In-depth Comparative Evaluation of Supervised Machine Learning Approaches for Detection of Cybersecurity Threats

Laurens D’hooge, Tim Wauters, Bruno Volckaert, Filip De Turck

Abstract

This paper describes the process and results of analyzing CICIDS2017, a modern, labeled data set for testing intrusion detection systems. The data set is divided into several days, each pertaining to different attack classes (Dos, DDoS, infiltration, botnet, etc.). A pipeline has been created that includes nine supervised learning algorithms. The goal was binary classification of benign versus attack traffic. Cross-validated parameter optimization, using a voting mechanism that includes five classification metrics, was employed to select optimal parameters. These results were interpreted to discover whether certain parameter choices were dominant for most (or all) of the attack classes. Ultimately, every algorithm was retested with optimal parameters to obtain the final classification scores. During the review of these results, execution time, both on consumer- and corporate-grade equipment, was taken into account as an additional requirement. The work detailed in this paper establishes a novel supervised machine learning performance baseline for CICIDS2017. Graphics of the results as well as the raw tables are publicly available at https://gitlab.ilabt.imec.be/lpdhooge/cicids2017-ml-graphics.

Download


Paper Citation


in Harvard Style

D’hooge L., Wauters T., Volckaert B. and De Turck F. (2019). In-depth Comparative Evaluation of Supervised Machine Learning Approaches for Detection of Cybersecurity Threats.In Proceedings of the 4th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-369-8, pages 125-136. DOI: 10.5220/0007724801250136


in Bibtex Style

@conference{iotbds19,
author={Laurens D’hooge and Tim Wauters and Bruno Volckaert and Filip De Turck},
title={In-depth Comparative Evaluation of Supervised Machine Learning Approaches for Detection of Cybersecurity Threats},
booktitle={Proceedings of the 4th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2019},
pages={125-136},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007724801250136},
isbn={978-989-758-369-8},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - In-depth Comparative Evaluation of Supervised Machine Learning Approaches for Detection of Cybersecurity Threats
SN - 978-989-758-369-8
AU - D’hooge L.
AU - Wauters T.
AU - Volckaert B.
AU - De Turck F.
PY - 2019
SP - 125
EP - 136
DO - 10.5220/0007724801250136