Abstract
Most approaches for detecting network attacks involve threat analyses to match the attack to potential malicious profiles using behavioral analysis techniques in conjunction with packet collection, filtering, and feature comparison. Experts in information security are often required to study these threats, and judging new types of threats accurately in real time is often impossible. Detecting legitimate or malicious connections using protocol analysis is difficult; therefore, machine learning-based function modules can be added to intrusion detection systems to assist experts in accurately judging threat categories by analyzing the threat and learning its characteristics. In this paper, an ensemble learning scheme based on a revised random forest algorithm is proposed for a security monitoring system in the domain of renewable energy to categorize network threats in a network intrusion detection system. To reduce classification error for minority classes of experimental data in model training, the synthetic minority oversampling technique scheme (SMOTE) was formulated to re-balance the original data sets by altering the number of data points for minority class to imbue the experimental data set. The classification performance of the proposed classifier in threat classification when the data set is unbalanced was experimentally verified in terms of accuracy, precision, recall, and F1-score on the UNSW-NB15 and CSE-CIC-IDS 2018 data sets. A cross-validation scheme featuring support vector machines was used to compare classification accuracies.
Highlights
Cybersecurity mechanisms, such as network intrusion detection systems (NIDSs) and firewalls, detect network attacks and prevent hackers from gaining entry into the enterprise network
machine learning (ML) techniques for threat classification—such as support vector machine (SVM) and hybrid approaches—are used to aid category prediction, wherein the SVM [4] is incorporated with other classification approaches, such as those based on decision trees (DTs) [5], principal component analysis (PCA) [6], and the Dempster–Shafer theory [7]
Inspired by Ho’s study [9], the present study proposes an random forest (RF)-based ensemble learning algorithm associated with a uniform distribution resampling scheme for minority classes based on a Synthetic Minority Oversampling TEchnique (SMOTE) for NIDs
Summary
Cybersecurity mechanisms, such as network intrusion detection systems (NIDSs) and firewalls, detect network attacks and prevent hackers from gaining entry into the enterprise network. ML techniques for threat classification—such as support vector machine (SVM) and hybrid approaches—are used to aid category prediction, wherein the SVM [4] is incorporated with other classification approaches, such as those based on decision trees (DTs) [5], principal component analysis (PCA) [6], and the Dempster–Shafer theory [7].
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
