Artificial Intelligence based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing

Kanimozhi, V.; Jacob, T. Prem

doi:10.1016/j.icte.2019.03.003

Cited by 59 publications

(31 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Accuracy, precision, and recall scores associated with this perfect AUC score were 99.97%, 99.96%, and 100%, respectively. No information was provided on the MLP classifier, but it is most likely the same two-layer network as in [26]. The main shortcoming of this paper is the lack of detail.…”

Section: Kanimozhi and Jacob [27] (Calibration Of Various Optimized Mmentioning

confidence: 99%

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

2020

View full text Add to dashboard Cite

The exponential growth in computer networks and network applications worldwide has been matched by a surge in cyberattacks. For this reason, datasets such as CSE-CIC-IDS2018 were created to train predictive models on network-based intrusion detection. These datasets are not meant to serve as repositories for signature-based detection systems, but rather to promote research on anomaly-based detection through various machine learning approaches. CSE-CIC-IDS2018 contains about 16,000,000 instances collected over the course of ten days. It is the most recent intrusion detection dataset that is big data, publicly available, and covers a wide range of attack types. This multi-class dataset has a class imbalance, with roughly 17% of the instances comprising attack (anomalous) traffic. Our survey work contributes several key findings. We determined that the best performance scores for each study, where available, were unexpectedly high overall, which may be due to overfitting. We also found that most of the works did not address class imbalance, the effects of which can bias results in a big data study. Lastly, we discovered that information on the data cleaning of CSE-CIC-IDS2018 was inadequate across the board, a finding that may indicate problems with reproducibility of experiments. In our survey, major research gaps have also been identified.

show abstract

Section: Kanimozhi and Jacob [27] (Calibration Of Various Optimized Mmentioning

confidence: 99%

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

2020

View full text Add to dashboard Cite

show abstract

“…In the following section, an importanted works has been studied to investigate (NIDS), the following are the most important works: In [11] a proposed system was detecte a botnet attack classification that represent a famous attacks in banking services and financial transactions. The proposed system applied neural network on a realistic dataset of cyber defence (CSE-CIC-IDS2018).…”

Section: Related Workmentioning

confidence: 99%

“…As shown in table because all 78 features of CSE-CIC-IDS2018 datasetare used. In paper [11] the proposed system designed for a classification to detect botnet attack only in CSE-CIC-IDS2018 that represent a serious threat in banking services. This work used six types of machine learning algorithm on CSE-CIC-IDS2018 with fourteen types of attacks for training and different eight types from zero day attacks for testing [12].…”

Section: Comparitive Analysismentioning

confidence: 99%

Performance analysis of flow-based attacks detection on CSE-CIC-IDS2018 dataset using deep learning

Farhan

Maolood

Hassan

2020

IJEECS

View full text Add to dashboard Cite

<p>The emergence of the Internet of Things (IOT) as a result of the development of the communications system has made the study of cyber security more important. Day after day, attacks evolve and new attacks are emerged. Hence, network anomaly-based intrusion detection system is become very important, which plays an important role in protecting the network through early detection of attacks. Because of the development in machine learning and the emergence of deep learning field, and its ability to extract high-level features with high accuracy, made these systems involved to be worked with real network traffic CSE-CIC-IDS2018 with a wide range of intrusions and normal behavior is an ideal way for testing and evaluation . In this paper , we test and evaluate our deep model (DNN) which achieved good detection accuracy about 90% .</p>

show abstract

“…Вместе с тем в работе не уточняются итоговые настройки используемой модели и не подтверждается их оптимальность. В работе [5] рассматривается применение технологий нейронных сетей для обнаружения ботнет-атак. Предлагаемая модель (многослойный персептрон), обученная на публичном наборе данных CSE-CIC-IDS2018, демонстрирует на тестовых данных высокое качество обнаружения -близкое к единице значение F1-меры.…”

Section: постановка задачи и релевантные работыunclassified

“…Однако данный подход не позволяет обнаруживать новые виды деструктивных воздействий [2], что делает актуальным задачу разработки эвристических методов, способных детектировать ранее неизвестные типы атак [3]. Проведенный анализ ряда опубликованных на данный момент исследований [3][4][5][6] подтверждает возможность применения технологий машинного обучения для решения задач обнаружения компьютерных атак. Данное обстоятельство обусловливает целесообразность проведения прикладных исследований в указанной области, направленных на выработку конкретных предложений по построению моделей обнаружения и перспектив их практической реализации.…”

Section: Introductionunclassified

Synthesis of a Machine Learning Model for Detecting Computer Attacks Based on the CICIDS2017 Dataset

Горюнов¹,

Мацкевич²,

Рыболовлев³

2020

Proceedings of ISP RAS

View full text Add to dashboard Cite

The paper deals with the construction and practical implementation of the model of computer attack detection based on machine learning methods. Among available public datasets one of the most relevant was chosen - CICIDS2017. For this dataset, the procedures of data preprocessing and sampling were developed in detail. In order to reduce computation time, the only class of computer attacks (brute force, XSS, SQL injection) was left in the training set. The procedure of feature space construction is described sequentially, which allowed to significantly reduce its dimensions - from 85 to 10 most important features. The quality assessment of ten most common machine learning models on the obtained pre-processed dataset was made. Among the models (algorithms) that demonstrated the best results (k-nearest neighbors, decision tree, random forest, AdaBoost, logistic regression), taking into account the minimum time of execution, the choice of random forest model was justified. А quasi-optimal selection of hyper parameters was carried out, which made it possible to improve the quality of the model in comparison with the previously published research results. The synthesized model of attack detection was tested on real network traffic. The model has shown its validity only under the condition of training on data collected in a specific network, since important features depend on the physical structure of the network and the settings of the equipment used. The conclusion was made that it is possible to use machine learning methods to detect computer attacks taking into account these limitations.

show abstract

Artificial Intelligence based Network Intrusion Detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing

Cited by 59 publications

References 1 publication

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

Performance analysis of flow-based attacks detection on CSE-CIC-IDS2018 dataset using deep learning

Synthesis of a Machine Learning Model for Detecting Computer Attacks Based on the CICIDS2017 Dataset

Contact Info

Product

Resources

About