SlideShare a Scribd company logo

Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout

Cisco, profile picture
Cisco

The document discusses using Apache Mahout, an Apache library for scalable machine learning, to classify network traffic data using decision trees. It describes preprocessing the NSL-KDD dataset, building a random forest model on Hadoop to classify the training data, and testing the model on separate test data while computing classification metrics.

Education
1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout
 Group 7  Dec 08/12/2014  Prof Shanoan Tian
• Uses Decision trees as a base.  Normally one tree is used  Tree is explored in depth - many branches; many leaves  It has to be monitored and tailored by a trained statistician
•Many decision trees •Shallow exploration •Slightly different dataset for each •Specified questions
Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout
• Apache Mahout is a library implemented on top of Apache Hadoop • Scalable machine-learning algorithms • Using the MapReduce paradigm. • Data Mining tools for the data stored on a Hadoop system • Clustering • Classification • Batch based collaborative filtering
The dataset we are using is the NSL-KDD dataset [2]. It is an improvement on the KDD 99 dataset [1]. The KDD 1999 Data Set was a set of data of simulated computer network intrusion.
 An Apache Software Foundation project to create scalable machine learning libraries  http://mahout.apache.org  Why Mahout?  Scalable Machine Learning Algorithms Map Reduce Implementations on Apache Hadoop
 Apache Mahout has several classification algorithms implementations  Naïve Bayes  Complementary Naïve Bayes -  Random Forest  Hidden Markov Models  Logistic Regression
 Most algorithms have a Driver program  Shell script in $MAHOUT_HOME/bin helps with most tasks  Prepare the Data  Different algorithms require different setup  Run the algorithm  Single Node  Hadoop  Print out the results  Several helper classes:  ClusterDumper, etc.
Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout
Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout
 Make directory in HDFS $ hadoop fs -mkdir testdata  Load data to HDFS $ hadoop fs -put ./downloads/data/* testdata  Verify data loading $ hadoop fs -ls testdata
 hadoop jar mahout-examples-0.9-job.jar org.apache.mahout.classifier.df.tools.Describ e -p testdata/KDDTrain+_20Percent.arff -f testdata/KDDTrain+_20Percent.info -d N 3 C 2 N C 4 N C 8 N 2 C 19 N L  The "N 3 C 2 N C 4 N C 8 N 2 C 19 N L” describes all the attributes of the data. 1 numerical(N) attribute, followed by 3 Categorical(C) attributes, ...L indicates the label
Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout
 14/12/08 07:37:53 INFO mapreduce.BuildForest: Build Time: 0h 0m 25s 949  14/12/08 07:37:53 INFO mapreduce.BuildForest: Forest num Nodes: 62706  14/12/08 07:37:53 INFO mapreduce.BuildForest: Forest mean num Nodes: 627  14/12/08 07:37:53 INFO mapreduce.BuildForest: Forest mean max Depth: 14
 hadoop jar mahout-examples-0.9-job.jar org.apache.mahout.classifier.df.mapreduce.T estForest -i testdata/KDDTest+.arff -ds testdata/KDDTrain+_20Percent.info -m nsl-forest -a -mr -o predictions  Predicts on "KDDTest+.arff" dataset (-i argument) using the same data descriptor generated for the training set (-ds) and the decision forest built previously (-m) computes the confusion matrix (-a)  Passing the (-mr) parameter to use Hadoop Mapreduce framework
Correctly Classified Instances 17639 78.2425% In correctly Classified Instances 4905 21.7575% Total Classified Instances 22544 100%
Confusion Matrix A = normal B = anamoly Total 9454 257 9711 4648 8185 12833
 hadoop jar mahout-examples-0.9-job.jar org.apache.mahout.classifier.df.mapreduce.TestForest - i testdata/KDDTest+.arff -ds testdata/KDDTrain+_20Percent.info -m nsl-forest -a -mr -o predictions  Predicts on "KDDTest+.arff" dataset (-i argument) using the same data descriptor generated for the training set (- ds) and the decision forest built previously (-m) computes the confusion matrix (-a)  Passing the (-mr) parameter to use Hadoop Mapreduce framework  http://nsl.cs.unb.ca/NSL-KDD/

More Related Content

PPTX
CHARACTERISTICS OF SERVICES APPLICABLE IN ADVERTSING INDUSTRY
Unitedworld School Of Business
 
PPTX
Presentation sreenu dwh-services
Sreenu Musham
 
PDF
Random forest using apache mahout
Gaurav Kasliwal
 
PPTX
Big Data Analytics with Storm, Spark and GraphLab
Impetus Technologies
 
DOCX
500 data engineering interview question.docx
aekannake
 
PPTX
Beyond Hadoop 1.0: A Holistic View of Hadoop YARN, Spark and GraphLab
Vijay Srinivas Agneeswaran, Ph.D
 
