. (2017). Secured proactive network forensic framework. In International Conference on Current Trends in Computer, Electrical, Electronics and Communication (CTCEEC), Mysore (pp. 695–699). https://doi.org/10.1109/ctceec.2017.8455003.

  52. Olajide, F., & Misra, S. (2016). Forensic investigation and analysis of user input information in business application. Indian Journal of Science and Technology, 9. https://doi.org/10.17485/ijst/2016/v9i25/95211.

  53. Alsallal, M. (2017). Applying machine learning to improve your intrusion detection system.

    Google Scholar 

  54. Modi, U., & Jain, A. (2015). A survey of IDS classification using KDD CUP 99 dataset in WEKA. International Journal of Scientific & Engineering Research, 6(11). ISSN 2229-5518.

    Google Scholar 

  55. Modi, U., & Jain, A. (2016). An improved method to detect intrusion using machine learning algorithms. Informatics Engineering, an International Journal (IEIJ), 4(2).

    Google Scholar 

  56. Arunesh, K., & Manoj Kumar, M. (2017). A comparative study of classification techniques for intrusion detection using Nsl-Kdd data sets. International Journal of Advanced Technology in Engineering & Science, 5(2).

    Google Scholar 

  57. Danades, A., Pratama, D., Anggraini, D., & Anggriani, D. (2016). Comparison of accuracy level K-nearest neighbor algorithm and support vector machine algorithm in classification water quality status. In 2016 IEEE 6th Conference on System Engineering and Technology October 3–4, 2016 Bandung-Indonesia.

    Google Scholar 

  58. Kaur, G., & Chhabra, A. (2014). Improved J48 classification algorithm for prediction of diabetes. International Journal of Computer Application(0975–8887), 98(22).

    Google Scholar 

  59. Azeez, N., Ayemobola, T., Misra, S., Maskeliunas, R., & Damasevicius, R. (2019). Network intrusion detection with a hashing based apriori algorithm using hadoop MapReduce. Computers, 8, 86. https://doi.org/10.3390/computers8040086.

  60. Farid, D. M., Harbi, N., & Rahman, M. Z., (2010). Combining naive bayes and decision tree for adaptive intrusion detection. International Journal of Network Security & Its Applications 2.2, 12–25.

    Google Scholar 

  61. Enache, A., & Patriciu, V. V. (2014). Intrusions detection based on support vector machine optimized with swarm intelligence. In IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI), Timisoara (pp. 153–158). https://doi.org/10.1109/saci.2014.6840052.

  62. Vijayanand, R., Devaraj, D., & Kannapiran, B. (2017). Support vector machine based intrusion detection system with reduced input features for advanced metering infrastructure of smart grid. In 4th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore (pp. 1–7). https://doi.org/10.1109/icaccs.2017.8014590.

  63. Mulay, S., Devale, P. R., & Garje, G. (2010). Intrusion detection system using support vector machine and decision tree. International Journal of Computer Applications, 3. https://doi.org/10.5120/758-993.

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Noorul Islam Centre for Higher Education, Thuckalay, Kumaracoil, Tamilnadu, 629180, India

    A. Abirami & S. Palanikumar

Authors
  1. A. Abirami
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Palanikumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center of ICT/ICE, Covenant University, Ota, Nigeria

    Sanjay Misra

  2. Vellore Institute of Technology, Chennai, Tamil Nadu, India

    Amit Kumar Tyagi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Abirami, A., Palanikumar, S. (2021). Proactive Network Packet Classification Using Artificial Intelligence. In: Misra, S., Kumar Tyagi, A. (eds) Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities. Studies in Computational Intelligence, vol 972. Springer, Cham. https://doi.org/10.1007/978-3-030-72236-4_7

Download citation

Publish with us

Policies and ethics

Search

Navigation