Abstract
Currently, the use of machine learning models for developing intrusion detection systems is a technology trend which improvement has been proven. These intelligent systems are trained with labeled datasets, including different types of attacks and the normal behavior of the network. Most of the studies use a unique machine learning model, identifying anomalies related to possible attacks. In other cases, machine learning algorithms are used to identify certain type of attacks. However, recent studies show that certain models are more accurate identifying certain classes of attacks than others. Thus, this study tries to identify which model fits better with each kind of attack in order to define a set of reasoner modules. In addition, this research work proposes to organize these modules to feed a selection system, that is, a dynamic classifier. Finally, the study shows that when using the proposed dynamic classifier model, the detection range increases, improving the detection by each individual model in terms of accuracy.
Highlights
Intrusion detection systems (IDS) are computer systems designed to monitor network traffic.These systems are capable to find atypical records and attack patterns based on the behavior of the networks
The chosen dataset was UNSW-NB15 [14], because it has been considered as a benchmark dataset for the evaluation of IDS based on machine learning (ML) models thanks to the variety of the current cybersecurity attacks to date, being widely used in cybersecurity [32]
As it can be seen in the figure, we propose an architecture composed of different modules: a series of static ML algorithms manually preconfigured by means of a study of hyperparameter selection and feature selection, and by a dynamic classifier
Summary
Intrusion detection systems (IDS) are computer systems designed to monitor network traffic. IDS, as a software application, analyze possible anomalies detected at the network layer This process is, traditionally, static and linked to the rules or algorithms used for detecting cyberattacks. Anomaly-based IDS are related directly to the application of machine learning (ML) techniques These techniques, depending on the underlaying classification model, are capable of detecting anomalies by means of binary classifiers, or different types of attacks by means of multiclass classifiers. These sections include several tests for different ML learning techniques, including data preprocessing and feature selection.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.