Abstract
Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates.
Highlights
In the current digital age, numerous research papers and applications have been written and have developed proposed solutions to combat network based threats and to protect information systems
Have to attempted feature selectionof through algorithmsa inprobe adapting to the variability of networkgenerated traffic. We investigated this introducing to their the predictions data by adding three randomly variables
As every generated model was evaluated using all of the files in the dataset except the one that had been used to generate that model, two G-mean accuracy (gAcc) values were computed for every combination of prediction model and evaluation data
Summary
In the current digital age, numerous research papers and applications have been written and have developed proposed solutions to combat network based threats and to protect information systems. Various security systems have emerged, which aim to ensure that the key goals of cybersecurity are met [1]. Every day these stated security goals are flagrantly violated by breaches and security incidents, which raises questions about the capability of existing security systems. Intrusion detection systems (IDS) are one of the many tools used in the cyber security field. Their main purpose is to detect security attacks targeting the critical networks, systems or data that they monitor, and to report any violation by an external intruder or system insider.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