PPTX
Introduction to HDFS and MapReduce
Uday Vakalapudi
 
PPTX
Hadoop
David Xie
 
CHARACTERISTICS OF SERVICES APPLICABLE IN ADVERTSING INDUSTRY
Unitedworld School Of Business
 
Presentation sreenu dwh-services
Sreenu Musham
 
Random forest using apache mahout
Gaurav Kasliwal
 
Big Data Analytics with Storm, Spark and GraphLab
Impetus Technologies
 
500 data engineering interview question.docx
aekannake
 
Beyond Hadoop 1.0: A Holistic View of Hadoop YARN, Spark and GraphLab
Vijay Srinivas Agneeswaran, Ph.D
 
Introduction to HDFS and MapReduce
Uday Vakalapudi
 
Hadoop
David Xie
 

Similar to Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout (20)

PDF
Power Hadoop Cluster with AWS Cloud
Edureka!
 
PPTX
Hadoop by kamran khan
KamranKhan587
 
ODP
Hadoop seminar
KrishnenduKrishh
 
PPTX
Hadoop and big data training
agiamas
 
PPTX
Next generation analytics with yarn, spark and graph lab
Impetus Technologies
 
PPTX
Yarn spark next_gen_hadoop_8_jan_2014
Vijay Srinivas Agneeswaran, Ph.D
 
PPTX
SparkNotes
Demet Aksoy
 
PPTX
Basic of Big Data
Amar kumar
 
PPT
hadoop-spark.ppt
NouhaElhaji1
 
PPTX
Hadoop
Bhushan Kulkarni
 
PPTX
Hadoop introduction
Rabindra Nath Nandi
 
PPT
hadoop_spark_Introduction_Bigdata_intro.ppt
anuroopdv
 
PPTX
Hadoop introduction
Chirag Ahuja
 
PPTX
BIG DATA: Apache Hadoop
Oleksiy Krotov
 
PPT
hadoop-sparktitlsdernsfslfsfnsfsflsnfsfnsfl
sasuke20y4sh
 
PPTX
THE SOLUTION FOR BIG DATA
Tarak Tar
 
PPTX
THE SOLUTION FOR BIG DATA
Tarak Tar
 
PPT
Advanced Hadoop Tuning and Optimization - Hadoop Consulting
Impetus Technologies
 
PDF
Yarn by default (Spark on YARN)
Ferran Galí Reniu
 
PDF
Harnessing Hadoop: Understanding the Big Data Processing Options for Optimizi...
Cognizant
 
Power Hadoop Cluster with AWS Cloud
Edureka!
 
Hadoop by kamran khan
KamranKhan587
 
Hadoop seminar
KrishnenduKrishh
 
Hadoop and big data training
agiamas
 
Next generation analytics with yarn, spark and graph lab
Impetus Technologies
 
Yarn spark next_gen_hadoop_8_jan_2014
Vijay Srinivas Agneeswaran, Ph.D
 
SparkNotes
Demet Aksoy
 
Basic of Big Data
Amar kumar
 
hadoop-spark.ppt
NouhaElhaji1
 
Hadoop
Bhushan Kulkarni
 
Hadoop introduction
Rabindra Nath Nandi
 
hadoop_spark_Introduction_Bigdata_intro.ppt
anuroopdv
 
Hadoop introduction
Chirag Ahuja
 
BIG DATA: Apache Hadoop
Oleksiy Krotov
 
hadoop-sparktitlsdernsfslfsfnsfsflsnfsfnsfl
sasuke20y4sh
 
THE SOLUTION FOR BIG DATA
Tarak Tar
 
THE SOLUTION FOR BIG DATA
Tarak Tar
 
Advanced Hadoop Tuning and Optimization - Hadoop Consulting
Impetus Technologies
 
Yarn by default (Spark on YARN)
Ferran Galí Reniu
 
Harnessing Hadoop: Understanding the Big Data Processing Options for Optimizi...
Cognizant
 
Ad

More from Cisco (7)

PPTX
Big data
Cisco
 
PPTX
Colloborative computing
Cisco
 
PPTX
mobile case_presentation_byod_dey_sushmita
Cisco
 
PPTX
Clustering and Association Rule
Cisco
 
PPTX
Time Series Forecasting for Google Inc. and Break-even analysis for Google gl...
Cisco
 
