Students Project Report Coverage (V1.1) : The Following Sequence Should Be Followed and Maintained
Students Project Report Coverage (V1.1) : The Following Sequence Should Be Followed and Maintained
1]
The following sequence should be followed and maintained.
1. Cover page, along with the title of the project and name of the
candidate.
2. Certificate obtained from industry (in case of the external project)
3. Certificate obtained from guides (in case of an internal project)
4. Acknowledgment
5. List of symbols, nomenclature, and abbreviations used
6. List of Figures and Graphs
7. List of Tables
8. Abstract [ PURPOSE-METHODOLOGY-FINDINGS]
9. Tables of Content
10.Chapters organization
Chapter-1: Project description and outline
Chapter-2: Related work investigation
Chapter-3: Requirement Artifacts
Chapter-4: Design methodology and its novelty
Chapter-5: Technical Implementations and Analysis
Chapter-6: Project Outcome and Applicability
Chapter-7: Conclusions and Recommendation
References
Appendices (Additional Information if necessary).
Submitted by
BACHLEORS OF TECHNOLOGY
in
COMPUTER SCIENCE ENGINEERING WITH SPECIALIZATION IN
CYBER SECURITY AND DIGITAL FORENSICS
Certified that this project report titled “Anomaly Detection System based on
Bhavin Patel (18BCY10040)” who carried out the project work under my
supervision. Certified further that to the best of my knowledge the work reported at
this time does not form part of any other project/research work based on which a
degree or award was conferred on an earlier occasion on this or any other candidate.
First and foremost, I would like to thank the Lord Almighty for His presence and
I wish to express my heartfelt gratitude to Dr. Pushpindar Singh Patheja, Head of the
Department, School of Computer Science and Engineering for much of his valuable
I would like to thank my internal guide Mr. Thangavel M, for continually guiding and
project work.
I would like to thank all the technical and teaching staff of the School of Computer
Last, but not least, I am deeply indebted to my parents who have been the greatest
support while I worked day and night for the project to make it a success.
LIST OF ABBREVIATIONS
5. Algorithms used 33
Detecting and diagnosing the root cause of network traffic log problems is a
time-consuming and labour-intensive process, especially for previously
unknown failure modes. However, in the context of troubleshooting anomalies
in network traffic logs, our project is based on a stacking method to identify
malicious logs from the Advanced Security Network Metrics (ASNM) datasets.
According to the input training data, there have been roughly three orthogonal
techniques to creating intrusion detectors: (1) Knowledge-based detection,
which models and matches the characteristics of harmful intrusions. (2)
Detection based on anomalies, which models typical behaviour and finds
departures from it. (3) classification-based detection, which simultaneously
models harmful and legitimate behaviour. The problems with these
approaches are it showed a high false negative rate in case of evasions by
unknown or zero-day attacks, long time required for training and profiling and
susceptibility.
To overcome all of the flaws, our project is entirely built on a stacking model,
in which we took four machine learning algorithms and employed one of them
at a time at level 1 and the other at level 0 for a higher testing accuracy rate.
K-Nearest Neighbor, Nave Bayes, Support Vector Machine, and Decision
Tree are the four methods employed.
4 CHAPTER-4:
DESIGN METHODOLOGY AND ITS NOVELTY
4.1 Methodology and goal 36
4.2 Functional modules design and analysis 37
4.3 Subsystem services 42
4.4 Summary 42
5 CHAPTER-5:
TECHNICAL IMPLEMENTATION & ANALYSIS
5.1 Outline
43
5.2 Technical coding and code solutions 43
5.3 Test and validation 46
5.4 Performance Analysis (Graphs/Charts) 59
5.5 Summary 63
6 CHAPTER-6:
PROJECT OUTCOME AND APPLICABILITY
6.1 Outline 64
6.2 key implementations outline of the System 64
6.3 Significant project outcomes 64
6.5 Inference 64
7 CHAPTER-7:
CONCLUSIONS AND RECOMMENDATION
7.1 Outline
7.2 Constraints of the System 65
7.3 Future Enhancements
7.4 Inference 65
65
65
References 66
Peng lin et al (2019) The author has used the LSTM approach in the above-mentioned
article. It is a particular recurrent neural network structure which helps in handling the problem of
long-term reliance. Attention Mechanism has been used. The Attention System is a simulation of the
human brain's attention mechanism, AM's role in anomaly detection is to calculate the impacts of
each network traffic on the previous network traffic. The above-mentioned algorithm has a 93
percent accuracy.
