Machine learning techniques for behavioral feature selection in network intrusion detection systems

Vicente Martinez, Rodrigo Salas, Oliver Tessini, Romina Torres

Resultado de la investigación: Contribución a los distintos tipos de conferenciaArtículorevisión exhaustiva

Resumen

Information systems are prone to receiving multiple types of attacks over the network. Therefore, Network Intrusion Detection Systems (NIDSs) analyze the behavior of the network traffic to detect anomalies and eventual cyberattacks. The NIDS must be able to detect these cyberattacks in an efficient and effective manner based on a set of features where it is expected that the performance depends on both the selected features and the machine learning technique used. The main goal of this work is to identify the most relevant characteristics required to detect, with a high sensitivity and precision, between normal traffic and a network intrusion, together with the most relevant features associated to the identification of a specific type of attack. In this work, a comparative study of different decision tree-based machine learning techniques combined with several feature selection techniques in order to accomplish the goal. Random Forest and the XGBoost achieved a performance that reaches up to 98.5% in the F-measure when the complete set of features were used. Results show the performance was just slightly reduced to 98% when the 10 most relevant features were used. Moreover, results also show that the model using only the 10 most relevant features was able to separately identify the type of attack with a performance of at least 90% in the F-measure. We conclude that it is possible to obtain and rank a subset of the most relevant features that characterize the intrusion pattern in the network traffic in order to support the decision of how many features to include during runtime under a real network environment.

Idioma originalInglés
Páginas91-96
Número de páginas6
DOI
EstadoPublicada - 2021
Evento11th International Conference of Pattern Recognition Systems, ICPRS 2021 - Virtual, Online
Duración: 17 mar. 202119 mar. 2021

Conferencia

Conferencia11th International Conference of Pattern Recognition Systems, ICPRS 2021
CiudadVirtual, Online
Período17/03/2119/03/21

Áreas temáticas de ASJC Scopus

  • Ingeniería eléctrica y electrónica

Huella

Profundice en los temas de investigación de 'Machine learning techniques for behavioral feature selection in network intrusion detection systems'. En conjunto forman una huella única.

Citar esto