Date of Award
12-2024
Document Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Degree Discipline
Electrical Engineering
Abstract
Network intrusion detection NID) is a technology that monitors network traffic and identifies abnormal activity. The ability to identify malicious activity can be manifested by application of artificial intelligence and machine learning (ML). This research delved into analysis, development, and optimization of supervised, unsupervised, and reinforcement learning approaches to network anomaly detection. In the past 10 years, there has been a substantial amount of research on supervised learning, a type of ML that is trained from a prelabeled network dataset that tags each sample with benign or abnormal labels. Unsupervised and reinforcement learning research has been minimal.
This study evaluated supervised, unsupervised, and reinforcement learning approaches to anomaly detection. ML employs statistical algorithms that learn the underlying data characteristics and use this learning to detect abnormal activity. From the literature review, it is clear that the most important attributes for an effective NIDs are data quality and efficient ML algorithms, including runtimes and memory usage. Most research in this domain has been conducted using obsolete network datasets that do not reflect the type of malicious traffic encountered today.
This study used a modern dataset that captured traffic from an “Internet of Things” (IoT) test network with modern attack types. In one experiment, a dataset created in the SECURE Center, Prairie View A&M University, was used with scanning attack types, as well as a common utility for converting network traffic called NFStream. NFStream uses deep packet inspection to convert the header/data portion of network packets, preserves Transmission Control Protocol (TCP) Flag states, and calculates statistical features from the raw data in packets. The research was conducted through several experiments covering data pre-processing, dataset labeling, feature selection/ reduction, synthetic data generation, and unsupervised learning. The aim was to develop an optimal ensemble of feature selection/ML algorithms and to establish a framework for future research in Learning Automata and Reinforcement Learning. Based on the results, several contributions to the research domain are provided: a pre-processing framework, several feature selection techniques, a synthetic data generator, a new type of neural network based on Kolmogorov Arnold Networks, and a new clustering approach for unsupervised learning.
Index Terms—Feature selection, generative adversarial networks, Kolmogorov Arnold Networks, learning automata, reinforcement learning, supervised learning, unsupervised learning.
Committee Chair/Advisor
Mohamed Chouikha
Committee Co-Chair:
Annamalai Annamalai
Committee Member
Ahmed Ahmed
Committee Member
Justin Foreman
Publisher
Prairie View A&M University
Rights
© 2021 Prairie View A & M University
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Date of Digitization
12/06/2024
Contributing Institution
John B Coleman Library
City of Publication
Prairie View
MIME Type
Application/PDF
Recommended Citation
Waters, W. L. (2024). Analysis And Optimization Of Machine Learning Models For Network Intrusion Detection. Retrieved from https://digitalcommons.pvamu.edu/pvamu-dissertations/102