부산대학교 도서관

Network security is a crucial component of Information Technology, yet organizations continue to grapple with meeting established security benchmarks. Given the rise in cyber-attacks and the continuous emergence of new attack types, it’s practically infeasible to persistently update attack patterns or signatures within security parameters. Key tools such as Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) are instrumental in monitoring network traffic and identifying potential threats. However, these tools face limitations, such as the high volume of alerts produced by IDS and the use of rule-based method, also the inability of SIEM tools to analyze logs comprehensively to identify inappropriate activities. This research has conducted anomaly detection using machine learning process to classify cyber-attacks network flow collected from IDS that installed incident network infrastructure. The analysis of IDS using machine learning, integrated with SIEM. The algorithm used in this research was Random Forest Classifier using CSE-CID-IDS2018 dataset pre-processed with Principal Component Analysis (PCA). Results of the experiments show that Random Forest Classifier Model, when combined with Principal Component Analysis (PCA), yields the most commendable results when applied to a 70/30 training/testing data ratio with accuracy of 0.99953.