Machine learning-based PortScan attacks detection using OneR classifier

Mohammed Ibrahim Kareem, Mohammad Jawad Kadhim Abood, Karrar Ibrahim


PortScan attacks are a common security threat in computer networks, where an attacker systematically scans a range of network ports on a target system to identify potential vulnerabilities. Detecting such attacks in a timely and accurate manner is crucial to ensure network security. Attackers can determine whether a port is open by sending a detective message to it, which helps them find potential vulnerabilities. However, the best methods for spotting and identifying port scanner attacks are those that use machine learning. One of the most dangerous online threats is PortScan attack, according to experts. The research is work on detection while improving detection accuracy. Dataset containing tags from network traffic is used to train machine learning techniques for classification. The JRip algorithm is trained and tested using the CICIDS2017 dataset. As a consequence, the best performance results for JRip-based detection schemes were 99.84%, 99.80%, 99.80%, and 0.09 ms for accuracy, precision, recall, F-score, and detection overhead, respectively. Finally, the comparison with current models demonstrated our model's proficiency and advantage with increased attack discovery speed.


CICIDS2017; Feature selection; JRip; Machine learning; Network security; PortScan attack

Full Text:




  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Bulletin of EEI Stats

Bulletin of Electrical Engineering and Informatics (BEEI)
ISSN: 2089-3191, e-ISSN: 2302-9285
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).