Preecha Pangsuban, Prachyanun Nilsook and Panita Wannapiroon
A Real-time Risk Assessment for Information System with CICIDS2017 dataset using Machine Learning.
Acceptance Notification of Full Paper and the paper will be published in
International Journal of Machine Learning and Computing. (EI (INSPEC, IET), Scopus)
2019 8th International Conference on Software and Computing Technologies (ICSCT 2019)
Conference 5th to 7th April 2019 , Hong Kong.
8. 8
Information system should have a security risk assessment to prepare for threats,
analyze the risks involved and preventive measures
INTRODUCTION (cont.)
10. 10
Risk assessment based on the
likelihood of the occurrence
and the severity of the impact
of attacks
INTRODUCTION (cont.)
11. 11
CICIDS2017 dataset was used in this research for threat detection and vulnerability
INTRODUCTION (cont.)
12. 12
RESULT (cont.)
CICIDS2017 dataset have a variety of ways to detect Denial of Service,
Password attack, Probing and vulnerability
No Group of Intrusion Type of Intrusion
1 Normal Benign
2 Denial of Service: Dos Botnet, DDoS, DoS GoldenEye, DoS Hulk, DoS
Slowhttp, DoS Slowloris
3 Password attacks FTP-Patator, SSH-Patator, Web-Attack-Brute-Force
4 Probing Port Scan
5 Vulnerability Heartbleed Attack, Infiltration, Web-Attack-Sql-
Injection, Web-Attack-XSS
14. 14
INTRODUCTION (cont.)
• Using CICIDS2017 dataset to create predictive models by ML
for predicting the likelihood of attacks
• The impact is assessed by the severity of each type of attacks.
• Risk assessment is the result of the likelihood and impact that
has occurred as a risk matrix of information systems.
15. 15
To study the concept of RA for information system with CICIDS 2017
dataset using ML.
1
2
To design architecture of RA for information system with CICIDS
2017 dataset using ML.
1
OBJECTIVES OF THE RESEARCH
2
16. 16
To study information and related research about RA on information system
based on intrusion network with ML and analyzed data for concept design.
1
To develop the components of RA system from the concept.2
To design architecture of RA system from the concept.3
1
2
3
RESEARCH OPERATION
21. 21
CONCLUSIONS
The system architecture consist of three main sections; network data
capture, risk predictive analysis and Risk Assessment report.
It is designed to work in real time, the network data capture design
need a special Network Interface Card that high efficiency and speed
to be able to capture data into “pcap” form
The network data converted to CICIDS2017 dataset form and they
are predicted intrusion by ML and stored into the data file
Logstash and Elasticsearch works together for handling and searching
big log files to increase the number of servers
22. 22
CONCLUSIONS (cont.)
ML to identify known threats and suspicious behavior, by using
faster time helps reduce some mistakes caused by false positive and
false negative.
ML can identify threats, which can be clearly divided according to
the type of intrusion and can also specify the time of the intrusion in
real time.
The system can monitor RA and warn the system administrator for
prevention of risk of information system and harm reduction.
It is a tool used at work by institutions.