Context : Anomaly detection in cyber security is one of the critical component for identifying the malicious activities. These major activities includes as intrusions and fraud. Machine learning traditional algorithm suffers to detect such activities and struggles the imbalanced data. It may be missing rare threats (low recall) or generating excessive false positives (low precision). Objective: In this paper our objective is to detect the malicious activities through the seven widely used classifiers—Logistic Regression, SVM (Linear), Ridge Classifier, LDA, AdaBoost, K-Nearest Neighbors, and Naïve Bayes—on a standard Cybersecurity dataset. Materials and methodology: We also developed the data sampling strategies (SMOTE, ADASYN, random oversampling/under sampling, hybrid SMOTE+ENN) to detect the anomaly in cyber security dataset. We have estimated the performance of all the models. The stacked ensemble model SVM and Ridge has been considered as the base learners and AdaBoost as meta learner. The accuracy of stacked ensemble learner is 0.9746. Similarly we also performed weighted Hybrid model and obtained the accuracy of 0.9618. Similarly the Two-Stage Filters Accuracy is 0.9421. Results: From our experimental work reveals that the hybrid ensemble strategies significantly performed well for enhancing the Cybersecurity anomaly detection compared to standalone classifiers. Out of the 7 classifies it has been observed that the model Ridge obtained the best balance (AUC = 0.7476, recall = 0.60, MCC = 0.146). But the work confront that accuracy of AdaBoost is 97.78% as well as suffers the low recall 0.10. In case of stacked ensemble (SVM + Ridge \(\rightarrow \) AdaBoost performs well in overall performance (accuracy = 97.46%, AUC = 0.7312, F1 = 0.1547, MCC = 0.1985).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing Cybersecurity Anomaly Detection with Hybrid Models and Performance Trade-Offs

  • V. Ganesh,
  • A.V.S Pavan Kumar,
  • Neelamadhab Padhy,
  • Biplab Rath

摘要

Context : Anomaly detection in cyber security is one of the critical component for identifying the malicious activities. These major activities includes as intrusions and fraud. Machine learning traditional algorithm suffers to detect such activities and struggles the imbalanced data. It may be missing rare threats (low recall) or generating excessive false positives (low precision). Objective: In this paper our objective is to detect the malicious activities through the seven widely used classifiers—Logistic Regression, SVM (Linear), Ridge Classifier, LDA, AdaBoost, K-Nearest Neighbors, and Naïve Bayes—on a standard Cybersecurity dataset. Materials and methodology: We also developed the data sampling strategies (SMOTE, ADASYN, random oversampling/under sampling, hybrid SMOTE+ENN) to detect the anomaly in cyber security dataset. We have estimated the performance of all the models. The stacked ensemble model SVM and Ridge has been considered as the base learners and AdaBoost as meta learner. The accuracy of stacked ensemble learner is 0.9746. Similarly we also performed weighted Hybrid model and obtained the accuracy of 0.9618. Similarly the Two-Stage Filters Accuracy is 0.9421. Results: From our experimental work reveals that the hybrid ensemble strategies significantly performed well for enhancing the Cybersecurity anomaly detection compared to standalone classifiers. Out of the 7 classifies it has been observed that the model Ridge obtained the best balance (AUC = 0.7476, recall = 0.60, MCC = 0.146). But the work confront that accuracy of AdaBoost is 97.78% as well as suffers the low recall 0.10. In case of stacked ensemble (SVM + Ridge \(\rightarrow \) AdaBoost performs well in overall performance (accuracy = 97.46%, AUC = 0.7312, F1 = 0.1547, MCC = 0.1985).