Junhong Kim et al (2019) Insider threats are generally the security issues that emerge
from people who have access to a company's network, systems, and data. Insider threats are less
often than external incursions, but they are more dangerous. The correctness of the paper is 53.77
percent. After considering all of the aforementioned information (all log data), the author devised an
algorithm for detecting insider risks in a company.
Bo Long et al (2020) The goal of this research study's author is to give a full grasp of
entirely anomaly detection techniques based on deep learning in a variety of software applications.
The book then examines today's deep mastery trends in depth, as well as the strategies used to
overcome the restrictions imposed by traditional algorithms. The research concludes with a
consideration of future trends. Then we realize how important it is to add modern deep anomaly
detection algorithms. We discuss the following tasks in deep version anomaly detection strategies:
Using RNN, LSTM, Auto-Encoder, and other approaches, learn regular patterns from complicated
data. Detecting anomalies, in which we look at how to correctly detect anomalous behavior using
just reconstruction errors, reconstruction probabilities, and the use of a single class, KNN.
Harsh Patel et al (2018) The methods may be used to extract text, clinically licensed
fields, and search engines, as well as identify statistics in a number of statistical activities. On the
basis of their accuracy and efficiency rate, many decision tree algorithms were constructed. It may
be critical for us to understand how to employ a good set of guidelines in any decision-making
situation. In terms of accuracy, time, and precision, the decision tree exceeds the competition. It is
based on a set of rules that are used to provide recommendations for finding interesting sites. Finally,
a thorough examination of choice tree algorithms is completed, and this study finds that CART is a
set of rules for this dataset that is more specific and accurate than many others.
Hossein Saeedi Emadi et al (2018) Here the author discusses the fact that such networks
cannot be supervised, and hence this research addresses the problem of anomaly detection. Here the
community traffic is used to extract the three functions of temperature, humidity, and the voltage.
The density-primarily depends upon fully spatial clustering of packages with noise (DBSCAN)
collection of guidelines is then used to cluster community information. It also uses density-based
total detection techniques to assess the correctness of the DBSCAN set of criteria for entering
information. This collection of criteria identifies variables in low-density areas as anomalous. It
trains to assist vector machines by using daily information. Finally, it eliminates outliers from
community data. Using coefficient correlation, we should be able to solve DBSCAN's problem of
deciding on entry parameters in this study.
Kun Xie et al (2018) The author of this paper highlights how traffic anomaly detection is
important for better Internet administration. Traditional detection algorithms frequently transform
excessively dimensional recordings to a prolonged vector, which reduces detection accuracy due to a
lack of spatial analysis in the records. Furthermore, they're frequently created based wholly on the
segregation of regular and abnormal records in a time period, which not only adds extra trash and
computing price, but also inhibits timely identification of anomalies. It is critical to discover online
and fix website navigation anomalies, but it is difficult to do so. To deal with the problem, this
research creates a 2-D matrix from the monitoring records in each time slot and uses bilateral big
thing analysis to discover anomalies inside the new time frame (B-PCA).
