Network intrusion detection using machine learning approaches: Addressing data imbalance
Abstract Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, w...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2022-03-01
|
| Series: | IET Cyber-Physical Systems |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/cps2.12013 |
| _version_ | 1818395252285767680 |
|---|---|
| author | Rahbar Ahsan Wei Shi Jean‐Pierre Corriveau |
| author_facet | Rahbar Ahsan Wei Shi Jean‐Pierre Corriveau |
| author_sort | Rahbar Ahsan |
| collection | DOAJ |
| description | Abstract Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well‐known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed. |
| first_indexed | 2024-12-14T06:14:09Z |
| format | Article |
| id | doaj.art-30df1d85997e463ba81b07e83503792b |
| institution | Directory Open Access Journal |
| issn | 2398-3396 |
| language | English |
| last_indexed | 2024-12-14T06:14:09Z |
| publishDate | 2022-03-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Cyber-Physical Systems |
| spelling | doaj.art-30df1d85997e463ba81b07e83503792b2022-12-21T23:14:05ZengWileyIET Cyber-Physical Systems2398-33962022-03-0171303910.1049/cps2.12013Network intrusion detection using machine learning approaches: Addressing data imbalanceRahbar Ahsan0Wei Shi1Jean‐Pierre Corriveau2School of Computer Science Carleton University Ottawa CanadaSchool of Information Technology Carleton University Ottawa CanadaSchool of Computer Science Carleton University Ottawa CanadaAbstract Cybersecurity has become a significant issue. Machine learning algorithms are known to help identify cyberattacks such as network intrusion. However, common network intrusion datasets are negatively affected by class imbalance: the normal traffic behaviour constitutes most of the dataset, whereas intrusion traffic behaviour forms a significantly smaller portion. A comparative evaluation of the performance is conducted of several classical machine learning algorithms, as well as deep learning algorithms, on the well‐known National Security Lab Knowledge Discovery and Data Mining dataset for intrusion detection. More specifically, two variants of a fully connected neural network, one with an autoencoder and one without, have been implemented to compare their performance against seven classical machine learning algorithms. A voting classifier is also proposed to combine the decisions of these nine machine learning algorithms. All of the models are tested in combination with three different resampling techniques: oversampling, undersampling, and hybrid sampling. The details of the experiments conducted and an analysis of their results are then discussed.https://doi.org/10.1049/cps2.12013security of datadata miningpattern classificationdeep learning (artificial intelligence)sampling methods |
| spellingShingle | Rahbar Ahsan Wei Shi Jean‐Pierre Corriveau Network intrusion detection using machine learning approaches: Addressing data imbalance IET Cyber-Physical Systems security of data data mining pattern classification deep learning (artificial intelligence) sampling methods |
| title | Network intrusion detection using machine learning approaches: Addressing data imbalance |
| title_full | Network intrusion detection using machine learning approaches: Addressing data imbalance |
| title_fullStr | Network intrusion detection using machine learning approaches: Addressing data imbalance |
| title_full_unstemmed | Network intrusion detection using machine learning approaches: Addressing data imbalance |
| title_short | Network intrusion detection using machine learning approaches: Addressing data imbalance |
| title_sort | network intrusion detection using machine learning approaches addressing data imbalance |
| topic | security of data data mining pattern classification deep learning (artificial intelligence) sampling methods |
| url | https://doi.org/10.1049/cps2.12013 |
| work_keys_str_mv | AT rahbarahsan networkintrusiondetectionusingmachinelearningapproachesaddressingdataimbalance AT weishi networkintrusiondetectionusingmachinelearningapproachesaddressingdataimbalance AT jeanpierrecorriveau networkintrusiondetectionusingmachinelearningapproachesaddressingdataimbalance |