<p>Accurate network traffic classification is essential for effective intrusion detection systems (IDS). This study evaluates four machine learning algorithms—SVM, Random Forest, XGBoost, and LightGBM—for detecting malicious traffic in the CICIDS 2017 dataset. While these algorithms achieve accuracy rates exceeding 99%, severe class imbalance leads to unacceptable false negative rates for minority attack classes, with some categories like "Web Attack - SQL Injection" and "Infiltration" being frequently misclassified as benign. To address this limitation, we propose a comprehensive uncertainty quantification framework that combines nine uncertainty measures from the SPROUT framework with additional distance-based metrics and Isolation Forest anomaly detection. Our approach transforms high-risk predictions into explicit uncertainty signals, enabling more sensitive detection of underrepresented attack types. Experimental results demonstrate substantial improvements: false negative rates for critical minority classes decreased by up to 50%, while maintaining overall accuracy above 98%. The integration of uncertainty measures particularly benefits the detection of sophisticated, low-frequency attacks that traditional classifiers often miss. This work demonstrates that uncertainty-aware classification significantly enhances IDS robustness against imbalanced threat landscapes, providing a practical framework for deploying more reliable intrusion detection in production environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Utilizing Uncertainty Measures to Improve the Performance of Intrusion Detection Systems

  • Quang-Vinh Dang

摘要

Accurate network traffic classification is essential for effective intrusion detection systems (IDS). This study evaluates four machine learning algorithms—SVM, Random Forest, XGBoost, and LightGBM—for detecting malicious traffic in the CICIDS 2017 dataset. While these algorithms achieve accuracy rates exceeding 99%, severe class imbalance leads to unacceptable false negative rates for minority attack classes, with some categories like "Web Attack - SQL Injection" and "Infiltration" being frequently misclassified as benign. To address this limitation, we propose a comprehensive uncertainty quantification framework that combines nine uncertainty measures from the SPROUT framework with additional distance-based metrics and Isolation Forest anomaly detection. Our approach transforms high-risk predictions into explicit uncertainty signals, enabling more sensitive detection of underrepresented attack types. Experimental results demonstrate substantial improvements: false negative rates for critical minority classes decreased by up to 50%, while maintaining overall accuracy above 98%. The integration of uncertainty measures particularly benefits the detection of sophisticated, low-frequency attacks that traditional classifiers often miss. This work demonstrates that uncertainty-aware classification significantly enhances IDS robustness against imbalanced threat landscapes, providing a practical framework for deploying more reliable intrusion detection in production environments.