Cybersecurity systems face increasing threats from complex and evolving cyberattacks, making resilient intrusion detection mechanisms essential for modern networks. This study evaluates and compares the resiliency of three machine-learning-based intrusion detection systems—Random Forest (RF-IDS), Gradient Boosting (GB-IDS), and Logistic Regression (LR-IDS)—using the CICIDS2017 benchmark dataset. The research adopts an experimental and quantitative approach in which multiple attack types, including DDoS, PortScan, WebAttack, Botnet, and Benign traffic, are analyzed through data preprocessing, feature extraction, and binary classification. Each model is trained and tested under identical conditions, and performance is assessed using Accuracy, Recall, False Positive Rate (FPR), and a composite Resiliency Score. Additionally, the study examines the impact of attack complexity by categorizing threats into Simple and Complex groups and conducting statistical hypothesis testing. Results indicate that while all three models achieve high recall, Random Forest demonstrates superior overall resiliency with lower false alarms. The findings provide empirical evidence to guide the selection of robust, scalable, and reliable intrusion detection systems for real-world cybersecurity applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Impact of Attack Complexity and Sophistication on the Resiliency of ML-Based Intrusion Detection Systems

  • Smith Gonsalves,
  • Priyanka Ameta,
  • Rajesh Kanja

摘要

Cybersecurity systems face increasing threats from complex and evolving cyberattacks, making resilient intrusion detection mechanisms essential for modern networks. This study evaluates and compares the resiliency of three machine-learning-based intrusion detection systems—Random Forest (RF-IDS), Gradient Boosting (GB-IDS), and Logistic Regression (LR-IDS)—using the CICIDS2017 benchmark dataset. The research adopts an experimental and quantitative approach in which multiple attack types, including DDoS, PortScan, WebAttack, Botnet, and Benign traffic, are analyzed through data preprocessing, feature extraction, and binary classification. Each model is trained and tested under identical conditions, and performance is assessed using Accuracy, Recall, False Positive Rate (FPR), and a composite Resiliency Score. Additionally, the study examines the impact of attack complexity by categorizing threats into Simple and Complex groups and conducting statistical hypothesis testing. Results indicate that while all three models achieve high recall, Random Forest demonstrates superior overall resiliency with lower false alarms. The findings provide empirical evidence to guide the selection of robust, scalable, and reliable intrusion detection systems for real-world cybersecurity applications.