Comparison of ensemble learning methods applied to network intrusion detection

Belouch, Mustapha; Hadaj, Salah El

doi:10.1145/3018896.3065830

Cited by 15 publications

(10 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It has fast learning speed and high accuracy [18]. Both bagging and boosting methods were used on UNSW-NB15 dataset to demonstrate the performance of classifier-based intrusion detection systems [19]. In this comparative analysis, boosting method performed better than the bagging method by significantly reducing the number of false positives.…”

Section: Machine Learning and Cybersecuritymentioning

confidence: 99%

Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector

Ahsan

Gomes

Chowdhury

et al. 2021

JCP

View full text Add to dashboard Cite

Machine learning algorithms are becoming very efficient in intrusion detection systems with their real time response and adaptive learning process. A robust machine learning model can be deployed for anomaly detection by using a comprehensive dataset with multiple attack types. Nowadays datasets contain many attributes. Such high dimensionality of datasets poses a significant challenge to information extraction in terms of time and space complexity. Moreover, having so many attributes may be a hindrance towards creation of a decision boundary due to noise in the dataset. Large scale data with redundant or insignificant features increases the computational time and often decreases goodness of fit which is a critical issue in cybersecurity. In this research, we have proposed and implemented an efficient feature selection algorithm to filter insignificant variables. Our proposed Dynamic Feature Selector (DFS) uses statistical analysis and feature importance tests to reduce model complexity and improve prediction accuracy. To evaluate DFS, we conducted experiments on two datasets used for cybersecurity research namely Network Security Laboratory (NSL-KDD) and University of New South Wales (UNSW-NB15). In the meta-learning stage, four algorithms were compared namely Bidirectional Long Short-Term Memory (Bi-LSTM), Gated Recurrent Units, Random Forest and a proposed Convolutional Neural Network and Long Short-Term Memory (CNN-LSTM) for accuracy estimation. For NSL-KDD, experiments revealed an increment in accuracy from 99.54% to 99.64% while reducing feature size of one-hot encoded features from 123 to 50. In UNSW-NB15 we observed an increase in accuracy from 90.98% to 92.46% while reducing feature size from 196 to 47. The proposed approach is thus able to achieve higher accuracy while significantly lowering number of features required for processing.

show abstract

Section: Machine Learning and Cybersecuritymentioning

confidence: 99%

Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector

Ahsan

Gomes

Chowdhury

et al. 2021

JCP

View full text Add to dashboard Cite

show abstract

“…Acurácia F1-Score Precision Recall [Milliken et al 2015] 0.98 [Belouch and hadaj 2017] 0.8572 [Sun et al 2018] 0.5727 [Lu et al 2019] 0.7076 [Hsu et al 2019] 0.9175 0.931 0.921 [Olasehinde et al 2020] 0.9856 [Tama et al 2020] 0.9604 Este trabalho 0.9992 0.999 0.9995 0.9995…”

Section: Propostamentioning

confidence: 99%

“…Belouch and hadaj 2017] realizaram uma comparac ¸ão entre três técnicas diferentes de Ensemble: Booting, Bagging e Stacking. Os autores combinaram quatro diferentes classificadores: Decision Tree, Naive Bayes, Multilayer Perceptron e REPTree.…”

unclassified

Stacking-based Committees para Detecção de Ataques em Redes de Computadores - Uma abordagem por exaustão

Lucas

Costa

Moraes

et al. 2021

Anais Do XXXIX Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2021)

View full text Add to dashboard Cite

A aplicação de técnicas de Machine Learning na detecção de ataques em redes de computadores tem obtido bons resultados, com destaque para os métodos de Ensemble, que conseguem melhorar o desempenho de classiﬁcadores individuais. O estudo foi realizado utilizando o Dataset CICIDS-2017 e considerou a escolha de classiﬁcadores com base em uma revisão sistemática da literatura, objetivando encontrar o estado-da-arte e as tendências, tanto para os algoritmos de classiﬁcação quanto para as técnicas de ensemble. Committees que reduzem signiﬁcativamente os erros de classiﬁcação são apresentados modelando detectores de intrusão que são superiores aos métodos individuais e aos trabalhos correlatos comparados obtendo acurácia média de 99.92%.

show abstract

“…Today, machine learningbased intrusion detection technology is a promising solution to the problems. When machine learning, which has recently received much attention, is used to detect network attacks, it not only greatly reduces the need for intervention by administrators, but it also effectively responds to variant attacks or zero-day attacks by automating the task of extracting and utilizing the behavior patterns of the attacks [4]- [8].…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, it is impossible to perform packet-by-packet processing in real time while satisfying delay conditions with existing slow machine learning algorithms. Because of this limitation, today's machine learning-based security systems only monitor statistical characteristic values for each session, instead of detecting per-packet attacks, and they just determine whether a network attack exists after the session ends [3]- [8].…”

Section: Introductionmentioning

confidence: 99%

Hybrid Classification for High-Speed and High-Accuracy Network Intrusion Detection System

Kim

Pak

2021

IEEE Access

View full text Add to dashboard Cite

Cybercrime is growing at a rapid pace, and its techniques are becoming more sophisticated. In order to actively cope with such threats, new approaches based on machine learning and requiring less administrator intervention have been proposed, but there are still many technical difficulties in detecting security attacks in real time. To solve this problem, we propose a new machine learning-based real-time intrusion detection algorithm. Unlike the existing approaches, the one proposed can detect the presence of an attack every time a packet is received, enabling real-time detection. In addition, our algorithm effectively reduces the system load, which may significantly increase from real-time detection, compared to non-realtime detection. In the algorithm, the increase in the number of memory accesses can be minimized (to below 30 %) compared to conventional methods. Since the proposed method is pure software-based approach, it has excellent scalability and flexibility against various attacks. Therefore, the proposed method cannot support the high classification performance of the hardware-based method but also the high flexibility of the software-based method simultaneously, it can effectively detect and prevent various cyber-attacks.

show abstract

Comparison of ensemble learning methods applied to network intrusion detection

Cited by 15 publications

References 18 publications

Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector

Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector

Stacking-based Committees para Detecção de Ataques em Redes de Computadores - Uma abordagem por exaustão

Hybrid Classification for High-Speed and High-Accuracy Network Intrusion Detection System

Contact Info

Product

Resources

About