Benchmarking full version of GureKDDCup, UNSW-NB15, and CIDDS-001 NIDS datasets using rolling-origin resampling

Chew, Yee Jian; Lee, Nicholas Ming Ze; Ooi, Shih Yin; Wong, Kok‐Seng; Pang, Ying Han

doi:10.1080/19393555.2021.1985191

Cited by 5 publications

(2 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The improved values for numerals of several attributes have an impact on the development of a suitable and fine-tuned model using ML approaches like SVM, LR, CNN, and KNN [41,42]. It also takes a lot of processing resources to train high dimensional datasets.…”

Section: 9feature Normalizationmentioning

confidence: 99%

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

2024

IJATEE

View full text Add to dashboard Cite

Hackers have evolved at a faster rate in terms of their capabilities because of precise technological developments like networks and communication systems. These crooks are constantly looking for new ways to jeopardize the security of computer networks (CN). Intrusion detection systems (IDS) consequently automatically become important parts of a CN. An IDS is a piece of software or hardware that tracks a company's network for potential threats. Meanwhile, an IDS is capable of reacting to and reporting any fraudulent activity. Node-based or host-based IDS (HIDS) [1, 2] Network based IDS (NIDS) or distributed-based IDS (DIDS), and hybrid-based IDS (HYIDS) are the three basic categories into which IDSs fall based on the unique IDS operation concept, this classification was created. *Author for correspondenceThe primary fundamental design goals of IDS are a decrease in false positive (FP) alerts and an increase in detection accuracy. Subsequently, when designing and implementing any IDS, that perspective must be taken into consideration [3]. In currently decades, machine learning (ML)-based IDS have taken over as the industry standard. According to ML systems may now potentially learn from the past and improve. Broadly speaking, the two ML philosophies of supervised ML and unsupervised ML can be separated. Models are learned using labeled data in supervised ML [4]. Unsupervised ML uses unstructured data to train models.The multiclass and binary classification objectives are carefully taken into consideration when using supervised ML techniques in this study. The classification process occurs whenever a supervised ML technique is asked to identify a specific quality. The training data for the techniques in this configuration frequently has large sizes and high-

show abstract

Section: 9feature Normalizationmentioning

confidence: 99%

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

2024

IJATEE

View full text Add to dashboard Cite

show abstract

“…Akin to the 6-percent-GureKDDCup'99, the three NIDS datasets are chosen as they contained the mandatory IP truncation features: the source IP address and destination IP address. More details of the datasets, data cleansing, and data preparation can be found in our previous work [34].…”

Section: Extended Experimental Empirical Studiesmentioning

confidence: 99%

Adoption of IP Truncation in a Privacy-Based Decision Tree Pruning Design: A Case Study in Network Intrusion Detection System

et al. 2022

Self Cite

View full text Add to dashboard Cite

A decision tree is a transparent model where the rules are visible and can represent the logic of classification. However, this structure might allow attackers to infer confidential information if the rules carry some sensitive information. Thus, a tree pruning methodology based on an IP truncation anonymisation scheme is proposed in this paper to prune the real IP addresses. However, the possible drawback of carelessly designed tree pruning might degrade the performance of the original tree as some information is intentionally opted out for the tree’s consideration. In this work, the 6-percent-GureKDDCup’99, full-version-GureKDDCup’99, UNSW-NB15, and CIDDS-001 datasets are used to evaluate the performance of the proposed pruning method. The results are also compared to the original unpruned tree model to observe its tolerance and trade-off. The tree model adopted in this work is the C4.5 tree. The findings from our empirical results are very encouraging and spell two main advantages: the sensitive IP addresses can be “pruned” (hidden) throughout the classification process to prevent any potential user profiling, and the number of nodes in the tree is tremendously reduced to make the rule interpretation possible while maintaining the classification accuracy.

show abstract

Self-healing hybrid intrusion detection system: an ensemble machine learning approach

Kushal,

Shanmugam,

Sundaram

et al. 2024

Discov Artif Intell

View full text Add to dashboard Cite

The increasing complexity and adversity of cyber-attacks have prompted discussions in the cyber scenario for a prognosticate approach, rather than a reactionary one. In this paper, a signature-based intrusion detection system has been built based on C5 classifiers, to classify packets into normal and attack categories. Next, an anomaly-based intrusion detection was built based on the LSTM (Long-Short Term Memory) algorithm to detect anomalies. These anomalies are then fed into the signature generator to extract attributes. These attributes get uploaded into the C5 training set, aiding the ensemble model in continual learning with expanding signatures of unknown attacks. By generating signatures of unknown attacks, the self-healing attribute of the ensemble model contributes to the early detection of attacks. For the C5 classifier, the proposed model is evaluated on the UNSW-NB15 dataset, while for the LSTM model, it is evaluated on the ADFA-LD dataset. Compared to conventional models, the experimental results show better detection rates for both known and unknown attacks. The C5 classifier achieved a True Positive Rate of 97% while maintaining a false positive rate of 8%. Also, the LSTM model achieved a detection rate of 90% while retaining a 17% False Alarm Rate. As the proposed model learns, its performance in real network traffic also improves and it also eliminates human intervention when updating training data.

show abstract

Benchmarking full version of GureKDDCup, UNSW-NB15, and CIDDS-001 NIDS datasets using rolling-origin resampling

Cited by 5 publications

References 62 publications

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

Enhancing intrusion detection with imbalanced data classification and feature selection in machine learning algorithms

Adoption of IP Truncation in a Privacy-Based Decision Tree Pruning Design: A Case Study in Network Intrusion Detection System

Self-healing hybrid intrusion detection system: an ensemble machine learning approach

Contact Info

Product

Resources

About