This study analyzes the impact of the Synthetic Minority Oversampling Technique (SMOTE)Synthetic Minority Over-sampling Technique (SMOTE) on the detection of malicious traffic using machine learningMachine learning algorithms, particularly Random ForestRandom Forest. Intrusion DetectionIntrusion detection Systems (IDS) are often challenged by class imbalanceClass imbalance, where benign traffic significantly outweighs malicious instances, leading to biased classifiers that overlook minority attack patterns. To address this problem, the CSE-CIC-DDoS2019CSE-CIC-Ddos2019 dataset, characterized by severe imbalance, was employed to evaluate three scenarios: a baseline model without adjustments, a model optimized through random hyperparameter search, and a model trained with SMOTESynthetic Minority Over-sampling Technique (SMOTE) combined with class weight adjustment. The experimental results show that, while all three models achieved high accuracy in detecting malicious traffic, the inclusion of SMOTE significantly enhanced the detection of minority class instances. This improvement was most evident in evaluation metrics such as the F1-score and the Area Under the Curve (AUC), which demonstrated a more balanced performance across classes without compromising overall accuracy. These findings highlight SMOTE as an effective resampling strategy to mitigate dataset imbalance and strengthen the robustness of classification models. By enabling a more reliable detection of underrepresented attacks, SMOTE contributes to improving the performance of IDS in real-world environments, where data imbalance is a common challenge. Consequently, this research underscores the importance of integrating data-level techniques like SMOTESynthetic Minority Over-sampling Technique (SMOTE) into cybersecurityCybersecurity frameworks, ensuring that machine learningMachine learning models remain both accurate and fair when deployed in practical intrusion detectionIntrusion detection scenarios.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Application of SMOTE for Improving the Training of Intrusion Detection Models with Imbalanced Classes

  • Jairo Lascano-Banshuy,
  • Andrea Sánchez-Zumba,
  • Darío Robayo-Jácome

摘要

This study analyzes the impact of the Synthetic Minority Oversampling Technique (SMOTE)Synthetic Minority Over-sampling Technique (SMOTE) on the detection of malicious traffic using machine learningMachine learning algorithms, particularly Random ForestRandom Forest. Intrusion DetectionIntrusion detection Systems (IDS) are often challenged by class imbalanceClass imbalance, where benign traffic significantly outweighs malicious instances, leading to biased classifiers that overlook minority attack patterns. To address this problem, the CSE-CIC-DDoS2019CSE-CIC-Ddos2019 dataset, characterized by severe imbalance, was employed to evaluate three scenarios: a baseline model without adjustments, a model optimized through random hyperparameter search, and a model trained with SMOTESynthetic Minority Over-sampling Technique (SMOTE) combined with class weight adjustment. The experimental results show that, while all three models achieved high accuracy in detecting malicious traffic, the inclusion of SMOTE significantly enhanced the detection of minority class instances. This improvement was most evident in evaluation metrics such as the F1-score and the Area Under the Curve (AUC), which demonstrated a more balanced performance across classes without compromising overall accuracy. These findings highlight SMOTE as an effective resampling strategy to mitigate dataset imbalance and strengthen the robustness of classification models. By enabling a more reliable detection of underrepresented attacks, SMOTE contributes to improving the performance of IDS in real-world environments, where data imbalance is a common challenge. Consequently, this research underscores the importance of integrating data-level techniques like SMOTESynthetic Minority Over-sampling Technique (SMOTE) into cybersecurityCybersecurity frameworks, ensuring that machine learningMachine learning models remain both accurate and fair when deployed in practical intrusion detectionIntrusion detection scenarios.