Performance Evaluation of Supervised Machine Learning Algorithms to Detect IP Spoofing Attack: The Case of Ethio telecom LTE Network
| dc.contributor.advisor | Yalemzewd, Negash (PhD) | |
| dc.contributor.author | Surafel, Fikre | |
| dc.date.accessioned | 2020-03-11T05:48:27Z | |
| dc.date.accessioned | 2023-11-04T15:13:14Z | |
| dc.date.available | 2020-03-11T05:48:27Z | |
| dc.date.available | 2023-11-04T15:13:14Z | |
| dc.date.issued | 2020-02-23 | |
| dc.description.abstract | The mobile communication system revolutionized the way people communicate, entertain, doing their business and educate. This results in the need and demand for mobile and Internet users to increasing every day. Ethio telecom is a discoverer market in Eastern Africa with 66.8 million mobile connections as of August 2018. According to Growth and Transformation Plan 2 (GTP2) of the Federal Democratic Republic of Ethiopia (FDRE), the total mobile subscriber is expected to reach 103 million and the mobile broadband share will be estimated to 35 million subscribers by 2020. Based on the company marketing report, 85.9% of the revenue is generating from mobile services. GPRS Tunneling Protocol (GTP) is the pivotal protocol used in Long Term Evolution (LTE) to assign the Internet Protocol (IP) addresses to mobile terminals and manages the data communication path in a mobile data network. IP spoofing attack is one of the most significant attacks in the IP based communication system and it is used as a stepping stone for most of the attacks. Ethio telecom deployed LTE since 2014, in 2018 there were 300,000 subscribers. This technology is starting to attract the intention of users as well as the company and it is expected to be the next mobile communication technology. Dong W. Kang et al. conducted a detection approach of IP spoofing attacks in a 3G network and several studies are conducted in machine learning-based network anomalies detection methodologies. However, to the best of researches knowledge, there is no specific research that is conducted on machine learning-based IP spoofing attack detection on the LTE network. This study analyzes a machine learning-based IP spoofing attack detection system. Three supervised machinelearning classifiers namely: Logistic Regression (LR), K- Nearest Neighbor (KNN) and Gaussian Nave Bayes (GNB) are evaluated.The evaluation is based on best-suited metrics such as; sensitivity, specificity, precision, False Positive Rate (FPR) and computational time rather than stick on generic metrics like accuracy. Even though GNB scores the heights sensitivity of 99.93%, considering the other metrics KNN is reasonably considered as the best classifier with a sensitivity of 99.89%, a specificity of 99.96%, precision of 99.93%, FPR of 0.03% and accuracy of 99.94%. However, in most cases of a real situation, KNN is not preferred for practical implementation, since KNN is computationally intensive. As a result, considering computational time metrics as key metric for practical implementation, LR is reasonably recommended as the best classifier with a sensitivity of 99.82%, specificity of 87.56%, precision of 79.87%, FPR of 12.43%, accuracy of 91.62%, training and testing time of 0.506sec and 0.005sec respectively. | en_US |
| dc.identifier.uri | etd.aau.edu.et/handle/123456789/21106 | |
| dc.identifier.uri | http://etd.aau.edu.et/handle/123456789/21106 | |
| dc.language.iso | en_US | en_US |
| dc.subject | LTE | en_US |
| dc.subject | GTP | en_US |
| dc.subject | IP Spoofing | en_US |
| dc.subject | Security | en_US |
| dc.subject | Threats | en_US |
| dc.subject | Attacks | en_US |
| dc.subject | Machine Learning | en_US |
| dc.subject | LR | en_US |
| dc.subject | KNN | en_US |
| dc.subject | GNB | en_US |
| dc.title | Performance Evaluation of Supervised Machine Learning Algorithms to Detect IP Spoofing Attack: The Case of Ethio telecom LTE Network | en_US |
| dc.type | Thesis | en_US |