Machine Learning Approach for Detection of nonTor Traffic

Authors

  • Elike Hodo University of Strathclyde, Scotland
  • Xavier Bellekens University of Abertay Dundee, Scotland
  • Ephraim Iorkyase University of Strathclyde, Scotland
  • Andrew Hamilton University of Strathclyde, Scotland
  • Christos Tachtatzis University of Strathclyde, Scotland
  • Robert Atkinson University of Strathclyde, Scotland

DOI:

https://doi.org/10.13052/2245-1439.624

Keywords:

Artificial neural network, support vector machines, intrusion detection systems, Naïve Bayes, Tor and nonTor, UNB-CIC Tor Network Traffic dataset

Abstract

Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.

 

Downloads

Download data is not yet available.

Author Biographies

Elike Hodo, University of Strathclyde, Scotland

Elike Hodo is a Ph.D. student in the Department of Electronics and Electrical Engineering at the University of Strathclyde, Glasgow UK since October 2014. He attended the Deggendorf University of Applied Sciences, Germany where he received his M.Eng. in Electrical Engineering and Information technology in 2007.

His Ph.D. work centres on application of Machine Learning algorithms in cyber security.

Xavier Bellekens, University of Abertay Dundee, Scotland

Xavier Bellekens received the Bachelor Degree from Henallux in Belgium; the Masters degree in Ethical Hacking and Computer Security from the University of Abertay Dundee and the Ph.D. in Electronic and Electrical Engineering from the University of Strathclyde in Glasgow in 2010, 2012 and 2016 respectively. He is currently a Lecturer in Security and Privacy and the acting head of the Machine Learning Group at the University of Abertay in Dundee within the Department of Cyber Security. He is the general chair of the IEEE Cyber Science Collocated conferences and an editorial board member of the Open Access IJCSA journal. He is also a regular contributor on the radio and newspapers both in Belgium and the UK on cyber-security issues. His current research interests include machine learning for cyber-security, autonomous distributed networks, the Internet of Things, massively parallel algorithms and critical infrastructure protection. He is a member of IEEE, ACM and IET.

Ephraim Iorkyase, University of Strathclyde, Scotland

Ephraim Iorkyase received the B.Eng. in Electrical and Electronic Engineering and the M.Eng. in Communication Engineering from University of Agriculture Makurdi, Nigeria (2004) and Federal University of Akure, Nigeria (2010) respectively. He is currently pursuing his Ph.D. at the department of Electronic and Electrical Engineering, University of Strathclyde, Glasgow, U.K. His main research interests include application of machine learning techniques in radio location of partial discharge, condition monitoring, intrusion detection and classification, signal processing, fault location and communication applications.

Andrew Hamilton, University of Strathclyde, Scotland

Andrew Hamilton received his M.Eng. in civil engineering (2009) and Ph.D. in wind energy systems (2015) from the University of Strathclyde. He joined the Centre for Intelligent Dynamic Communications (CIDCOM) at the Univ. of Strathclyde in 2013 as a Research Associate to work on the development of smart tooling through distributed control for aerospace composite manufacturing. His other research interests include IoT for manufacturing technology, renewable energy systems and condition monitoring.

Christos Tachtatzis, University of Strathclyde, Scotland

Christos Tachtatzis is a Lecturer Chancellor’s Fellow in Sensor Systems and Asset Management, at the University of Strathclyde. He holds a BEng (Hons) in Communication Systems Engineering from University of Portsmouth in 2001, an MSc in Communications, Control and Digital Signal Processing (2002) and a Ph.D. in Electronic and Electrical Engineering (2008), both from Strathclyde University. Christos has 12 years of experience, in Sensor Systems ranging from electronic devices, networking, communications and signal processing. His current research interests lie in extracting actionable information from data using machine learning and artificial intelligence.

Robert Atkinson, University of Strathclyde, Scotland

Dr. Robert C Atkinson is a Senior Lecturer in the Department of Electronic and Electrical Engineering, University of Strathclyde. He has applied a range of signal processing and machine learning algorithms to a range of fields as diverse as: radiolocation of partial discharge, intrusion detection systems, 4G handover optimization, game theory applied to radio access network selection, prognostics for gearboxes, condition-based maintenance of water pumps, internet of things, smart cities, smart buildings, and image analysis for pharmaceutical crystals. He is the author of over 80 scientific papers, published in internationally recognised conferences and journals. He is a Member of the IET and a Senior Member of the IEEE.

References

Ling, Z., Luo, J., Wu, K., Yu, W., and Fu, X. (2015). “TorWard: Discovery, Blocking, and Traceback of Malicious Traffic Over Tor,” IEEE Trans. Inf. Forensics Secur., 10:2515–2530.

Ghafir, I., Prenosil, V., and Svoboda, J. (2014). “Tor-based malware and Tor connection detection,” in International Conference on Frontiers of Communications, Networks and Applications (ICFCNA 2014 – Malaysia).

Doswell, S., Aslam, N., Kendall, D., and Sexton, G. (2013). “Please slow down!,” in Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices – SPSM ’13, 87–92.

Diffie, W., and Hellman. (1976). “New directions in cryptography,” IEEE Trans. Inf. Theory, 22, 644–654.

Dingledine, R., and Syverson, P. (2004). “Tor: The Second-Generation Onion Router.” Naval Research Lab Washington DC.

Saputra, F. A., Nadhori, I. U., and Barry, B. F. (2016). “Detecting and blocking onion router traffic using deep packet inspection,” in 2016 International Electronics Symposium (IES), 283–288.

Lashkari, A. H., Gil, G. D., Mamun, M. S. I., and Ghorbani, A. A. (2017). “Characterization of Tor Traffic using Time based Features,” 253–262.

