Enhanced classification of network traffic data captured by intrusion prevention systems

PhD thesis

Aljoufi, R. 2023. Enhanced classification of network traffic data captured by intrusion prevention systems. PhD thesis Middlesex University Computer Science
TypePhD thesis
TitleEnhanced classification of network traffic data captured by intrusion prevention systems
AuthorsAljoufi, R.

A common practice in modern computer networks is the deployment of Intrusion Prevention Systems (IPSs) for the purpose of identifying security threats. Such systems provide alerts on suspicious activities based on a predefined set of rules. These alerts almost always contain high percentages of false positives and false negatives, which may impede the efficacy of their use. Therefore, with the presence of high numbers of false positives and false negatives, the analysis of network traffic data can be ineffective for decision makers which normally require concise, and preferably, visual forms to base their decisions upon. Machine learning techniques can help extract useful information from large datasets. Combined with visualisation, classification could provide a solution to false alerts and text-based outputs of IPSs.
This research developed two new classification techniques that outperformed the traditional classification methods in accurate classification of computer network traffic captured by an IPS framework. They are also highly effective. The main purpose of these techniques was the effective identification of malicious network traffic and this was demonstrated via extensive experimental evaluation (where many experiments were conducted and results are reported in this thesis). In addition, an enhancement of the principal component analysis (PCA) was presented as part of this study. This enhancement proved to outperform the classical PCA on classification of IPS data.
Details of the evaluation and experiments are provided in this thesis. One of the classification methods described in this thesis achieved accuracy values of 98.51% and 99.76% on two computer network traffic dataset settings, whereas the Class-balanced Similarity Based Instance Transfer Learning (CB-SBIT) algorithm achieves accuracy values of 93.56% and 96.25% respectively on the same dataset settings. This means the proposed method outperforms the state-of-the-art algorithm.
As for the PCA enhancement mentioned above, using its resulting principal components as inputs to classifiers leads to improved accuracy when compared to the classical PCA.

Sustainable Development Goals9 Industry, innovation and infrastructure
Middlesex University ThemeCreativity, Culture & Enterprise
Department nameComputer Science
Institution nameMiddlesex University
PublisherMiddlesex University Research Repository
Publication dates
Print05 Apr 2023
Publication process dates
Deposited05 Apr 2023
Accepted06 Mar 2023
Output statusPublished
Accepted author manuscript
Permalink -


Download files

Accepted author manuscript
  • 81
    total views
  • 70
    total downloads
  • 3
    views this month
  • 4
    downloads this month

Export as