Chapter 1: Project Description and Outline:
1.1 Introduction:
Cyberattacks and breaches are nearly daily occurrences these days. The
rising frequency of cyberattacks is also due to technological advancements
and information shared with hackers on which tools to employ and which
techniques are successful on specific networks. In these situations,
businesses should prepare themselves so that they can endure a breach or
cyberattack without jeopardising data or vital services. Anomaly detection may
help companies enhance their networks. Anomaly detection is the process of
identifying or recognising any abnormal behaviour in the network and then
deleting it to make your network resistant to assaults caused by that anomaly.
What we've come up with is a hybrid model in which one method is employed
at Tier 1 and another is used at Tier 0, also known as Stacking. Stacking is an
extended form of the machine learning technique that may be expressed as
an aggregate. Stacking Machine learning gives you the benefit of mixing the
meta-learning algorithm with the training of your dataset, allowing you to
anticipate numerous machine learning algorithms and models.
• Regression of stacking.
The basic technique of stacking in machine learning:
• The level to which you train data depends on the base learner.
Moreover, in our project along with the stacking machine learning model we
have used four machine learning algorithms – K-Nearest Neighbor, Support
Vector Machine, Naïve Bayes and Decision tree. There are a total 12 different
results when we apply permutation and combination on these algorithms. All
in all, among these any three machine learning algorithms are being used at
level 0 of the stacking model and with their output as predictions the remaining
one is used to test the dataset based on the predictions obtained from the
level 0 algorithms.
In our project we have total of five supervised machine learning model which
have can be used to solve both classification and regression problems and
their working is described below:
Hence, the common methods for anomaly detection are not that efficient as
they do not contain a very high accuracy percentage for detecting the outliers
in their network/datasets.
1.7 Summary:
We summarize our chapter one, starting with giving you a small glance on the
technology or our concept of this project, moving forward our interest grew in
machine learning which motivates us to complete this project. Also, it
discusses the algorithms that have been used and the problem faced by us
doing this wonderful project.
Chapter 2: Related work
2.1 Introduction:
In this chapter we will discuss the recent progress that has been made so far
in the field of anomaly detection based on AI (Artificial intelligence), Stacking
and Machine Learning (ML). Under this chapter we have taken into
consideration papers which are written from 2018 to 2022, For every paper
there will be a summary about what approach the author have followed to
tackle the problem with that we will also discuss the accuracy of the algorithm
and the results which the author obtained, all the paper which are to be
discussed in the upcoming paragraphs are to be judged or summarized on the
basis of how the author have perceived the problem, how is the algorithms
behaving in practical , Efficiency and false alarm rate (i.e. How many times the
algorithms falsely notifies the organization about the anomaly). In the Below
section you would see that different algorithms have been used by different
authors and with the change of algorithm accuracy too is affected in one way
or another, we have taken a logical approach towards all of the papers below
and we have taken the papers from journals only and the literature survey
papers have not been included.
The author employed the LSTM (Long Short-Term Memory) strategy in the
above-mentioned article. About LSTM = LSTM is a particular recurrent neural
network structure suggested to handle the problem of long-term reliance. The
forget gate instructs the neural network to forget the worthless information, the
input gate instructs the neural network to add new content, and the output
gate determines the current node's ultimate output.
In addition, he has made use of the Attention Mechanism. The Attention
System (AM deep learning) is a simulation of the human brain's attention
mechanism. When we read a piece of text, we usually focus on a few
keywords so that we can quickly summarise the main content of the text;
similarly, AM's role in anomaly detection is to calculate the impacts of each
network traffic on the previous network traffic. The above-mentioned algorithm
has a 93 percent accuracy. The author has employed a loss function to fine
tune the algorithm's efficiency, which is one of the benefits of utilising the
aforesaid technique (in the given function we calculate the loss).
Insider threats are security issues that emerge from people who have access
to a company's network, systems, and data, such as workers and trusted
partners. Insider threats are less often than external incursions, but the scale
of harm is larger. The correctness of the suggested paper is 53.77 percent.
