Cybersecurity Analytics: Toward an Efficient ML-Based Network Intrusion Detection System (NIDS)

Cybersecurity Analytics: Toward an Efficient ML-Based Network Intrusion Detection System (NIDS)

연구 분야: Safety

학회: International Conference on Machine Learning for Networking

ML-based NIDS are among the tools used within the framework of Cybersecurity analytics to tackle intrusions and alert for potential or ongoing cyberattacks. Their design relies heavily on precollected datasets on which ML algorithms are trained. However, NIDS datasets are often confronted with two major problems: imbalanced classes and outdated traffic flows. In fact, in one hand, designing NIDSs using obsolete datasets (like KDD99 and NSLKDD) may result in poor performances when implemented in nowadays network environment, due to their lack of modern attack styles and recent normal traffic scenarios. On the other hand, a high imbalance ratio could result in decrease of the efficiency of NIDS, especially for rarely encountered attack types. Therefore, in this study, binary and multiclass intrusion detection models are proposed, using Tree-based algorithms: Decision Tree(DT), Random Forest(RF), ExtraTrees, Gradient Boosting(GB), Adaboost, and XGBoost algorithms. The main advantage of this work is the use of a recent and well-ranked dataset, NF-UQ-NIDS-v2, which have been balanced using k-means undersampling, to train Tree-based models for intrusion detection. Through the experiments, we found that our approach presented satisfactory prediction time and performances, with low rates of false negatives and false positives.