Show simple item record

dc.contributor.authorNdichu, Samuel
dc.contributor.authorMcOyowo, Sylvester
dc.contributor.authorOkoyo, Henry
dc.contributor.authorWekesa, Cyrus
dc.date.accessioned2023-10-11T14:41:20Z
dc.date.available2023-10-11T14:41:20Z
dc.date.issued2023-04-01
dc.identifier.issn2074-9090(print)
dc.identifier.issn2074-9104
dc.identifier.urihttps://repository.maseno.ac.ke/handle/123456789/5811
dc.description.abstractRemote access technologies encrypt data to enforce policies and ensure protection. Attackers leverage such techniques to launch carefully crafted evasion attacks introducing malware and other unwanted traffic to the internal network. Traditional security controls such as anti-virus software, firewall, and intrusion detection systems (IDS) decrypt network traffic and employ signature and heuristic-based approaches for malware inspection. In the past, machine learning (ML) approaches have been proposed for specific malware detection and traffic type characterization. However, decryption introduces computational overheads and dilutes the privacy goal of encryption. The ML approaches employ limited features and are not objectively developed for remote access security. This paper presents a novel ML-based approach to encrypted remote access attack detection using a weighted random forest (W-RF) algorithm. Key features are determined using feature importance scores. Class weighing is used to address the imbalanced data distribution problem common in remote access network traffic where attacks comprise only a small proportion of network traffic. Results obtained during the evaluation of the approach on benign virtual private network (VPN) and attack network traffic datasets that comprise verified normal hosts and common attacks in real-world network traffic are presented. With recall and precision of 100%, the approach demonstrates effective performance. The results for k-fold cross-validation and receiver operating characteristic (ROC) mean area under the curve (AUC) demonstrate that the approach effectively detects attacks in encrypted remote access network traffic, successfully averting attackers and network intrusionen_US
dc.publisherModern Education and Computer Science Pressen_US
dc.subjectRemote Access, Virtual Private Network, Encrypted Network Traffic, Network Attacks, Machine Learningen_US
dc.titleDetecting Remote Access Network Attacks Using Supervised Machine Learning Methodsen_US
dc.typeArticleen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record