Individual user activity records that have been logged in the corporate system
are gathered. Then, by describing individual actions, potential traits are
extracted. If the system logs collect details on when a user connects his or her
personal USB drive to the system, for example, the overall number of USB
connections per day can be retrieved as an applicant variable, and subscriber
contents, such as the body of an e-mail, can also be used to create candidate
features.
-Proposed method:
The goal of this research study's author is to give a full grasp of entirely
anomaly detection techniques based on deep learning in a variety of software
applications. To begin, it outlines the paradox detection problem, the tactics
employed prior to the production of deep versions, and the difficult cases
encountered. The book then examines today's deep mastery trends in depth,
as well as the strategies used to overcome the restrictions imposed by
traditional algorithms. It comes in second to last, looking into deep version
anomaly detection techniques in real-world samples from LinkedIn production
systems. The research concludes with a consideration of future trends. Then
we realise how important it is to add modern deep anomaly detection
algorithms. We discuss the following tasks in deep version anomaly detection
strategies:
The author of this study work concludes that outliers are logs that contain
uncommon log states (anomaly logs), and that the k-Nearest Neighbor (KNN)
set of rules has exceptionally high accuracy in outlier identification
approaches. As a result, we employ the KNN set of rules to find abnormalities
within the log data. However, there are a few issues with using the KNN set of
rules to find anomalies, three of which are: excessive vector measurement
results in inefficient KNN set of rules, unlabelled log information is useless to
the KNN set of rules, and the imbalance of the range of log information
distorts the type selection of the KNN set of rules. We offer a green log
anomaly detection solution based entirely on a stepped forward KNN set of
rules with a mechanically classified pattern set to solve those three issues.
This method presents a log parsing method based only on N-grams and a
common sample mining (FPM) method that decreases the measurement of
the log vector modified with Frequency distribution. Inverse Document
Frequency (TF-IDF) is a technique that uses inverse document frequency.
Then, using clustering and self-schooling, we automatically extract classified
log information patterns from old logs.
For odd logs with tiny amounts and long distances from conventional logs, we
employ a clustering and self-training technique to provide classified log
statistics pattern set on a regular basis. Finally, we apply common weighting
distance to improve accuracy of the KNN algorithm, reducing the detrimental
effects of log pattern imbalance. The results show that our approach can
improve the effectiveness of log-based totally aberration detection with the
KNN algorithm while ensuring accuracy at the same time, based on
experiments on log units generated through six datasets of various types and
comparisons with three different log-based totally anomaly detection methods.
Paper 8: A Lightweight Anomaly Detection Model using SVM for WSNs in IoT,
through a Hybrid Feature Selection Algorithm based on GA and GWO
Paper 10: A Novel Anomaly Detection Algorithm Using DBSCAN and SVM in
Wireless Sensor Networks
The author discusses the fact that such networks cannot be supervised, and
hence this research addresses the problem of anomaly detection. First, the
community traffic is used to extract the three functions of temperature,
humidity, and voltage. The density-primarily based fully spatial clustering of
packages with noise (DBSCAN) collection of guidelines is then used to cluster
community information. It also uses density-based totally detection techniques
to assess the correctness of the DBSCAN set of criteria for entering
information. This collection of criteria identifies variables in low-density areas
as anomalous. It trains to assist vector machines by using daily information.
Finally, it eliminates outliers from community data. The suggested set of rules
is examined using Intel Berkeley Research lab's normal and standard facts set
(IRLB). Using coefficient correlation, we should be able to solve DBSCAN's
problem of deciding on entry parameters in this study. The suggested set of
rules has an advantage over previous ones in that it uses gentle computing
methods, is simple to implement, and improves detection accuracy by
evaluating these three functions simultaneously.
Paper 11: On-Line Anomaly Detection with High Accuracy
The author of this paper highlights how traffic anomaly detection is important
for better Internet administration. Traditional detection algorithms frequently
transform excessively dimensional recordings to a prolonged vector, which
reduces detection accuracy due to a lack of spatial analysis in the records.
