Balancing Approaches towards ML for IDS: A Survey for the CSE-CIC IDS Dataset

Gopalan, Subiksha Srinivasa; Ravikumar, D.; Linekar, Dino; Raza, Ali; Hasib, Maheen

doi:10.1109/iccspa49915.2021.9385742

Cited by 14 publications

(10 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PBCNN obtained 99.99 % accuracy on the CIC IDS 2017 and CIC IDS 2018 datasets. Gopalan et al ( 9 ) carried out a balancing approach and surveyed the CIC-IDS-2018 dataset. They also researched the impact of bias and class imbalances in the CIC-IDS-2018 dataset.…”

Section: Related Workmentioning

confidence: 99%

“…These are realistic datasets containing more than 17 types of the latest cyberattacks, which would be beneficial in implementing real-time deep learning-based intrusion detection systems and achieving high accuracy. A data-centric approach was used to promote class balance ( 9 ) and extensive feature selection processes like recursive feature elimination ( 10 , 11 ), which can help better perform models with fewer parameters. Over five types of machine learning algorithms were compared: Logistic Regression, Decision Trees, Random Forests, Extreme Gradient Boosting Trees ( 12 ), and a custom neural network architecture named “ImmuneNet” as seen in Figure 1 .…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning

Kumaar¹,

Samiayya

Vincent

et al. 2022

Front. Public Health

View full text Add to dashboard Cite

The unbounded increase in network traffic and user data has made it difficult for network intrusion detection systems to be abreast and perform well. Intrusion Systems are crucial in e-healthcare since the patients' medical records should be kept highly secure, confidential, and accurate. Any change in the actual patient data can lead to errors in the diagnosis and treatment. Most of the existing artificial intelligence-based systems are trained on outdated intrusion detection repositories, which can produce more false positives and require retraining the algorithm from scratch to support new attacks. These processes also make it challenging to secure patient records in medical systems as the intrusion detection mechanisms can become frequently obsolete. This paper proposes a hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data. The proposed framework uses multiple feature engineering processes, oversampling methods to improve class balance, and hyper-parameter optimization techniques to achieve high accuracy and performance. The architecture contains <1 million parameters, making it lightweight, fast, and IoT-friendly, suitable for deploying the IDS on medical devices and healthcare systems. The performance of ImmuneNet was benchmarked against several other machine learning algorithms on the Canadian Institute for Cybersecurity's Intrusion Detection System 2017, 2018, and Bell DNS 2021 datasets which contain extensive real-time and latest cyber attack data. Out of all the experiments, ImmuneNet performed the best on the CIC Bell DNS 2021 dataset with about 99.19% accuracy, 99.22% precision, 99.19% recall, and 99.2% ROC-AUC scores, which are comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning

Kumaar¹,

Samiayya

Vincent

et al. 2022

Front. Public Health

View full text Add to dashboard Cite

show abstract

“…As a result, they created the CIC‐IDS 2017 dataset to introduce attack diversity. Nevertheless, Gopalan et al (2021) discovered that 75 studies used the CIC‐IDS dataset between 2017 and 2020 and identified significant attack type imbalances. For example, SQL injection has a 0.001% coverage compared to infiltration at 2.056%.…”

Section: Literature Reviewmentioning

confidence: 99%

“…The following key points arise from the literature: Recent threat detection work is moving away from the traditional datasets, such as CIC‐IDS and NSL‐KDD, as they become outdated by attack evolution and are imbalanced (Gopalan et al, 2021). This could decrease the performance of trained models over time or allow models to detect only a specific type of malicious behavior. The work of (Hara & Shiomoto, 2020) showed that a small percentage of traditional labeled data gave comparable accuracy to those adversarial generated (Hara & Shiomoto, 2020).…”

Section: Literature Reviewmentioning

confidence: 99%

Toward situational awareness in threat detection. A survey

Rendall

Mylonas

Vidalis

2021

WIREs Forensic Science

View full text Add to dashboard Cite

The pervasiveness of the Internet did not come without security risk. The current threat landscape is characterized by the rise of sophisticated cyber attacks, which target user devices and corporate infrastructure. To tackle the risk of compromise, data-driven detection strategies have become increasingly mainstream. The relevant literature includes many works that leverage opensource datasets, supervised learning or, less commonly, unsupervised learning. However, advanced network attacks' spatial and temporal characteristics prove standalone threat detection systems inadequate, especially for detecting a multi-stage attack and often stealthy techniques. Moreover, attackers have been demonstrating adversarial effects that are caused by deception and contaminating data-driven methods with adversarial learning. For these reasons, recent research in threat detection is moving away from commonly, and often obsolete, datasets as well as adopting more multi-layered decision strategies.As such, this article provides a comprehensive review of decision strategies. We also examine their ability to support cyber situational awareness (CSA), providing to security analysts CSA properties such as situation assessment and system refinement.

show abstract

“…Verkerken et al [37] evaluated four unsupervised machine learning techniques on a modern real-world network traffic dataset. Gopalan et al [38] provided a survey on research efforts to address the imbalanced dataset issue in machine learning-based techniques for network intrusion detection systems. Mauro et al [39] gave a novel experimental-based review of neural network-based techniques for network intrusion management.…”

Section: Malware Detection and Family Classification From Tls-encrypt...mentioning

confidence: 99%

Experimental Evaluation of Malware Family Classification Methods from Sequential Information of TLS-Encrypted Traffic

Roh

2021

Electronics

View full text Add to dashboard Cite

In parallel with the rapid adoption of transport layer security (TLS), malware has utilized the encrypted communication channel provided by TLS to hinder detection from network traffic. To this end, recent research efforts are directed toward malware detection and malware family classification for TLS-encrypted traffic. However, amongst their feature sets, the proposals to utilize the sequential information of each TLS session has not been properly evaluated, especially in the context of malware family classification. In this context, we propose a systematic framework to evaluate the state-of-the-art malware family classification methods for TLS-encrypted traffic in a controlled environment and discuss the advantages and limitations of the methods comprehensively. In particular, our experimental results for the 10 representations and classifier combinations show that the graph-based representation for the sequential information achieves better performance regardless of the evaluated classification algorithms. With our framework and findings, researchers can design better machine learning based classifiers.

show abstract

Balancing Approaches towards ML for IDS: A Survey for the CSE-CIC IDS Dataset

Cited by 14 publications

References 22 publications

A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning

A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning

Toward situational awareness in threat detection. A survey

Experimental Evaluation of Malware Family Classification Methods from Sequential Information of TLS-Encrypted Traffic

Contact Info

Product

Resources

About