Machine learning approach for detection of nonTor traffic

Elike Hodo, Xavier Bellekens, Ephraim Iorkyase, Andrew Hamilton, Christos Tachtatzis, Robert Atkinson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)
28 Downloads (Pure)

Abstract

Intrusion detection has attracted a considerable interest from researchers and industries. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymising the identity of internet users connecting through a series of tunnels and nodes. This work focuses on the classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users. A study to compare the reliability and efficiency of Artificial Neural Network and Support vector machine in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset is presented in this paper. The results are analysed based on the overall accuracy, detection rate and false positive rate of the two algorithms. Experimental results show that both algorithms could detect nonTor traffic in the dataset. A hybrid Artificial neural network proved a better classifier than SVM in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset.
Original languageEnglish
Title of host publicationProceedings of the 12th International Conference on Availability, Reliability and Security
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Number of pages6
ISBN (Electronic)9781450352574
DOIs
Publication statusPublished - 29 Aug 2017
Event12th International Conference on Availability, Reliability and Security - University Mediterranea, Reggio Calabria, Italy
Duration: 29 Aug 20171 Sep 2017
Conference number: 12
https://www.ares-conference.eu/conference2017/

Publication series

NameACM International Conference Proceeding Series
PublisherACM

Conference

Conference12th International Conference on Availability, Reliability and Security
Abbreviated titleARES 2012
CountryItaly
CityReggio Calabria
Period29/08/171/09/17
Internet address

Fingerprint

Intrusion detection
Learning systems
Neural networks
Support vector machines
Tunnels
Classifiers
Internet
Industry

Cite this

Hodo, E., Bellekens, X., Iorkyase, E., Hamilton, A., Tachtatzis, C., & Atkinson, R. (2017). Machine learning approach for detection of nonTor traffic. In Proceedings of the 12th International Conference on Availability, Reliability and Security [85] (ACM International Conference Proceeding Series). New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/3098954.3106068
Hodo, Elike ; Bellekens, Xavier ; Iorkyase, Ephraim ; Hamilton, Andrew ; Tachtatzis, Christos ; Atkinson, Robert. / Machine learning approach for detection of nonTor traffic. Proceedings of the 12th International Conference on Availability, Reliability and Security. New York : Association for Computing Machinery (ACM), 2017. (ACM International Conference Proceeding Series).
@inproceedings{f705012d529a4dc692ead5fd72d6b6b3,
title = "Machine learning approach for detection of nonTor traffic",
abstract = "Intrusion detection has attracted a considerable interest from researchers and industries. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymising the identity of internet users connecting through a series of tunnels and nodes. This work focuses on the classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users. A study to compare the reliability and efficiency of Artificial Neural Network and Support vector machine in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset is presented in this paper. The results are analysed based on the overall accuracy, detection rate and false positive rate of the two algorithms. Experimental results show that both algorithms could detect nonTor traffic in the dataset. A hybrid Artificial neural network proved a better classifier than SVM in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset.",
author = "Elike Hodo and Xavier Bellekens and Ephraim Iorkyase and Andrew Hamilton and Christos Tachtatzis and Robert Atkinson",
year = "2017",
month = "8",
day = "29",
doi = "10.1145/3098954.3106068",
language = "English",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery (ACM)",
booktitle = "Proceedings of the 12th International Conference on Availability, Reliability and Security",
address = "United States",

}

Hodo, E, Bellekens, X, Iorkyase, E, Hamilton, A, Tachtatzis, C & Atkinson, R 2017, Machine learning approach for detection of nonTor traffic. in Proceedings of the 12th International Conference on Availability, Reliability and Security., 85, ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), New York, 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, 29/08/17. https://doi.org/10.1145/3098954.3106068

Machine learning approach for detection of nonTor traffic. / Hodo, Elike; Bellekens, Xavier; Iorkyase, Ephraim; Hamilton, Andrew; Tachtatzis, Christos; Atkinson, Robert.

Proceedings of the 12th International Conference on Availability, Reliability and Security. New York : Association for Computing Machinery (ACM), 2017. 85 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Machine learning approach for detection of nonTor traffic

AU - Hodo, Elike

AU - Bellekens, Xavier

AU - Iorkyase, Ephraim

AU - Hamilton, Andrew

AU - Tachtatzis, Christos

AU - Atkinson, Robert

PY - 2017/8/29

Y1 - 2017/8/29

N2 - Intrusion detection has attracted a considerable interest from researchers and industries. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymising the identity of internet users connecting through a series of tunnels and nodes. This work focuses on the classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users. A study to compare the reliability and efficiency of Artificial Neural Network and Support vector machine in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset is presented in this paper. The results are analysed based on the overall accuracy, detection rate and false positive rate of the two algorithms. Experimental results show that both algorithms could detect nonTor traffic in the dataset. A hybrid Artificial neural network proved a better classifier than SVM in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset.

AB - Intrusion detection has attracted a considerable interest from researchers and industries. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymising the identity of internet users connecting through a series of tunnels and nodes. This work focuses on the classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users. A study to compare the reliability and efficiency of Artificial Neural Network and Support vector machine in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset is presented in this paper. The results are analysed based on the overall accuracy, detection rate and false positive rate of the two algorithms. Experimental results show that both algorithms could detect nonTor traffic in the dataset. A hybrid Artificial neural network proved a better classifier than SVM in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset.

U2 - 10.1145/3098954.3106068

DO - 10.1145/3098954.3106068

M3 - Conference contribution

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 12th International Conference on Availability, Reliability and Security

PB - Association for Computing Machinery (ACM)

CY - New York

ER -

Hodo E, Bellekens X, Iorkyase E, Hamilton A, Tachtatzis C, Atkinson R. Machine learning approach for detection of nonTor traffic. In Proceedings of the 12th International Conference on Availability, Reliability and Security. New York: Association for Computing Machinery (ACM). 2017. 85. (ACM International Conference Proceeding Series). https://doi.org/10.1145/3098954.3106068