Furthermore, they're frequently created based wholly on the segregation of
regular and abnormal records in a time period, which not only adds extra trash
and computing price, but also inhibits timely identification of anomalies. It is
critical to discover online and fix website navigation anomalies, but it is difficult
to do so. To deal with the problem, this research creates a 2-D matrix from the
monitoring records in each time slot and uses bilateral big thing analysis to
discover anomalies inside the new time frame (B-PCA). We recommend a
number of novel strategies in Online B-PCA to aid quick and accurate
anomaly detection in real time, including a unique B-PCA-based totally
anomaly detection precept that considers the variant of each row and column
major instructions for more accurate anomaly detection, an approximate set of
rules to avoid using the generation process to calculate the major instructions
in a close-form, and a sequential anomaly set of rules. That is, to the best of
our knowledge, the first artwork to use 2-D PCA for anomaly detection. We ran
massive simulations to test our Online B-PCA using state-of-the-art anomaly
detection techniques and real-world site visitor strains Abilene and GANT. Our
simulation results demonstrate that, when compared to other algorithms, our
Online B-PCA can achieve much better overall detection performance with a
low fake effective rate, a high legitimate effective rate, and an excessive
caffeine calculation value.
2.4 Summary:
We examined all of the related research provided by different writers about
outlier detection in this chapter, as well as their perspectives on various
methods utilised to increase in performance percentages. We may also
observe the operation of many machine learning modules.
Chapter-3: Requirement Artifacts
3.1 Introduction:
Here we will discuss all the hardware and software requirements of our project
which helped in the building idea behind it. We gathered around 11 research
papers with the same research backgrounds, data sets for our algorithm, we
used a laptop with windows 10 with a RAM of 8 GB and others as mentioned
in the next section.
3.2 Hardware and Software requirements:
OS Windows 10
RAM 8GB
GPU 4GB
IDE Visual Studio Code (Python)
1. Stacking Model
2. K Nearest Neighbor (KNN)
3. Support Vector Machine (SVM)
4. Naive Bayes (NB)
5. Decision Tree (DT)
1. Stacking Model:
Support vector machines are supervised machine learning algorithms that can
be used for both classification and regression tasks. This algorithm plots each
data item as a point in N-Dimensional space (where N is the number of features
used). Where the value of each feature is the value of a particular coordinate.
Then perform the classification by finding the hyperplane that distinguishes the
two classes.
4. Naïve Bayes:
5. Decision Tree:
Decision trees can be used for classification and regression problems. This
name indicates that the flowchart is used like a tree structure to indicate the
predictions that result from a series of feature-based divisions. It starts at the
root node and ends with a leaf decision.
3.4 Summary:
The goal of our project was to find anomalies inside any networking device
with 100% accuracy rate by combining the best algorithms present in the
machine learning domain and to help firms preventing network attacks which
can cause them millions of dollars not only this but also to spread awareness
among the people and to help students to dig more in this domain.
For that, we took the publicly available dataset from the internet, which
consists of three datasets that have been built from network traffic traces
using ASNM (Advanced Security Network Metrics) features.
1. Stacking Model
2. K Nearest Neighbor (KNN)
3. Support Vector Machine (SVM)
4. Naive Bayes (NB)
5. Decision Tree (DT)
1. Stacking Model:
1. Find the best attribute and place it on the root node of the tree.
2. Then divide the training set of the dataset into subsets. When
creating subsets, make sure that the attribute values for each
subset of the training dataset are the same.
3. Repeat 1 and 2 for each subset to find the leaf node in every
branch.
4.3 Subsystem services:
The services which are described below plays equal importance role in
making our project projects and they are:
4.4 Summary:
To summarize, we started with describing our goal and methodology then we
talked about the four machine learning algorithms that we used in our project
namely - KNN, NB, SVM and DT, explained about their working with steps and
its diagrams and at the end we concluded what other software we have used
in this journey of ours from beginning of the day 1 till the last last. We haven’t
used any hardware except our laptop.
