Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees
Ryosuke Terado, Morihiro Hayashida
2020
Abstract
As computers become more widespread, they are exposed to threats such as cyber-attacks. In recent years, attacks have gradually changed, and security software’s must be frequently updated. Network-based intrusion detection systems (NIDSs) have been developed for detecting such attacks. It, however, is difficult to detect unknown attacks by the signature-based NIDS that decides whether or not an access is malicious based on known attacks. We aim at developing a methodology to efficiently detect new unidentified attacks by constructing a model from latest access records. Kyoto 2016 dataset was constructed for the evaluation of such methods, and machine learning methods including random forest (RF) were applied to the dataset. In this paper, we examine a deep neural network and gradient boosting tree methods additionally for session data with twelve features excluding IP addresses and port numbers on Kyoto 2016 dataset. The average accuracy by a gradient boosting method XGBoost achieved 0.9622 more than five times faster than RF. The results suggest that XGBoost outperforms other machine learning classifiers, and the elapsed time for the classification is significantly shorter.
DownloadPaper Citation
in Harvard Style
Terado R. and Hayashida M. (2020). Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 490-497. DOI: 10.5220/0008963504900497
in Bibtex Style
@conference{icissp20,
author={Ryosuke Terado and Morihiro Hayashida},
title={Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={490-497},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008963504900497},
isbn={978-989-758-399-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees
SN - 978-989-758-399-5
AU - Terado R.
AU - Hayashida M.
PY - 2020
SP - 490
EP - 497
DO - 10.5220/0008963504900497