Enhancing Cybersecurity Anomaly Detection with Hybrid Models and Performance Trade-Offs
摘要
Context : Anomaly detection in cyber security is one of the critical component for identifying the malicious activities. These major activities includes as intrusions and fraud. Machine learning traditional algorithm suffers to detect such activities and struggles the imbalanced data. It may be missing rare threats (low recall) or generating excessive false positives (low precision). Objective: In this paper our objective is to detect the malicious activities through the seven widely used classifiers—Logistic Regression, SVM (Linear), Ridge Classifier, LDA, AdaBoost, K-Nearest Neighbors, and Naïve Bayes—on a standard Cybersecurity dataset. Materials and methodology: We also developed the data sampling strategies (SMOTE, ADASYN, random oversampling/under sampling, hybrid SMOTE+ENN) to detect the anomaly in cyber security dataset. We have estimated the performance of all the models. The stacked ensemble model SVM and Ridge has been considered as the base learners and AdaBoost as meta learner. The accuracy of stacked ensemble learner is 0.9746. Similarly we also performed weighted Hybrid model and obtained the accuracy of 0.9618. Similarly the Two-Stage Filters Accuracy is 0.9421. Results: From our experimental work reveals that the hybrid ensemble strategies significantly performed well for enhancing the Cybersecurity anomaly detection compared to standalone classifiers. Out of the 7 classifies it has been observed that the model Ridge obtained the best balance (AUC = 0.7476, recall = 0.60, MCC = 0.146). But the work confront that accuracy of AdaBoost is 97.78% as well as suffers the low recall 0.10. In case of stacked ensemble (SVM + Ridge \(\rightarrow \) AdaBoost performs well in overall performance (accuracy = 97.46%, AUC = 0.7312, F1 = 0.1547, MCC = 0.1985).