Chapter 5 Technical Implementations and Analysis:
5.1 Outline:
The following are the prerequisites for the machine that will be used to carry
out the research:
Tested Environment
OS Windows 10
RAM 8GB
GPU 4GB
IDE Visual Studio Code (Python)
Here we are importing all the necessary modules required to run the project
and the explanation of these modules are previously explained.
Moving forward, here we are importing and formatting the dataset for our
better understanding and making the process easier for us so that we can
process this data easily. Here we are converting all the labels into string
variables and in binary form further, we are arranging them in an array with
different names to them.
Next, we are training the 75% of the dataset and based on its predictions we
are testing our 25% of the dataset to predict the same outcome as we got
while training the dataset.
Since, we are using stacking machine learning model we have took four
algorithms in level 0 and level 1 of the model, in which level 0 comprises of
any 3 machine learning algorithms and the remaining algorithm is used at
level 1 of the stacking model what this means is that based on the predictions
of the first 3 algorithms at level 0 we are expecting the same outcome when
we input the outcome of first three algorithms into the level 1 algorithm.
Subsequently, we have used a stacking classifier to train and test data, based
on the working of the stacking model (which has just been explained) and we
are calculating the metrics like training accuracy, testing accuracy, F1-score,
precision, sensitivity, recall value and confusion matrix.
1429 0
0 14
Here the Metrics was 100% correct with testing accuracy 100%.
b. DT is at level 1 and KNN, SVC and NB at level 0:
1425 4
8 6
1429 0
2 12
1429 0
0 14
2693 0
0 169
2691 2
2 167
Here the Metrics score is 99% except for specificity, it’s 100% for it
and testing accuracy being 99.86%.
c. SVC is at level 1 and KNN, DT and NB at level 0:
2693 0
0 169
2693 0
0 169
Here, the Metrics score is 100% with testing accuracy being 100%.
3. ASNM-TUN Dataset:
a. KNN is at level 1 and DT, SVC and NB at level 0:
42 1
0 55
Here the Metrics Score is 100% for Sensitivity and Recall value,
while 98% for Specificity and precision and 99% for F1 Score.
Testing accuracy being 98.98%.
b. DT is at level 1 and KNN, SVC and NB at level 0:
42 1
3 52
The metrics scores are for sensitivity and recall value it’s 95%, for
specificity and precision it’s 98% while F1 score is 96% and testing
accuracy is 95.92%.
c. SVC is at level 1 and KNN, DT and NB at level 0:
43 0
0 55
43 0
0 55
The above chart depicts the performance shown by four algorithms on ASNM-
CDX 2009 dataset. K Nearest Neighbor algorithm and Support Naïve Bayes
algorithm have a perfect score of metrics. The Support Vector Machine model
has a high precision score only while least metrics are shown by the decision
tree model.
Comparison of metrics – (Precision, Recall, F1-Score) for ASNM-NBPOv2
Dataset
The bar graph of figure _ shows the performance of the 3 Artificial Intelligence
models on ASNM-TUN dataset. Support Vector Machine and Naïve Bayes
display all the metrics with utmost percentage. The Precision of K Nearest
Neighbor is 100% while the decision tree has equal amount of proportion in all
the three domains.
ROC curve for KNN, Decision tree, SVM at level 0 and naïve bayes at
level 1 model.
The above model of KNN, SVM and Decision Tree at level 0 and Naïve Bayes
at level 1 model shows utmost true positive to false positive ratio with area
under curve of 1.000.
After a through comparison and contrast, it is empirical that the proposed
model of Naïve Bayes at level 1 and other three algorithms at level 0 has
surpassed all the other techniques, with an accuracy of 100%, and the side
metrics of Precision, F1 Score and Recall score were found to be 100% in all
the sub dataset of ASNM dataset.
