Intrusion Detection on CSE-CIC-IDS2018 Dataset Using Machine Learning Methods

Year 2024, Volume: 4 Issue: 2, 143 - 154, 01.10.2024

Halil İbrahim Coşar , Çağrı Arısoy , Hasan Ulutaş

Abstract

Over the past few decades, the significance of computer and information security has grown exponentially, driven by the escalating frequency and sophistication of cyber threats. Despite the rapid advancements in both intrusion techniques and security technologies, many organizations continue to rely on outdated cybersecurity strategies, leaving them vulnerable to increasingly complex cyberattacks. Conventional defenses, such as basic firewalls and signature-based detection systems, are often insufficient against modern attackers who use advanced methods, including zero-day exploits and polymorphic malware, to evade detection. Government web servers, which house vast amounts of sensitive citizen data, are especially attractive targets for malicious actors. In response to these evolving threats, the deployment of an Intrusion Detection System (IDS) has become a critical component in securing network infrastructures, providing an essential layer of defense against unauthorized access and data breaches.This study explores the efficacy of six distinct machine learning-based classification methods; Random Forest, Gradient Boosting, XGBoost, CatBoost, Logistic Regression, and LightGBM each selected for its particular strengths in handling complex, high-dimensional data. These algorithms were applied to a comprehensive dataset to detect malicious activities, with a focus on achieving high accuracy and robustness in classification performance. Remarkably, all six models demonstrated substantial effectiveness, achieving accuracy rates as high as 0.98 and AUC values reaching 1.00, underscoring their potential in enhancing IDS capabilities. The results highlight the importance of leveraging advanced machine learning techniques in bolstering cybersecurity defenses, particularly in critical domains like government data protection, where precision and reliability are paramount.

Keywords

network intrusion, classification, cyber security, machine learning

References

• [1] Atefinia, R., & Ahmadi, M. (2021). Network intrusion detection using multi-architectural modular deep neural network. Journal of Supercomputing, 77(4), 3571–3593. https://doi.org/10.1007/S11227-020-03410-Y/FIGURES/14
• [2] Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018-January, 108–116. https://doi.org/10.5220/0006639801080116
• [3] Hussein, S. M. (2016). Performance Evaluation of Intrusion Detection System Using Anomaly and Signature Based Algorithms to Reduction False Alarm Rate and Detect Unknown Attacks. 2016 International Conference on Computational Science and Computational Intelligence (CSCI), 1064–1069. https://doi.org/10.1109/CSCI.2016.0203
• [4] Chadza, T., Kyriakopoulos, K. G., & Lambotharan, S. (2019). Contemporary Sequential Network Attacks Prediction using Hidden Markov Model. 2019 17th International Conference on Privacy, Security and Trust, PST 2019 - Proceedings. https://doi.org/10.1109/PST47121.2019.8949035
• [5] IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB. (n.d.). Retrieved May 29, 2024, from https://www.unb.ca/cic/datasets/ids-2017.html
• [6] IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB. (n.d.). Retrieved May 29, 2024, from https://www.unb.ca/cic/datasets/ids-2018.html
• [7] Basnet, R., Johnson, C., Basnet, R. B., Shash, R., Walgren, L., & Doleck, T. (n.d.). Towards Detecting and Classifying Network Intrusion Traffic Using Deep Learning Frameworks. Researchgate.NetRB Basnet, R Shash, C Johnson, L Walgren, T DoleckJ. Internet Serv. Inf. Secur., 2019•researchgate.Net. https://doi.org/10.22667/JISIS.2019.11.30.001
• [8] D’hooge, L., Wauters, T., Volckaert, B., & De Turck, F. (2020). Inter-dataset generalization strength of supervised machine learning methods for intrusion detection. Journal of Information Security and Applications, 54, 102564. https://doi.org/10.1016/J.JISA.2020.102564
• [9] Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419. https://doi.org/10.1016/J.JISA.2019.102419
• [10] Fitni, Q. R. S., & Ramli, K. (2020). Implementation of ensemble learning and feature selection for performance improvements in anomaly-based intrusion detection systems. Proceedings - 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology, IAICT 2020, 118–124. https://doi.org/10.1109/IAICT50021.2020.9172014
• [11] Kanimozhi, V., & Prem Jacob, T. (2019). Artificial intelligence based network intrusion detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing. Proceedings of the 2019 IEEE International Conference on Communication and Signal Processing, ICCSP 2019, 33–36. https://doi.org/10.1109/ICCSP.2019.8698029
• [12] Karatas, G., Demir, O., & Sahingoz, O. K. (2020). Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset. IEEE Access, 8, 32150–32162. https://doi.org/10.1109/ACCESS.2020.2973219