Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Real-time Risk Assessment for Information System with CICIDS2017 dataset using Machine Learning

95 views

Published on

Preecha Pangsuban, Prachyanun Nilsook and Panita Wannapiroon
A Real-time Risk Assessment for Information System with CICIDS2017 dataset using Machine Learning.
Acceptance Notification of Full Paper and the paper will be published in
International Journal of Machine Learning and Computing. (EI (INSPEC, IET), Scopus)
2019 8th International Conference on Software and Computing Technologies (ICSCT 2019)
Conference 5th to 7th April 2019 , Hong Kong.

Published in: Education
  • Be the first to comment

  • Be the first to like this

A Real-time Risk Assessment for Information System with CICIDS2017 dataset using Machine Learning

  1. 1. 1 Assoc.Prof. Panita Wannapiroon, Ph.D. Preecha Pangsuban Ph.D. Candidate Assoc.Prof. Prachyanun Nilsook, Ph.D.
  2. 2. 2 INTRODUCTION ICT has become a daily routine.
  3. 3. 3 INTRODUCTION (cont.) Cyber attacks
  4. 4. 4 INTRODUCTION (cont.) AI and ML used for vulnerability detection and data processing
  5. 5. 5 The attacker can use ML to support his attacks at the same time INTRODUCTION (cont.)
  6. 6. 6 The Direct effects such as, reduction in work efficiency, add recovery times having damage cost. INTRODUCTION (cont.)
  7. 7. 7 Indirect effects includes loss of business and non-credible organizations INTRODUCTION (cont.)
  8. 8. 8 Information system should have a security risk assessment to prepare for threats, analyze the risks involved and preventive measures INTRODUCTION (cont.)
  9. 9. 9 Risk assessment (RA) includes, risk identification, risk analysis, and risk priority. INTRODUCTION (cont.)
  10. 10. 10 Risk assessment based on the likelihood of the occurrence and the severity of the impact of attacks INTRODUCTION (cont.)
  11. 11. 11 CICIDS2017 dataset was used in this research for threat detection and vulnerability INTRODUCTION (cont.)
  12. 12. 12 RESULT (cont.) CICIDS2017 dataset have a variety of ways to detect Denial of Service, Password attack, Probing and vulnerability No Group of Intrusion Type of Intrusion 1 Normal Benign 2 Denial of Service: Dos Botnet, DDoS, DoS GoldenEye, DoS Hulk, DoS Slowhttp, DoS Slowloris 3 Password attacks FTP-Patator, SSH-Patator, Web-Attack-Brute-Force 4 Probing Port Scan 5 Vulnerability Heartbleed Attack, Infiltration, Web-Attack-Sql- Injection, Web-Attack-XSS
  13. 13. 13 INTRODUCTION Example of CICIDS2017 dataset INTRODUCTION (cont.)
  14. 14. 14 INTRODUCTION (cont.) • Using CICIDS2017 dataset to create predictive models by ML for predicting the likelihood of attacks • The impact is assessed by the severity of each type of attacks. • Risk assessment is the result of the likelihood and impact that has occurred as a risk matrix of information systems.
  15. 15. 15 To study the concept of RA for information system with CICIDS 2017 dataset using ML. 1 2 To design architecture of RA for information system with CICIDS 2017 dataset using ML. 1 OBJECTIVES OF THE RESEARCH 2
  16. 16. 16 To study information and related research about RA on information system based on intrusion network with ML and analyzed data for concept design. 1 To develop the components of RA system from the concept.2 To design architecture of RA system from the concept.3 1 2 3 RESEARCH OPERATION
  17. 17. 17 RESULT The conceptual framework
  18. 18. 18 System components RESULT (cont.)
  19. 19. 19 System Architecture RESULT (cont.)
  20. 20. 20 RESULT (cont.) The risk matrix report form
  21. 21. 21 CONCLUSIONS The system architecture consist of three main sections; network data capture, risk predictive analysis and Risk Assessment report. It is designed to work in real time, the network data capture design need a special Network Interface Card that high efficiency and speed to be able to capture data into “pcap” form The network data converted to CICIDS2017 dataset form and they are predicted intrusion by ML and stored into the data file Logstash and Elasticsearch works together for handling and searching big log files to increase the number of servers
  22. 22. 22 CONCLUSIONS (cont.) ML to identify known threats and suspicious behavior, by using faster time helps reduce some mistakes caused by false positive and false negative. ML can identify threats, which can be clearly divided according to the type of intrusion and can also specify the time of the intrusion in real time. The system can monitor RA and warn the system administrator for prevention of risk of information system and harm reduction. It is a tool used at work by institutions.
  23. 23. Any Question 23
  24. 24. CONTACT 24 E-mail : preecha@yru.ac.th Facebook : www.facebook.com/ppbyru
  25. 25. Thank YouPRESENTED BY : Preecha Pangsuban A Real-time Risk Assessment for Information System with CICIDS2017 dataset using Machine Learning 25

×