PPTX
Time Series Forecasting
Cisco
 
PPTX
Kenneth Lay
Cisco
 
Big data
Cisco
 
Colloborative computing
Cisco
 
mobile case_presentation_byod_dey_sushmita
Cisco
 
Clustering and Association Rule
Cisco
 
Time Series Forecasting for Google Inc. and Break-even analysis for Google gl...
Cisco
 
Time Series Forecasting
Cisco
 
Kenneth Lay
Cisco
 
Ad

Recently uploaded (20)

PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
master seminar digital applications in india
ananyaray35
 
Lesson notes of climatology university.
sgladness67
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Institutional Correction lecture only . . .
limvtheghins
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 

Network Intrusion Detection Analysis using Random Forest Algorithm on Apache Mahout

  • 2.  Group 7  Dec 08/12/2014  Prof Shanoan Tian
  • 3. • Uses Decision trees as a base.  Normally one tree is used  Tree is explored in depth - many branches; many leaves  It has to be monitored and tailored by a trained statistician
  • 4. •Many decision trees •Shallow exploration •Slightly different dataset for each •Specified questions
  • 6. • Apache Mahout is a library implemented on top of Apache Hadoop • Scalable machine-learning algorithms • Using the MapReduce paradigm. • Data Mining tools for the data stored on a Hadoop system • Clustering • Classification • Batch based collaborative filtering
  • 7. The dataset we are using is the NSL-KDD dataset [2]. It is an improvement on the KDD 99 dataset [1]. The KDD 1999 Data Set was a set of data of simulated computer network intrusion.
  • 8.  An Apache Software Foundation project to create scalable machine learning libraries  http://mahout.apache.org  Why Mahout?  Scalable Machine Learning Algorithms Map Reduce Implementations on Apache Hadoop
  • 9.  Apache Mahout has several classification algorithms implementations  Naïve Bayes  Complementary Naïve Bayes -  Random Forest  Hidden Markov Models  Logistic Regression
  • 10.  Most algorithms have a Driver program  Shell script in $MAHOUT_HOME/bin helps with most tasks  Prepare the Data  Different algorithms require different setup  Run the algorithm  Single Node  Hadoop  Print out the results  Several helper classes:  ClusterDumper, etc.
  • 13.  Make directory in HDFS $ hadoop fs -mkdir testdata  Load data to HDFS $ hadoop fs -put ./downloads/data/* testdata  Verify data loading $ hadoop fs -ls testdata
  • 14.  hadoop jar mahout-examples-0.9-job.jar org.apache.mahout.classifier.df.tools.Describ e -p testdata/KDDTrain+_20Percent.arff -f testdata/KDDTrain+_20Percent.info -d N 3 C 2 N C 4 N C 8 N 2 C 19 N L  The "N 3 C 2 N C 4 N C 8 N 2 C 19 N L” describes all the attributes of the data. 1 numerical(N) attribute, followed by 3 Categorical(C) attributes, ...L indicates the label
  • 16.  14/12/08 07:37:53 INFO mapreduce.BuildForest: Build Time: 0h 0m 25s 949  14/12/08 07:37:53 INFO mapreduce.BuildForest: Forest num Nodes: 62706  14/12/08 07:37:53 INFO mapreduce.BuildForest: Forest mean num Nodes: 627  14/12/08 07:37:53 INFO mapreduce.BuildForest: Forest mean max Depth: 14
  • 17.  hadoop jar mahout-examples-0.9-job.jar org.apache.mahout.classifier.df.mapreduce.T estForest -i testdata/KDDTest+.arff -ds testdata/KDDTrain+_20Percent.info -m nsl-forest -a -mr -o predictions  Predicts on "KDDTest+.arff" dataset (-i argument) using the same data descriptor generated for the training set (-ds) and the decision forest built previously (-m) computes the confusion matrix (-a)  Passing the (-mr) parameter to use Hadoop Mapreduce framework
  • 18. Correctly Classified Instances 17639 78.2425% In correctly Classified Instances 4905 21.7575% Total Classified Instances 22544 100%
  • 19. Confusion Matrix A = normal B = anamoly Total 9454 257 9711 4648 8185 12833
  • 20.  hadoop jar mahout-examples-0.9-job.jar org.apache.mahout.classifier.df.mapreduce.TestForest - i testdata/KDDTest+.arff -ds testdata/KDDTrain+_20Percent.info -m nsl-forest -a -mr -o predictions  Predicts on "KDDTest+.arff" dataset (-i argument) using the same data descriptor generated for the training set (- ds) and the decision forest built previously (-m) computes the confusion matrix (-a)  Passing the (-mr) parameter to use Hadoop Mapreduce framework  http://nsl.cs.unb.ca/NSL-KDD/