Network Intrusion Detection Based on PSO-Xgboost Model

Jiang, Huiling; He, Zheng; Ye, Gang; Zhang, Huyin

doi:10.1109/access.2020.2982418

Cited by 156 publications

(64 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The method used NetFlow protocol for acquiring information and generating datasets, information gain ratio for selecting the relevant attributes, and stacking ensemble for detecting anomaly in SDN networks. A work in [95] proposed the PSO-XGBoost model for network IDS. A classification model based on XGBoost was developed and PSO was employed to adaptively search for the optimal structure of XGBoost.…”

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

107

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are intrinsically linked to a comprehensive solution of cyberattacks prevention instruments. To achieve a higher detection rate, the ability to design an improved detection framework is sought after, particularly when utilizing ensemble learners. Designing an ensemble often lies in two main challenges such as the choice of available base classifiers and combiner methods. This paper performs an overview of how ensemble learners are exploited in IDSs by means of systematic mapping study. We collected and analyzed 124 prominent publications from the existing literature. The selected publications were then mapped into several categories such as years of publications, publication venues, datasets used, ensemble methods, and IDS techniques. Furthermore, this study reports and analyzes an empirical investigation of a new classifier ensemble approach, called stack of ensemble (SoE) for anomaly-based IDS. The SoE is an ensemble classifier that adopts parallel architecture to combine three individual ensemble learners such as random forest, gradient boosting machine, and extreme gradient boosting machine in a homogeneous manner. The performance significance among classification algorithms is statistically examined in terms of their Matthews correlation coefficients, accuracies, false positive rates, and area under ROC curve metrics. Our study fills the gap in current literature concerning an up-to-date systematic mapping study, not to mention an extensive empirical evaluation of the recent advances of ensemble learning techniques applied to IDSs.

show abstract

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

107

View full text Add to dashboard Cite

show abstract

“…In order to obtain high accuracy, high packet detection rate, and low false positive rate of AID-S, Iwendi et al [11] proposed a CFS + Ensemble Classifiers. Besides, Jiang et al [12] proposed the PSO-XGBoost model given its overall higher classification accuracy than other alternative models such like XGBoost, Random Forest, Bagging and Adaboost and Liu et al [13] presented an intrusion detection model with hierarchical attention mechanism.…”

Section: A Intrusion Detection Systemmentioning

confidence: 99%

The Effective Methods for Intrusion Detection With Limited Network Attack Data: Multi-Task Learning and Oversampling

et al. 2020

View full text Add to dashboard Cite

Recently, many anomaly intrusion detection algorithms have been developed and applied in network security. These algorithms achieve high detection rate on many classical datasets. However, most of them failed to address two challenges: 1) imbalanced traffic data with limited network attack, 2) multiple data sources that are distributed in different terminals. In detail, those algorithms assume that there are sufficient network traffic data to train their models for intrusion detection. Due to the network attack traffic is always scarce in the real-world network, this assumption is difficult to satisfy in most cases. In this paper, we use Multi-Task Learning (MTL) and oversampling methods to address those challenges of network intrusion detection. Firstly, we use the MTL method to treat each terminal as a single task, and then use relevant information between different terminals to help learn every single task. Meanwhile, we use the oversampling method to overcome the minority problem of attacks. Through a series of experiments on the latest UNSW-NB15 and CICIDS2018 datasets, this paper verifies the effectiveness of MTL and oversampling methods for network intrusion detection with limited network attack data, where they achieve more than 90% detection rate in different experimental settings.

show abstract

“…Today, with the growth of use and increasing the importance of computer networks, attacks and intrusions into these networks are increasingly expanding and taking many forms. Influence, all illegal actions that are true, confidential or access to a source Includes endangerment 1 . Infiltrators are divided into two categories, external and internal.…”

Section: Introductionmentioning

confidence: 99%

“…This requires the behavioral data of each of these two groups 7 . In 1 a classification model based on Xgboost and PSO used to adaptively search for the optimal structure of Xgboost. The benchmark NSL‐KDD dataset is used to evaluate the proposed model and results demonstrate that PSO‐Xgboost model outperforms other comparative models.…”

Section: Introductionmentioning

confidence: 99%

Introduced a new method for enhancement of intrusion detection with random forest and PSO algorithm

Ajdani

Ghaffary

2021

Security and Privacy

View full text Add to dashboard Cite

As computer networks expand, attacks and intrusions into these networks have increased. In addition to firewalls and other intrusion prevention equipment, other systems, such as IDS (Metrics), are designed to provide enhanced security in computer systems, including the purpose of monitoring intrusive and intrusive activities. Intrusive allocation system can be considered effective if the high intrusion rate is slightly misleading, and in this article a new way to classify it is abnormal (infiltration) in the host or network. UNSW‐NB15 and KDD‐Cup'99 Datasets Introducing Random Forest and PSO algorithm. In this paper, training data and label data used with the random forest algorithm. After creating a random forest algorithm, provide test data. We use the data stored in train step, which is actually a copy of the data, so that when performing the test step, the same training data can be compared with categorize using a PSO algorithm. In in order to show the accuracy of the proposed method, an example of the confusion matrix formed in the code that showed performance of all methods and modes studied is compared based on accuracy and time that the PSO algorithm has always been able to take less time, which is quite acceptable and predictable. Improves correct diagnosis of correct detection rate in that report was 75.94% and in the proposed method in this article it reached 97%. With the proposed method, learning speed has been greatly increased and accuracy is acceptable.

show abstract

Network Intrusion Detection Based on PSO-Xgboost Model

Cited by 156 publications

References 32 publications

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

The Effective Methods for Intrusion Detection With Limited Network Attack Data: Multi-Task Learning and Oversampling

Introduced a new method for enhancement of intrusion detection with random forest and PSO algorithm

Contact Info

Product

Resources

About