Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning

Zeng, Zengri; Peng, Wei; Zhao, Baokang

doi:10.1155/2021/8986243

Cited by 11 publications

(3 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, with the explosive growth of network traffic, abnormal network traffic is increasingly characterized by complexity, concealment, and diversity, causing the failure of traditional attack detection systems [ 6 ]. To cope with this trend, researchers have developed many attack detection methods based on rough set theory, machine learning, and deep learning [ 7 ]. For example, traditional detection methods based on rough set theory [ 8 ] have the advantage of being able to detect network attacks, even with incomplete data.…”

Section: Introductionmentioning

confidence: 99%

“…This noise and redundant information is closely related to useful information, which not only increases the computational complexity and time consumption of attack detection but also leads to the deletion of useful information while retaining part of the noise and redundant information during feature dimension reduction. This creates serious challenges for attack detection technology [ 7 ]. Due to the difficulty in collecting samples of some attack types in the existing detection dataset, the actual number of cases is small, and data imbalance is prevalent [ 12 ].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards Intelligent Attack Detection Using DNA Computing

Zeng

Zhao

Meng

et al. 2023

ACM Trans. Multimedia Comput. Commun. Appl.

View full text Add to dashboard Cite

In recent years, frequent network attacks have seriously threatened the interests and security of mankind. To address this threat, many detection methods have been studied, and some of them have achieved good results. However, with the development of network interconnection technology, massive network data have been produced, and considerable redundant information has been generated. At the same time, the frequently changing types of cyberattacks result in great difficulties in the collection of samples, resulting in a serious imbalance in the sample size of each attack type in the dataset. These two problems seriously reduce the robustness of the existing detection methods, but the existing research methods do not provide a good solution. To address these two problems, we define an unbalanced index and an optimal feature index to directly reflect the performance of the detection method in terms of overall accuracy, feature subset optimization and detection balance. Inspired by DNA computing, we propose intelligent attack detection based on DNA computing (ADDC). First, we design a set of regular encoding and decoding features based on DNA sequences and obtain a better subset of features through biochemical reactions. Second, nondominated ranking based on reference points is used to select individuals to form a new population to optimize the detection balance. Finally, a large number of experiments are carried out on four datasets to reflect real-world cyberattack situations. Experimental results show that compared with the most recent detection methods, our method can improve the overall accuracy of multiclass classification by up to 10%; the imbalance index decreased by 0.5, and 1.5 more attack types were detected on average; and the optimal index of the feature subset increased by 83.8%.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Towards Intelligent Attack Detection Using DNA Computing

Zeng

Zhao

Meng

et al. 2023

ACM Trans. Multimedia Comput. Commun. Appl.

View full text Add to dashboard Cite

show abstract

“…This is accomplished by removing the feature's mean from each value and then dividing by the standard deviation. Mathematical equation for this strategy is given as (2), where X is an original value and X is the normalized value [36]:…”

mentioning

confidence: 99%

Optimizing Intrusion Detection Systems in Three Phases on the CSE-CIC-IDS-2018 Dataset

Songma,

Sathuphan,

Pamutha

2023

Computers

View full text Add to dashboard Cite

This article examines intrusion detection systems in depth using the CSE-CIC-IDS-2018 dataset. The investigation is divided into three stages: to begin, data cleaning, exploratory data analysis, and data normalization procedures (min-max and Z-score) are used to prepare data for use with various classifiers; second, in order to improve processing speed and reduce model complexity, a combination of principal component analysis (PCA) and random forest (RF) is used to reduce non-significant features by comparing them to the full dataset; finally, machine learning methods (XGBoost, CART, DT, KNN, MLP, RF, LR, and Bayes) are applied to specific features and preprocessing procedures, with the XGBoost, DT, and RF models outperforming the others in terms of both ROC values and CPU runtime. The evaluation concludes with the discovery of an optimal set, which includes PCA and RF feature selection.

show abstract