CyberSentinel: Machine Learning-Driven Attack Severity Prediction & Threat Intelligence Using UNSW_NB15 Dataset

CyberSentinel: Machine Learning-Driven Attack Severity Prediction & Threat Intelligence Using UNSW_NB15 Dataset

연구 분야: Safety

학회: 2025 2nd International Conference on Research Methodologies in Knowledge Management, Artificial Intelligence and Telecommunication Engineering (RMKMATE)

The increasing complexity and frequency of cyberattacks highlight the urgent need for intelligent, adaptive systems capable of efficient threat detection, classification, and risk prioritization. This research introduces CyberSentinel, a machine learning-powered threat analysis and attack severity prediction platform, designed to assist security analysts in making faster and more informed decisions during cyber incidents. The system leverages the benchmark UNSW-NB15 dataset, which contains over 99,000 samples of labeled network traffic representing both normal and malicious behaviors. CyberSentinel categorizes attacks into three severity levels: Low, Medium, and High, helping prioritize incident response efforts based on risk. Multiple Machine Learning classifiers, including Random Forest, XGBoost and Decision Tree, were trained and thoroughly evaluated. The Random Forest (RF) model demonstrated superior predictive accuracy and balanced precision-recall scores across all classes compared to Decision Tree and XGBoost. To mitigate the class imbalance commonly found in real-world traffic, Synthetic Minority Over-Sampling Technique (SMOTE) was applied during training, and Min-Max Scaling was used to normalize feature ranges and improve convergence. CyberSentinel is deployed as an interactive Streamlit web application, allowing users to upload network log files in CSV format for automated attack severity prediction. The system analyzes the entire uploaded dataset at once, generating detailed prediction outputs for each log entry. The platform also features rich visual analytics, including severity-level pie charts, top attacking and targeted IP addresses, attack incident logs with timestamps, and feature importance visualizations. These insights support security teams in understanding evolving attack patterns and strengthening their defensive strategies. Future enhancements include real-time firewall log monitoring and chatbot-based advisory integration. Show More