Подход к настройке CatBoost для продвинутого обнаружения атак DoS и DDoS в сетевом трафике

Abstract

In the ever-evolving landscape of network security, the sophistication of cyber-attacks, especially Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, poses a formidable challenge to intrusion detection systems. Recognizing the longstanding application of CatBoost in various domains, this study explores its novel optimization for network intrusion detection, a critical area in need of advanced solutions. Leveraging the strengths of CatBoost in handling categorical data and imbalanced datasets, we meticulously adapt the classifier to meet the complex demands of distinguishing between DoS, DDoS, and benign traffic within the comprehensive CICIDS2017 and CSE-CIC-IDS2018 datasets. This research is an attempt to refine the learning efficiency and detection capabilities of CatBoost through the implementation of advanced feature selection and data preparation, contributing to the field by improving detection accuracy within real-time intrusion detection systems. The results show a notable improvement in performance, underscoring the classifier's role in advancing cybersecurity measures. Furthermore, the study paves the way for future exploration into adversarial machine learning and automated feature engineering, fortifying the resilience and adaptability of intrusion detection systems against the backdrop of a rapidly changing cyber threat landscape. These efforts provide solid approaches to address the current challenges in network security, signaling a move towards more refined and dependable intrusion detection methods.