Attack Detection in Enterprise Networks by Machine Learning Methods

Бахарева, Н. Ф.; Shukhman, Alexander; Matveev, Artem; Polezhaev, Petr; Ushakov, Yury A.; Legashev, Leonid

doi:10.1109/rusautocon.2019.8867696

Cited by 22 publications

(14 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table 10 shows a comparison of L-SVC, DNN, and S-DTC models trained using our approach with current research for both typical and atypical data based on TPR and TNR values. We train the models presented in [58], [18], [20], and [21] with their default hyperparameters and evaluate their performance using typical attacks, atypical attack-1 and benign flows. Stable results of the AI models trained using our approach on both typical as well as atypical attacks compared to other state-of-the-art models indicate the firstrate performance of our approach.…”

Section: Hpo and Generalization For Tree-based Modelsmentioning

confidence: 99%

Building an Intrusion Detection System to Detect Atypical Cyberattack Flows

et al. 2021

View full text Add to dashboard Cite

Artificial Intelligence (AI) techniques provide effective solutions for the detection of many aberrant network traffic patterns and attack flows. However, the validation of these techniques often relies on one training dataset. Recent results show that such training may fail in the face of dynamically-changing cyberattacks. Given the increased sophistication of cyberattacks nowadays, it is imperative to examine and improve the performance of such AI models. This paper proposes a defensive AI engine combined with a twofold feature selection technique and hyperparameter optimization of the AI model. In this work, we utilize the proposed system for binary attack flow identification and the AI models are trained and validated on the CICIDS2017 dataset. The system is then evaluated using synthesized atypical attack flows to mimic real-world scenarios. We demonstrate the effectiveness of the proposed atypical attack flow detection approach using several Deep Learning and Machine Learning models including DNN, Linear-SVC, and Stacked Decision Tree Classifier (S-DTC). Simulation results demonstrate that the proposed defensive AI engine significantly improves the True Positive Rate (TPR) of AI models on multiple atypical attacks.

show abstract

Section: Hpo and Generalization For Tree-based Modelsmentioning

confidence: 99%

Building an Intrusion Detection System to Detect Atypical Cyberattack Flows

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Attack detection may introduce latency, so, there is a trade-off between performance and security. One recent study where the authors employ CatBoost to detect attacks is "Attack detection in enterprise networks by machine learning methods" [6], by Bakhareva et al Here, the authors find that CatBoost outperforms LightGBM, Linear Support Vector Machine Classifier, and Logistic Regression, in terms of cross validation balanced accuracy, balanced accuracy, F1 score, precision, recall, and AUC. However, they also report that CatBoost has longer training and prediction times.…”

Section: Cyber-securitymentioning

confidence: 99%

“…However, in the multi-class case, Support Vector Machine, and Logistic Regression are faster. The results Bakhareva et al report in [6] show that CatBoost is the best detector of attacks, but there is a trade-off in terms of running time.…”

Section: Cyber-securitymentioning

confidence: 99%

“…Researchers in disparate domains find applications for CatBoost. We find works in the fields of Astronomy [59], Finance [25] [105] [104] [102], Medicine [100] [62] [4] [81], Biology [61] [66], Electrical Utilities Fraud [21] [79] [37], Meteorology [52] [30], Psychology [84] [3], Traffic Engineering [98] [89], Cyber-security [6], Bio-chemistry [101] [69], and Marketing [60]. Therefore, a good understanding of CatBoost may provide one the opportunity to participate in interdisciplinary research.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CatBoost for Big Data: an Interdisciplinary Review

Hancock

Khoshgoftaar

2020

Preprint

View full text Add to dashboard Cite

Gradient Boosted Decision Trees (GBDT’s) are a powerful tool for classiﬁcation and regression tasks in Big Data. Researchers should be familiar with the strengths and weaknesses of current implementations of GBDT’s in order to use them eﬀectively and make successful contributions. CatBoost is a member of the family of GBDT machine learning ensemble techniques. Since its debut in late 2018, researchers have successfully used CatBoost for machine learning studies involving Big Data. We take this opportunity to review recent research on CatBoost as it relates to Big Data, and learn best practices from studies that cast CatBoost in a positive light, as well as studies where CatBoost does not outshine other techniques, since we can learn lessons from both types of scenarios. Furthermore, as a Decision Tree based algorithm, CatBoost is well-suited to machine learning tasks involving categorical, heterogeneous data. Recent work across multiple disciplines illustrates CatBoost’s eﬀectiveness and shortcomings in classiﬁcation and regression tasks. Another important issue we expose in literature on CatBoost is its sensitivity to hyper-parameters and the importance of hyper-parameter tuning. One contribution we make is to take an interdisciplinary approach to cover studies related to CatBoost in a single work. This provides researchers an in-depth understanding to help clarify proper application of CatBoost in solving problems. To the best of our knowledge, this is the ﬁrst survey that studies all works related to CatBoost in a single publication.

show abstract

“…Researchers in disparate domains find applications for CatBoost. We find works in the fields of Astronomy [49], Finance [24] [92] [91] [89], Medicine [87] [52] [4] [68], Biology [51] [55], Electrical Utilities Fraud [20] [66] [36], Meteorology [44] [29], Psychology [71] [3], Traffic Engineering [85] [76], Cyber-security [6], Bio-chemistry [88] [58], and Marketing [50]. Therefore, a good understanding of CatBoost may provide one the opportunity to participate in interdisciplinary research.…”

Section: Introductionmentioning

confidence: 99%

CatBoost for Big Data: an Interdisciplinary Review

Hancock

Khoshgoftaar

2020

Preprint

View full text Add to dashboard Cite

Gradient Boosted Decision Trees (GBDT's) are a powerful tool for classification and regression tasks in Big Data, Researchers should be familiar with the strengths and weaknesses of current implementations of GBDT's in order to use them effectively and make successful contributions. CatBoost is a member of the family of GBDT machine learning ensemble techniques. Since its debut in late 2018, researchers have ellCcessfully used CatBoost for machine learning studies involving Big Data. We take this opportunity to review recent research on CatBoost as it relates to Big Data, and learn best practices from studies that .55 CatBoost in a positive light, as well as studies where CatBoost does not outshine other techniques, since we can learn lessons from both types of scenarios. Furthermore, as a Decision Tree based algorithm, CatBoost is well-suited to machine learning tasks involving categorical, heterogeneous data. Recent work across multiple disciplines illustrates CatBoost's effectiveness and shortcomings in classification and regression tasks. Another important issue we expose in literature on CatBoost is its sensitivity to hyper-parameters and the importance of hyper-parameter tuning. One contribution we make is to take an interdisciplinary approach to cover studies related to CatBoost in a single work. This provides researchers an in-depth understanding to help clarify proper application of CatBoost in solving problems. To the best of our knowledge, this is the first survey that studies all works related to CatBoost in a single publication.

show abstract

Attack Detection in Enterprise Networks by Machine Learning Methods

Cited by 22 publications

References 16 publications

Building an Intrusion Detection System to Detect Atypical Cyberattack Flows

Building an Intrusion Detection System to Detect Atypical Cyberattack Flows

CatBoost for Big Data: an Interdisciplinary Review

CatBoost for Big Data: an Interdisciplinary Review

Contact Info

Product

Resources

About