Yığınlanmış Ensemble Öğrenme ile Yüksek Hassasiyetli Bir Siber Güvenlik Modeli

Abstract

Yapay Zekâ (YZ) tekniklerinin çeşitli alanlardaki başarıları, bu teknolojilerin siber güvenlikte kullanımına olan ilgiyi önemli ölçüde artırmıştır. Makine Öğrenmesi (ML) teknikleri kötü amaçlı faaliyetleri tespit etmede etkili olsa da, bazı zorluklar performans doğruluğunu olumsuz etkileyebilir. Etkili bir Saldırı Tespit Sistemi (İSS) geliştirmek, uygun tekniklerin ve özelliklerin dikkatli bir şekilde seçilmesini gerektirir. Bu çalışmada, ağ saldırılarını sınıflandırmak için Karar Ağacı (DT), XGBoost ve Çok Katmanlı Algılayıcı (MLP) temel modelleri ve Lojistik Regresyon (LR) meta modeli kullanılarak bir Yığınlı Topluluk Öğrenmesi (SEL) modeli geliştirilmiştir. Ek olarak, modelin genelleme yeteneğini geliştirmek ve aşırı uyumu önlemek için K-Katlı çapraz doğrulama yöntemi kullanılmıştır. K-Katlı çapraz doğrulama yöntemiyle birleştirilen SEL modeli, NSL-KDD veri kümesinde %99,65 ve CICIDS2017 veri kümesinde %99,50 doğruluk elde etmiştir. Bu, SEL modelinin K-katlı çapraz doğrulama yöntemiyle birleştirilmesinin siber güvenlik alanında ağ saldırılarını tespit etmede yüksek doğruluk sağlayabileceğini göstermektedir. Ayrıca bu yöntemlerin siber tehditleri tespit etmede ne kadar etkili olabileceğini de vurgulamaktadır.

Keywords

• Yığınlamalı Topluluk Öğrenimi
• K-Katlı Çapraz Doğrulama
• Siber güvenlik
• Saldırı sınıflandırma

A High-Precession Cybersecurity Model with Stacked Ensemble Learning

Abstract

The successes of Artificial Intelligence (AI) techniques in various fields have significantly increased interest in the use of these technologies in cybersecurity. Although Machine Learning (ML) techniques are effective in detecting malicious activities, certain challenges can negatively impact performance ACC. Developing an effective Intrusion Detection System (IDS) requires the careful selection of appropriate techniques and features. In this study, a Stacking Ensemble Learning (SEL) model is developed to classify network attacks, with Decision Tree (DT), XGBoost, and Multi-Layer Perceptron (MLP) as the base models and Logistic Regression (LR) as the meta-model. Additionally, the K-Fold cross-validation (K-Fold CV) method is employed to improve the generalization capability of the model and prevent overfitting. The SEL model combined with the K-Fold CV method achieved 99.65% ACCon the NSL-KDD dataset and 99.50% ACC on the CICIDS2017 dataset. This demonstrates that combining the SEL model with the K-Fold CV method can achieve high ACCin detecting network attacks in the field of cybersecurity. It also highlights how effective these methods can be in detecting cyber threats.

Keywords

• Stacking Ensemble Learning
• K-Fold cross-validation
• cyber security
• Attack classification

References

1. [1] Al-Garadi MA, Mohamed A, Al-Ali A, et al. Nesnelerin İnterneti (IoT) güvenliği için makine ve derin öğrenme yöntemlerine ilişkin bir araştırma. arXiv.org, cilt. arXiv:1807.11023, 2018, s.1–42.
2. [2] Dasgupta, D. et al. ML in cybersecurity: a comprehensive survey, The Journal of Defense Modeling and Simulation, 2022, Vol. 19, No. 1, pp. 57-106.
3. [3] Tong, W. et al. A survey on intrusion detection system for advanced metering infrastructure, In: Sixth international conference on instrumentation & measurement, computer, communication and control (IMCCC), IEEE, Harbin, China, July 2016, pp. 33-37.
4. [4] Altın O. AB’nin Siber Güvenlik Alanındaki Politikalarının ve Uygulamalarının Etkinliği: Bir Siber Güvenlik Temsilcisi Olarak AB’nin Yeterliliği. Çankırı Karatekin Üniversitesi İktisadi ve İdari Bilimler Fakültesi Dergisi. 2023, 13(2):482-507.
5. [5] Willard, GN. Understanding the Co-Evolution of Cyber Defenses and Attacks to Achieve Enhanced Cybersecurity. Journal of Information Warfare, vol. 2015, 14, no. 2, pp. 16–30. JSTOR.
6. [6] Neciyev, S. and Pazarbaşı, B. Siber Güvenlik, Siber Savaş Alanında Seçili Anahtar Kelimeler ile İlgili Araştırmaların Bibliyometrik Analizi. Gazi Üniversitesi Fen Bilimleri Dergisi Part C: Tasarım ve Teknoloji. 2023.
7. [7] Alaca, Y., Celık, Y., & Goel, S. Anomaly Detection in Cyber Security with Graph-Based LSTM in Log Analysis. Chaos Theory and Applications. 2023, 5(3), 188-197.
8. [8] Yeniman Yıldırım, E. Bilişim Sistemlerine Yönelik Siber Saldırılar ve Siber Güvenliğin Sağlanması. Mesleki Bilimler Dergisi (MBD). 2018: 7(2), 24-33.

