使用机器学习方法的网络入侵检测:处理数据不平衡

IF 1.7 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Rahbar Ahsan, Wei Shi, Jean-Pierre Corriveau
{"title":"使用机器学习方法的网络入侵检测:处理数据不平衡","authors":"Rahbar Ahsan,&nbsp;Wei Shi,&nbsp;Jean-Pierre Corriveau","doi":"10.1049/cps2.12013","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well-known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":null,"pages":null},"PeriodicalIF":1.7000,"publicationDate":"2021-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12013","citationCount":"5","resultStr":"{\"title\":\"Network intrusion detection using machine learning approaches: Addressing data imbalance\",\"authors\":\"Rahbar Ahsan,&nbsp;Wei Shi,&nbsp;Jean-Pierre Corriveau\",\"doi\":\"10.1049/cps2.12013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well-known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.</p>\",\"PeriodicalId\":36881,\"journal\":{\"name\":\"IET Cyber-Physical Systems: Theory and Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2021-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12013\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Cyber-Physical Systems: Theory and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 5

摘要

网络安全已成为一个重大问题。众所周知,机器学习算法有助于识别网络入侵等网络攻击。然而,常见的网络入侵数据集受到类不平衡的负面影响:正常流量行为构成了数据集的大部分,而入侵流量行为构成了数据集的一小部分。在著名的入侵检测国家安全实验室知识发现和数据挖掘数据集上,对几种经典机器学习算法以及深度学习算法的性能进行了比较评估。更具体地说,一个完全连接的神经网络的两个变体,一个有自动编码器,一个没有,已经实现,以比较它们的性能与七个经典机器学习算法。并提出了一种投票分类器,将这九种机器学习算法的决策结合起来。所有模型都结合三种不同的重采样技术进行了测试:过采样、欠采样和混合采样。然后讨论了所进行的实验的细节和对实验结果的分析。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Network intrusion detection using machine learning approaches: Addressing data imbalance

Network intrusion detection using machine learning approaches: Addressing data imbalance

Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well-known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IET Cyber-Physical Systems: Theory and Applications
IET Cyber-Physical Systems: Theory and Applications Computer Science-Computer Networks and Communications
CiteScore
5.40
自引率
6.70%
发文量
17
审稿时长
19 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信