Building an intrusion detection system on UNSW-NB15: Reducing the margin of error to deal with data overlap and imbalance

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2024-08-22 DOI:10.1002/cpe.8242

Zeinab Zoghi, Gursel Serpen

{"title":"Building an intrusion detection system on UNSW-NB15: Reducing the margin of error to deal with data overlap and imbalance","authors":"Zeinab Zoghi, Gursel Serpen","doi":"10.1002/cpe.8242","DOIUrl":null,"url":null,"abstract":"<p>This study addresses the challenge of data imbalance and class overlap in machine learning for intrusion detection, proposing that targeted algorithmic adjustments can significantly enhance model performance. Our hypothesis contends that an ensemble framework, adeptly integrating novel threshold-adjustment algorithms, can improve classification sensitivity and specificity. To test this, we developed an ensemble model comprising Balanced Bagging (BB), eXtreme Gradient Boosting (XGBoost), and Random Forest (RF), fine-tuned using grid search for BB and XGBoost, and augmented with the Hellinger metric for RF to tackle data imbalance. The innovation lies in our algorithms, which adeptly adjust the discrimination threshold to rectify the class overlap problem, enhancing the model's ability to discern between negative and positive classes. Utilizing the UNSW-NB15 dataset, we conducted a comparative analysis for binary and multi-category classification. Our ensemble model achieved a binary classification accuracy of 97.80%, with a sensitivity rate of 98.26% for detecting attacks, and a multi-category classification accuracy and sensitivity that reached up to 99.73% and 97.24% for certain attack types. These results substantially surpass those of existing models on the same dataset, affirming our model's superiority in dealing with complex data distributions prevalent in network security domains.</p>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"36 25","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/cpe.8242","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8242","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

This study addresses the challenge of data imbalance and class overlap in machine learning for intrusion detection, proposing that targeted algorithmic adjustments can significantly enhance model performance. Our hypothesis contends that an ensemble framework, adeptly integrating novel threshold-adjustment algorithms, can improve classification sensitivity and specificity. To test this, we developed an ensemble model comprising Balanced Bagging (BB), eXtreme Gradient Boosting (XGBoost), and Random Forest (RF), fine-tuned using grid search for BB and XGBoost, and augmented with the Hellinger metric for RF to tackle data imbalance. The innovation lies in our algorithms, which adeptly adjust the discrimination threshold to rectify the class overlap problem, enhancing the model's ability to discern between negative and positive classes. Utilizing the UNSW-NB15 dataset, we conducted a comparative analysis for binary and multi-category classification. Our ensemble model achieved a binary classification accuracy of 97.80%, with a sensitivity rate of 98.26% for detecting attacks, and a multi-category classification accuracy and sensitivity that reached up to 99.73% and 97.24% for certain attack types. These results substantially surpass those of existing models on the same dataset, affirming our model's superiority in dealing with complex data distributions prevalent in network security domains.

Abstract Image

查看原文本刊更多论文

在 UNSW-NB15 上构建入侵检测系统：降低误差幅度以处理数据重叠和不平衡问题

摘要本研究针对入侵检测机器学习中数据不平衡和类重叠的挑战，提出有针对性的算法调整可以显著提高模型性能。我们的假设认为，一个善于整合新型阈值调整算法的集合框架可以提高分类灵敏度和特异性。为了验证这一点，我们开发了一个集合模型，其中包括平衡袋式算法（Balanced Bagging，BB）、极梯度提升算法（eXtreme Gradient Boosting，XGBoost）和随机森林算法（Random Forest，RF），BB 和 XGBoost 算法使用网格搜索进行微调，RF 算法使用海灵格指标进行增强，以解决数据不平衡问题。创新在于我们的算法，它巧妙地调整了判别阈值，纠正了类重叠问题，增强了模型分辨负类和正类的能力。利用 UNSW-NB15 数据集，我们对二元分类和多类别分类进行了比较分析。我们的集合模型在检测攻击方面的二元分类准确率达到了 97.80%，灵敏度达到了 98.26%；在某些攻击类型方面，我们的多类别分类准确率和灵敏度分别达到了 99.73% 和 97.24%。这些结果大大超过了现有模型在相同数据集上的结果，肯定了我们的模型在处理网络安全领域普遍存在的复杂数据分布方面的优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.