| Title | Detecting SSH and FTP Brute Force Attacks in Big Data |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Hancock, John, Khoshgoftaar, Taghi M., Leevy, Joffrey L. |
| Conference Name | 2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA) |
| Date Published | dec |
| Keywords | Big Data, big data security metrics, brute-force attack, Classification algorithms, CSE-CIC-IDS2018, cyber-security, Data models, Decision Tree, feature extraction, Force, Intrusion detection, pubcrawl, resilience, Resiliency, Scalability, statistical analysis, telecommunication traffic |
| Abstract | We present a simple approach for detecting brute force attacks in the CSE-CIC-IDS2018 Big Data dataset. We show our approach is preferable to more complex approaches since it is simpler, and yields stronger classification performance. Our contribution is to show that it is possible to train and test simple Decision Tree models with two independent variables to classify CSE-CIC-IDS2018 data with better results than reported in previous research, where more complex Deep Learning models are employed. Moreover, we show that Decision Tree models trained on data with two independent variables perform similarly to Decision Tree models trained on a larger number independent variables. Our experiments reveal that simple models, with AUC and AUPRC scores greater than 0.99, are capable of detecting brute force attacks in CSE-CIC-IDS2018. To the best of our knowledge, these are the strongest performance metrics published for the machine learning task of detecting these types of attacks. Furthermore, the simplicity of our approach, combined with its strong performance, makes it an appealing technique. |
| DOI | 10.1109/ICMLA52953.2021.00126 |
| Citation Key | hancock_detecting_2021 |
Detecting SSH and FTP Brute Force Attacks in Big Data