Deep Packet Inspection Model Based on Support Vector Machine for Anomaly Detection in Local Area Networks
DOI:
https://doi.org/10.25195/ijci.v50i2.501Keywords:
Deep packet inspection, Anomaly detection, Local area network, Support vector machine, SelectKBestAbstract
Deep packet inspection is a network security solution that identifies and flags anomalous network traffic patterns in a local network environment. Traditional signature-based techniques for intrusion detection are limited in identifying different attacks or completely new kinds, which makes them unsuitable in some situations. In addition, most previous methods for anomaly detection have low detection rate and high false alarm. In this study, a deep packet inspection model based on support vector machine (SVM) for anomaly detection in local area networks was proposed. The proposed method combined the SelectKBest method and SVM for the categorization of anomaly in a local network environment. Results showed that the proposed method outperformed other related machine learning methods with accuracy, precision, recall, and F1-score of 94.81%, 94.03%, 94.13%, and 94.0799%, respectively. The accuracy result shows that most network traffic can be correctly identified by the SVM using the SelectKBest approach, with minimal false positives or negatives.
Downloads
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Iraqi Journal for Computers and Informatics
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
IJCI applies the Creative Commons Attribution (CC BY) license to articles. The author of the submitted paper for publication by IJCI has the CC BY license. Under this Open Access license, the author gives an agreement to any author to reuse the article in whole or part for any purpose, even for commercial purposes. Anyone may copy, distribute, or reuse the content as long as the author and source are properly cited. This facility helps in re-use and ensures that journal content is available for the needs of research.
If the manuscript contains photos, images, figures, tables, audio files, videos, etc., that the author or the co-authors do not own, IJCI will require the author to provide the journal with proof that the owner of that content has given the author written permission to use it, and the owner has approved that the CC BY license being applied to content. IJCI provides a form that the author can use to ask for permission from the owner. If the author does not have owner permission, IJCI will ask the author to remove that content and/or replace it with other content that the author owns or has such permission to use.
Many authors assume that if they previously published a paper through another publisher, they have the right to reuse that content in their PLOS paper, but that is not necessarily the case – it depends on the license that covers the other paper. The author must ascertain the rights he/she has of a specific license (a license that enables the author to use the content). The author must obtain written permission from the publisher to use the content in the IJCI paper. The author should not include any content in her/his IJCI paper without having the right to use it, and always give proper attribution.
The accompanying submitted data should be stated with licensing policies, the policies should not be more restrictive than CC BY.
IJCI has the right to remove photos, captures, images, figures, tables, illustrations, audio, and video files, from a paper before or after publication, if these contents were included in the author's paper without permission from the owner of the content.