9. [9] Halbouni, A. et al.: ML and Deep Learning Approaches for CyberSecuriy: A Review, IEEE Access, 2022, Vol. 10, pp. 19572-19585.
10. [10] Abdullahi, M. et al.: Detecting cyber security attacks in the internet of things using AI methods: A systematic literature review. Electronics, 2022, Vol. 11, No. 2, 198.
11. [11] Salih, A. A. and Abdulrazaq, M. B. Combining Best Features Selection Using Three Classifiers in Intrusion Detection System, 2019 International Conference on Advanced Science and Engineering (ICOASE), Zakho - Duhok, Iraq, 2019, pp. 94-99.
12. [12] Tokmak, M. Öğrencilerin Siber Güvenlik Farkındalık Düzeylerinin Makine Öğrenmesi Yöntemleri ile Belirlenmesi. Yüzüncü Yıl Üniversitesi Fen Bilimleri Enstitüsü Dergisi. 2023, 28(2), 451-466. https://doi.org/10.53433/yyufbed.1181694.
13. [13] İlgün E, Samet R. Veri setine uygulanan ön işlemler ile makine öğrenimi yöntemi kullanılarak geliştirilen saldırı tespit modellerinin performanslarının arttırılması. GUMMFD. 2023, 39(2):679-92.
14. [14] Tuğrul B, Ahmed ASA. Makine öğrenme yöntemleri ile ağ trafik analizi. NÖHÜ Mühendislik Bilimleri Dergisi. 2022, 11(4):862-70.
15. [15] Dovbysh, A, Liubchak, V, Shelehov, I, Simonovskiy, J, & Tenytska, A. Information-extreme ML of a cyber attack detection system. Radıoelectronıc and Computer Systems. 2022, 3, 121–131. doi: https://doi.org/10.32620/reks.2022.3.09.
16. [16] Albakri A, Alabdullah B, Alhayan F. Blockchain-assisted ML with hybrid metaheuristics-empowered cyber attack detection and classification model. 2023, Sustainability 15:13887. https://doi.org/10.3390/su151813887.
17. [17] Reddy, D, Sajjan, B.T, & Sadiq, S.J. Detection of Cyber Attack in Network using ML Techniques. 2021, Vol. 1 No. 2.
18. [18] Lu, M., Hou, Q., Qin, S., Zhou, L., Hua, D., Wang, X., & Cheng, L. (2023). A stacking ensemble model of various ML models for daily runoff forecasting. Water, 15(7), 1265.
19. [19] Jaiyeoba, O., Ogbuju, E., Yomi, O. T., & Oladipo, F. (2024). Development of a model to classify skin diseases using stacking ensemble ML techniques. Journal of Computing Theories and Applications, 2(1), 23–37. https://doi.org/10.62411/jcta.10488
20. [20] Ghasemieh, A., Lloyed, A., Bahrami, P., Vajar, P., & Kashef, R. (2023). A novel ML model with stacking ensemble learner for predicting emergency readmission of heart-disease patients. Decision Analytics Journal, 7, 100242. https://doi.org/10.1016/j.dajour.2023.100242
21. [21] Zhu, X., Hu, J., Xiao, T., Huang, S., Wen, Y., & Shang, D. (2022). An interpretable stacking ensemble learning framework based on multi-dimensional data for real-time prediction of drug concentration: The example of olanzapine. Frontiers in Pharmacology, 13, 975855. https://doi.org/10.3389/fphar.2022.975855.
22. [22] Fernandes, E., Holanda, M., Victorino, M., Borges, V., Carvalho, R., & Van Erven, T. (2019). A Stacking-Based Ensemble Learning Approach for Predicting Student Performance. IEEE Access, 7, 104746-104758. https://doi.org/10.1109/ACCESS.2019.2931811
23. [23] Tavallaee, M. et al: A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 2009, pp. 1-6
24. [24] Hafid, H. (2023). Penerapan K-Fold Cross Validation untuk Menganalisis Kinerja Algoritma K-Nearest Neighbor pada Data Kasus Covid-19 di Indonesia. Journal of Mathematics, 6(2), 161-168.
