Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees

Ryosuke Terado, Morihiro Hayashida

2020

Abstract

As computers become more widespread, they are exposed to threats such as cyber-attacks. In recent years, attacks have gradually changed, and security software’s must be frequently updated. Network-based intrusion detection systems (NIDSs) have been developed for detecting such attacks. It, however, is difficult to detect unknown attacks by the signature-based NIDS that decides whether or not an access is malicious based on known attacks. We aim at developing a methodology to efficiently detect new unidentified attacks by constructing a model from latest access records. Kyoto 2016 dataset was constructed for the evaluation of such methods, and machine learning methods including random forest (RF) were applied to the dataset. In this paper, we examine a deep neural network and gradient boosting tree methods additionally for session data with twelve features excluding IP addresses and port numbers on Kyoto 2016 dataset. The average accuracy by a gradient boosting method XGBoost achieved 0.9622 more than five times faster than RF. The results suggest that XGBoost outperforms other machine learning classifiers, and the elapsed time for the classification is significantly shorter.

Download


Paper Citation


in Harvard Style

Terado R. and Hayashida M. (2020). Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 490-497. DOI: 10.5220/0008963504900497


in Bibtex Style

@conference{icissp20,
author={Ryosuke Terado and Morihiro Hayashida},
title={Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={490-497},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008963504900497},
isbn={978-989-758-399-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Improving Accuracy and Speed of Network-based Intrusion Detection using Gradient Boosting Trees
SN - 978-989-758-399-5
AU - Terado R.
AU - Hayashida M.
PY - 2020
SP - 490
EP - 497
DO - 10.5220/0008963504900497