From the above graph it is clearly visible that the model in which Naïve Bayes
is at level 1 has 100% accuracy in all the three datasets.
5.5 Summary:
This chapter discusses all about the technical content of this research work.
Starting off with explaining the code and the sub-dataset of ASNM dataset that
we have used in this project. Subsequently, we have provided in-depth
outcomes of your code and at the end we compared all the algorithms on the
basis of their performance and metrics.
Chapter-6: Project Outcome and Applicability
6.1 Outline:
6.4 Inference:
In this chapter we discuss the various outcomes achieved from this project
and also how it can be used in real life by giving a major hand in resolving
anomalies with high accuracy percentages.
Chapter-7: Conclusions and Recommendation
7.1 Outline:
Our project is based on Stacking the reason behind choosing stacking is that it
is more efficient than other algorithms which are present, it has less false rate
and is less susceptible to attacks, In, our method we have taken 4 machine
learning algorithms and at any instance one of the algorithms is used at Tier 1
and the other one at Tier 0 the reason is to achieve higher accuracy.
With the help of our idea in the research paper we can implement it in projects
for better accuracy and precision from anomaly detection in data sets. We can
improve the accuracy by improving time complexity of machine learning
algorithms.
7.4 Inference
In the chapter we have described the basic outline of our project about what
limitations or constraints are there in our current model and have also talked
about what addition can be done in the algorithm in future to make it more
efficient and accurate.
References:
1. https://ieeexplore.ieee.org/document/9115004
2. http://www.fit.vutbr.cz/~ihomoliak/asnm/
3. https://www.edureka.co/blog/what-is-a-neural-network/
4. https://towardsdatascience.com/introduction-to-neural-networks-
advantages-and-applications-
96851bd1a207#:~:text=Artificial%20Neural%20Network(ANN)%20uses,comple
x%20patterns%20and%20prediction%20problems.
5. https://www.ijitee.org/wp-content/uploads/papers/v8i9/I7914078919.pdf
6. https://www.mdpi.com/1099-4300/23/5/529
7. https://www.analyticssteps.com/blogs/8-applications-neural-networks
8. https://www.xenonstack.com/blog/artificial-neural-network-applications
9. https://towardsdatascience.com/building-our-first-neural-network-in-keras-
bdc8abbc17f5
10. https://link.springer.com/article/10.1007/s11277-017-4961-1
11. https://www.worldscientific.com/doi/abs/10.1142/S0218194020500114
12. https://dl.acm.org/doi/abs/10.1145/3336191.3371876
13. https://dl.acm.org/doi/abs/10.1145/3441448
14. https://www.researchgate.net/profile/Purvi-
Prajapati/publication/330138092_Study_and_Analysis_of_Decision_Tree_Base
d_Classification_Algorithms/links/5d2c4a91458515c11c3166b3/Study-and-
Analysis-of-Decision-Tree-Based-Classification-Algorithms.pdf
15. https://jcomsec.ui.ac.ir/article_24558_4491.html
16. (PDF) Insider Threat Detection Based on User Behavior Modeling and Anomaly
Detection Algorithms (researchgate.net)
17.https://www.researchgate.net/publication/342118050_ASNM_Datasets_A_Co
llection_of_Network_Attacks_for_Testing_of_Adversarial_Classifiers_and_Intr
usion_Detectors
18.https://onlinelibrary.wiley.com/doi/abs/10.1002/nem.2109
19. https://link.springer.com/chapter/10.1007/978-3-642-31537-4_46
20.https://www.researchgate.net/publication/347635021_Cyberattacks_Detectio
n_in_IoT-
Based_Smart_City_Applications_Using_Machine_Learning_Techniques
21. https://www.irjet.net/
22.https://www.researchgate.net/publication/336767849_ASNM_Datasets_A_Co
llection_of_Network_Traffic_Features_for_Testing_of_Adversarial_Classifiers_
and_Network_Intrusion_Detectors