Show simple item record

dc.contributor.authorOgwal, Awio Kenneth
dc.date.accessioned2022-05-20T05:39:18Z
dc.date.available2022-05-20T05:39:18Z
dc.date.issued2021-10-06
dc.identifier.citationOgwal, A. K. (2021). A detection model for user-to-root attacks using the AdaBoost classifier. (Unpublished Master's Dissertation). Makerere University, Kampala, Uganda.en_US
dc.identifier.urihttp://hdl.handle.net/10570/10541
dc.descriptionA research dissertation submitted to the Directorate of Research and Graduate Training in partial fulfillment of the requirements for the award of the degree of Master of Science in Computer Science of Makerere University.en_US
dc.description.abstractIntrusion detection in enterprise networks is a key area of interest in computer security today because of its importance and vast application, such as detection of attacks by legal users. Current attack detection based on the AdaBoost classifier is inadequately accurate. In addition, recent contributions to detection of user-to-root attacks based on the AdaBoost algorithm use standard datasets which are not necessarily contextual to local settings. The aim of this study was to build a detection model for user-to-root attacks with a high detection rate and low false alarm rate using the AdaBoost classifier. User-to-root attacks are the most dangerous of all network insider attacks. This model used 40 days’ network traffic data from the enterprise network of National Water and Sewerage Corporation, and used categorical data. The model was built using Jupyter Notebook Integrated Development Environment. Feature engineering generated additional relevant features, one feature was dropped using mean imputation, upscaling was performed to deal with the unbalanced nature of the dataset, embedded feature selection technique was used for feature selection, and integer encoding was used to transform the categorical features into numericals. The training dataset was first fitted on K-Nearest Neighbor, Naïve Bayes, Support Vector Machine, and Random Forest base classifiers. The latter was then used as the weak learner for the AdaBoost classifier. Results showed a high Detection Rate of 95.05%, F1 Score of 0.89 and False Alarm Rate of 0.91. This dissertation provides up-to-date literature to scholars in related studies and this model can be integrated into anomaly based Network Intrusion Detection Systems. This study recommends that Machine Learning researchers need to use contextual data, standard methods and standard tools to build attack detection models for accurate attack detections, developers should adopt and use this model if developing Network Intrusion Detection Systems, the cybersecurity industry needs to involve Machine Learning experts in order to leverage accurate intrusion detection by Network Intrusion Detection Systems, and that researchers could also focus on applying this algorithm to balanced data as well as discuss other constraints identified by this study.en_US
dc.language.isoenen_US
dc.publisherMakerere Universityen_US
dc.subjectdetectionen_US
dc.subjectmodelen_US
dc.subjectuser-to-root attacksen_US
dc.subjectAdaBoost classifieren_US
dc.subjectJupyter Notebook Integrated Development Environmenten_US
dc.subjectMachine Learningen_US
dc.subjectalgorithmen_US
dc.subjectFeature engineeringen_US
dc.titleA detection model for user-to-root attacks using the AdaBoost classifieren_US
dc.typeThesisen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record