{"title":"使用机器学习方法的网络入侵检测:处理数据不平衡","authors":"Rahbar Ahsan, Wei Shi, Jean-Pierre Corriveau","doi":"10.1049/cps2.12013","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well-known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":null,"pages":null},"PeriodicalIF":1.7000,"publicationDate":"2021-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12013","citationCount":"5","resultStr":"{\"title\":\"Network intrusion detection using machine learning approaches: Addressing data imbalance\",\"authors\":\"Rahbar Ahsan, Wei Shi, Jean-Pierre Corriveau\",\"doi\":\"10.1049/cps2.12013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well-known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.</p>\",\"PeriodicalId\":36881,\"journal\":{\"name\":\"IET Cyber-Physical Systems: Theory and Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2021-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12013\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Cyber-Physical Systems: Theory and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Network intrusion detection using machine learning approaches: Addressing data imbalance
Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well-known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.