Metrics
34 Record Views
Journal article
Extended Isolation Forest for Intrusion Detection in Zeek Data
Information (Basel), Vol.15(7), p.404
07/12/2024
Web of Science ID: WOS:001277623500001
Abstract
The novelty of this paper is in determining and using hyperparameters to improve the Extended Isolation Forest (EIF) algorithm, a relatively new algorithm, to detect malicious activities in network traffic. The EIF algorithm is a variation of the Isolation Forest algorithm, known for its efficacy in detecting anomalies in high-dimensional data. Our research assesses the performance of the EIF model on a newly created dataset composed of Zeek Connection Logs, UWF-ZeekDataFall22. To handle the enormous volume of data involved in this research, the Hadoop Distributed File System (HDFS) is employed for efficient and fault-tolerant storage, and the Apache Spark framework, a powerful open-source Big Data analytics platform, is utilized for machine learning (ML) tasks. The best results for the EIF algorithm came from the 0-extension level. We received an accuracy of 82.3% for the Resource Development tactic, 82.21% for the Reconnaissance tactic, and 78.3% for the Discovery tactic.
Files and links (1)
Related links
Details
- Title
- Extended Isolation Forest for Intrusion Detection in Zeek Data
- Publication Details
- Information (Basel), Vol.15(7), p.404
- Resource Type
- Journal article
- Publisher
- MDPI
- Copyright
- © 2024 by the authors.
- Identifiers
- WOS:001277623500001; 99380566387606600
- Academic Unit
- Hal Marcus College of Science and Engineering ; Computer Science; Mathematics and Statistics
- Language
- English