Nguyen, T., and Armitage, G. (2008). “A survey of techniques for internet traffic classification using machine learning,” IEEE Commun. Surv. Tutorials, 10, 56–76.

Hill, G. D., and Bellekens, X. J. A. (2017). “Deep Learning Based Cryptographic Primitive Classification,” arXiv preprint arXiv:1709.08385.

Ishitaki, T., Oda, T., Matsuo, K., Barolli, L., and Takizawa, M. (2015). “Performance Evaluation of a Neural Network Based Intrusion Detection System for Tor Networks Considering different Hidden Units,” in 2015 18th International Conference on Network-Based Information Systems, 620–627.

Roesch and Martin. (1999). “Snort – Lightweight Intrusion Detection for Networks,” in Proceedings of the 13th USENIX conference on System administration, 229–238.

Subba, B., Biswas, S., and Karmakar, S. (2012). “A Neural Network based system for Intrusion Detection and attack classification,” in 2016 Twenty Second National Conference on Communication (NCC), 1–6.

Haidar, G. A., and Boustany, C. (2015). “High Perception Intrusion Detection System Using Neural Networks,” in 2015 Ninth International Conference on Complex, Intelligent, and Software Intensive Systems, 497–501.

Bellekens, X. J. A., Tachtatzis, C., Atkinson, R. C., Renfrew, C., and Kirkham, T. (2014). “A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems,” Proc. 7th Int. Conf. Secur. Inf. Networks – SIN ’14, 302–309.

Mittal, N. K. (2016). “A survey on Wireless Sensor Network for Community Intrusion Detection Systems,” in 2016 3rd International Conference on Recent Advances in Information Technology (RAIT), 107–111.

Shun, J., and Malki, H. A. (2008). “Network Intrusion Detection System Using Neural Networks,” 2008 Fourth Int. Conf. Nat. Comput., 5, 242–246.

Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.-L., Iorkyase, E., Tachtatzis, C., and Atkinson, R. (2016). “Threat analysis of IoT networks using artificial neural network intrusion detection system,” in 2016 International Symposium on Networks, Computers and Communications, ISNCC 2016, 1–6.

Biglar Beigi, E., Hadian Jazi, H., Stakhanova, N., and Ghorbani, A. A. (2014). “Towards effective feature selection in machine learning-based botnet detection approaches,” in 2014 IEEE Conference on Communications and Network Security, 247–255.

Rozenblum, D. (2001). “Understanding Intrusion Detection Systems,” PC Network Advisor, 122, 11–15.

Hodo, E. Bellekens, X., Hamilton, A., and Tachtatzis, C. (2017). “Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey.” [Online]. Available at: https://arxiv.org/ftp/arxiv/papers/1701/1701.02145.pdf [Accessed: 31-Mar-2017].

Sekar, R., Guang, Y., Verma, S., and Shanbhag, T. (1999). “What it is Network intrusion detection system? — COMBOFIX.” [Online]. Available at: http://www.combofix.org/what-it-is-network-intrusion-detection-system.php [Accessed: 10-Dec-2015].

“Tor-nonTor — Datasets — Research — Canadian Institute for Cybersecurity — UNB.” [Online]. Available at: http://www.unb.ca/cic/research/datasets/tor.html [Accessed: 18-Apr-2017].

Murphy K. (2015). “Machine learning: a probabilistic perspective,” Chance encounters: Probability in … ,. [Online]. Available at: http://link.springer.com/chapter/10.1007/978-94-011-3532-0_2 [Accessed: 06-Jan-2015].

Alsheikh, M. A., Lin, S., Niyato, D., and Tan, H.-P. (2014). “Machine Learning in Wireless Sensor Networks: Algorithms, Strategies, and Applications,” IEEE Commun. Surv. Tutorials, 16, 1996–2018.

Burges, C. J. C. (1998). “A Tutorial on Support Vector Machines for Pattern Recognition,” Data Min. Knowl. Discov., 2, 121–167.

Hu, W., Liao, Y., and Vemuri, V. R. (2003). “Robust Support Vector Machines for Anomaly Detection in Computer Security.” In ICMLA.

Jemili, F., Zaghdoud, M., and Ben Ahmed, M. (2009). “Intrusion detection based on ‘Hybrid’ propagation in Bayesian Networks,” in 2009 IEEE International Conference on Intelligence and Security Informatics, 137–142.

Jensen, T. D., Jensen, F. V., and Nielsen. (2001). “Bayesian networks and decision graphs,” Springer, Berlin.

Amor, N. B., Benferhat, S., and Elouedi, Z. (2003). Naive bayesian networks in intrusion detection systems. In Proc. Workshop on Probabilistic Graphical Models for Classification, 14th European Conference on Machine Learning (ECML) and the 7th European Conference on Principles and Practice of Knowledge Discovery in Databases (PKDD), Croatia.

Hall, M. A. (1999). “Correlation-based Feature Selection for Machine Learning,”. Available at: https://www.lri.fr/∼pierres/donn%E9es/save/these/articles/lpr-queue/hall99correlationbased.pdf

Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., and Ghorbani, A. A. (2017). “Characterization of Encrypted and VPN Traffic using Time-related Features,” in Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), 407–414.

Downloads

Published

2017-11-03

How to Cite

1.
Hodo E, Bellekens X, Iorkyase E, Hamilton A, Tachtatzis C, Atkinson R. Machine Learning Approach for Detection of nonTor Traffic. JCSANDM [Internet]. 2017 Nov. 3 [cited 2024 Apr. 19];6(2):171-94. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5217

Issue

2017: Vol 6 Iss 2

Section

Articles