Ensemble Learning for Threat Classification in Network Intrusion Detection on a Security Monitoring System for Renewable Energy

Hsiao-Chung Lin,Ping Wang,Wen-Hui Lin,Zong-Yu Yang,Kuo-Ming Chao

doi:10.3390/app112311283

Hsiao-Chung Lin, Ping Wang + Show 3 more

Open Access

https://doi.org/10.3390/app112311283

Copy DOI

Journal: Applied sciences	Publication Date: Nov 29, 2021
Citations: 9	License type: CC BY 4.0

Affiliation: Kun Shan University, Coventry University

Abstract

Most approaches for detecting network attacks involve threat analyses to match the attack to potential malicious profiles using behavioral analysis techniques in conjunction with packet collection, filtering, and feature comparison. Experts in information security are often required to study these threats, and judging new types of threats accurately in real time is often impossible. Detecting legitimate or malicious connections using protocol analysis is difficult; therefore, machine learning-based function modules can be added to intrusion detection systems to assist experts in accurately judging threat categories by analyzing the threat and learning its characteristics. In this paper, an ensemble learning scheme based on a revised random forest algorithm is proposed for a security monitoring system in the domain of renewable energy to categorize network threats in a network intrusion detection system. To reduce classification error for minority classes of experimental data in model training, the synthetic minority oversampling technique scheme (SMOTE) was formulated to re-balance the original data sets by altering the number of data points for minority class to imbue the experimental data set. The classification performance of the proposed classifier in threat classification when the data set is unbalanced was experimentally verified in terms of accuracy, precision, recall, and F1-score on the UNSW-NB15 and CSE-CIC-IDS 2018 data sets. A cross-validation scheme featuring support vector machines was used to compare classification accuracies.

Highlights

Cybersecurity mechanisms, such as network intrusion detection systems (NIDSs) and firewalls, detect network attacks and prevent hackers from gaining entry into the enterprise network
machine learning (ML) techniques for threat classification—such as support vector machine (SVM) and hybrid approaches—are used to aid category prediction, wherein the SVM [4] is incorporated with other classification approaches, such as those based on decision trees (DTs) [5], principal component analysis (PCA) [6], and the Dempster–Shafer theory [7]
Inspired by Ho’s study [9], the present study proposes an random forest (RF)-based ensemble learning algorithm associated with a uniform distribution resampling scheme for minority classes based on a Synthetic Minority Oversampling TEchnique (SMOTE) for NIDs

Summary

Introduction

Cybersecurity mechanisms, such as network intrusion detection systems (NIDSs) and firewalls, detect network attacks and prevent hackers from gaining entry into the enterprise network. ML techniques for threat classification—such as support vector machine (SVM) and hybrid approaches—are used to aid category prediction, wherein the SVM [4] is incorporated with other classification approaches, such as those based on decision trees (DTs) [5], principal component analysis (PCA) [6], and the Dempster–Shafer theory [7].

Methods

Results

Conclusion