25. [25] Wu, W., Xia, Y., & Jin, W. (2020). Predicting bus passenger flow and prioritizing influential factors using multi-source data: Scaled stacking gradient boosting DTs. IEEE Transactions on Intelligent Transportation Systems, 22(4), 2510-2523.
26. [26] Li, Q., & Song, Z. (2023). Prediction of compressive strength of rice husk ash concrete based on stacking ensemble learning model. Journal of Cleaner Production, 382, 135279.
27. [27] Ali, J, Khan, R, Ahmad, N, & Maqsood, I. Random forests and DTs. International Journal of Computer Science Issues (IJCSI). 2012, 9(5), 272.
28. [28] Chen, T., & Guestrin, C. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining. 2016, pp. 785-794.
29. [29] Pervaiz, M., Jalal, A., & Kim, K. (2021, January). Hybrid algorithm for multi people counting and tracking for smart surveillance. In 2021 International Bhurban conference on applied sciences and technologies (IBCAST) (pp. 530-535). IEEE.
30. [30] Naseer, A., & Jalal, A. (2024, February). Multimodal Objects Categorization by Fusing GMM and MLP. In 2024 5th International Conference on Advancements in Computational Sciences (ICACS) (pp. 1-7). IEEE.
31. [31] Arif, A., & Jalal, A. (2021, January). Automated body parts estimation and detection using salient maps and Gaussian matrix model. In 2021 International Bhurban Conference on Applied Sciences and Technologies (IBCAST) (pp. 667-672). IEEE.
32. [32] Shuja, A., & Jalal, A. (2023). Vehicle detection and tracking from Aerial imagery via YOLO and centroid tracking. IEEE ICACS, 151, 183-195.
33. [33] Orozco-Arias, S, Piña, J. S, Tabares-Soto, R, Castillo-Ossa, L. F, Guyot, R, & Isaza, G. Measuring performance metrics of ML algorithms for detecting and classifying transposable elements. Processes. 2020, 8(6), 638.
34. [34] Abrar, I, Ayub, Z, Masoodi, F, & Bamhdi, A. M. A ML approach for intrusion detection system on NSL-KDD dataset. In 2020 international conference on smart electronics and communication (ICOSEC). IEEE .2020, pp. 919-924.
35. [35] Liu, J, Kantarci, B, & Adams, C. ML-driven intrusion detection for Contiki-NG-based IoT networks exposed to NSL-KDD dataset. In Proceedings of the 2nd ACM workshop on wireless security and ML. 2020, pp. 25-30.
36. [36] Rashid, M., Kamruzzaman, J., Imam, T., Wibowo, S., & Gordon, S. (2022). A tree-based stacking ensemble technique with feature selection for network intrusion detection. Applied Intelligence, 52(9), 9768-9781.
37. [37] Sneha, S., Roshni, A., & Padmavathi, G. (2024). A Stacked Ensemble Model to Detect Network Intrusions. Grenze International Journal of Engineering & Technology (GIJET), 10.
38. [38] Kasim, Ö.: An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks. Computer Networks, 2020, Vol. 180, pp. 107390
39. [39] Jemili, F., Meddeb, R., & Korbaa, O. (2024). Intrusion detection based on ensemble learning for big data classification. Cluster Computing, 27(3), 3771-3798.
40. [40] Fuat, T. Analysis of intrusion detection systems in UNSW-NB15 and NSL-KDD datasets with ML algorithms. Bitlis Eren Üniversitesi Fen Bilimleri Dergisi. 2023, 12(2), 465-477.
41. [41] Alhabshy, A. A., Hameed, B. I., & Eldahshan, K. A. (2022). An ameliorated multiattack network anomaly detection in distributed big data system-based enhanced stacking multiple binary classifiers. IEEE Access, 10, 52724-52743.