Transferability of machine learning models learned from public intrusion detection datasets: the CICIDS2017 case study

Catillo, Marta; Vecchio, Andrea Del; Pecchia, Antonio; Villano, Umberto

doi:10.1007/s11219-022-09587-0

Cited by 24 publications

(6 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the literature, researches on USB-IDS-1 are quite few. First of the studies we examined is the [14]. In this paper, experiments were carried out by applying decision trees, random forest and deep neural network algorithms on the USB-IDS-1.…”

Section: 1mentioning

confidence: 99%

USB-IDS-1 dataset feature reduction with genetic algorithm

Özsarı,

Aydın

et al. 2024

Communications Faculty of Sciences University of Ankara Series A2-A3 Physical Sciences and Engineering

View full text Add to dashboard Cite

Technology and online opportunities brought by technology are increasing day by day. Many transactions, from banking to shopping, can be done online. However, the abuse of technology is also increasing at the same rate. Therefore, it is very important to ensure the security of the network for data protection. The application of artificial intelligence-based approaches has also become popular in the field of information security. When the data collected for intrusion detection is examined, it is seen that there are many features. In this study, the features in the USB-IDS-1 dataset were reduced by genetic algorithm and its success was examined with various classifiers. Among the selected methods, there are decision trees, random forest, k-NN, Naive Bayes and artificial neural networks. Accuracy, sensitivity, precision and F1-score were used as metrics. According to the results obtained, it was seen that the genetic algorithm was quite successful in the Hulk and Slowloris data set, it was partially effective in the Slowhttptest data, but was not successful in the TCP set. However, the performance of the algorithms was poor as a result of using all features in Slowhttptest and TCP data.

show abstract

Section: 1mentioning

confidence: 99%

USB-IDS-1 dataset feature reduction with genetic algorithm

Özsarı,

Aydın

et al. 2024

Communications Faculty of Sciences University of Ankara Series A2-A3 Physical Sciences and Engineering

View full text Add to dashboard Cite

show abstract

“…It is an obsolete dataset, not specifically conceived for IoT applications. As highlighted in [21], this issue might also lead to the lack of transferability of the impressive results obtained on reference datasets (possibly outdated and not free from statistical biasing) in even slightly different data collection settings.…”

Section: Ids With Iot Machine and Deep Learningmentioning

confidence: 99%

A Deep Learning Method for Lightweight and Cross-Device IoT Botnet Detection

2023

View full text Add to dashboard Cite

Ensuring security of Internet of Things (IoT) devices in the face of threats and attacks is a primary concern. IoT plays an increasingly key role in cyber–physical systems. Many existing intrusion detection systems (IDS) proposals for the IoT leverage complex machine learning architectures, which often provide one separate model per device or per attack. These solutions are not suited to the scale and dynamism of modern IoT networks. This paper proposes a novel IoT-driven cross-device method, which allows learning a single IDS model instead of many separate models atop the traffic of different IoT devices. A semi-supervised approach is adopted due to its wider applicability for unanticipated attacks. The solution is based on an all-in-one deep autoencoder, which consists of training a single deep neural network with the normal traffic from different IoT devices. Extensive experimentation performed with a widely used benchmarking dataset indicates that the all-in-one approach achieves within 0.9994–0.9997 recall, 0.9999–1.0 precision, 0.0–0.0071 false positive rate and 0.9996–0.9998 F1 score, depending on the device. The results obtained demonstrate the validity of the proposal, which represents a lightweight and device-independent solution with considerable advantages in terms of transferability and adaptability.

show abstract

“…The experiments were run on a ZenBook 2.30 GHz Intel Core i7 with 16 GB of RAM. [7] 0.97 0.06 0.97 RF [7] 0.98 0.00 0.98 DNN [7] 0.67 0.05 0.66 Proposed Method 0.98 1.0 1.0…”

Section: Experimental Settingmentioning

confidence: 99%

Explainable AI and Deep Autoencoders Based Security Framework for IoT Network Attack Certainty (Extended Abstract)

Kalutharage

Liu

Chrysoulas

2022

Attacks and Defenses for the Internet-of-Things

View full text Add to dashboard Cite

Over the past few decades, Machine Learning (ML)-based intrusion detection systems (IDS) have become increasingly popular and continue to show remarkable performance in detecting attacks. However, the lack of transparency in their decision-making process and the scarcity of attack data for training purposes pose a major challenge for the development of ML-based IDS systems for Internet of Things (IoT). Therefore, employing anomaly detection methods and interpreting predicted results in terms of feature contribution or performing featurebased impact analysis can increase stakeholders confidence. To this end, this paper presents a novel framework for IoT security monitoring, combining deep autoencoder models with Explainable Artificial Intelligence (XAI), to verify the credibility and certainty of attack detection by MLbased IDSs. Our proposed approach reduces the number of black boxes in the ML decision-making process in IoT security monitoring by explaining why a prediction is made, providing quantifiable data on which features influence the prediction and to what extent, which are generated from SHaply Adaptive values exPlanations (SHAP) linking optimal credit allocation to local explanations. This was tested using the USB-IDS benchmark dataset and a detection accuracy of 84% (benign) and 100% (attack) was achieved. Our experimental results show that integrating XAI with the autoencoder model obviates the need of malicious data for training purposes, but can provide attack certainty for detected anomalies, proving the validity of the proposed methodology.

show abstract

Transferability of machine learning models learned from public intrusion detection datasets: the CICIDS2017 case study

Cited by 24 publications

References 31 publications

USB-IDS-1 dataset feature reduction with genetic algorithm

USB-IDS-1 dataset feature reduction with genetic algorithm

A Deep Learning Method for Lightweight and Cross-Device IoT Botnet Detection

Explainable AI and Deep Autoencoders Based Security Framework for IoT Network Attack Certainty (Extended Abstract)

Contact Info

Product

Resources

About