Determining Resampling Ratios Using BSMOTE and SVM-SMOTE for Identifying Rare Attacks in Imbalanced Cybersecurity Data-Reference-Cited by-同舟云学术

Determining Resampling Ratios Using BSMOTE and SVM-SMOTE for Identifying Rare Attacks in Imbalanced Cybersecurity Data

Published:2023-10-11 Issue:10 Volume:12 Page:204
ISSN:2073-431X
Container-title:Computers
language:en
Short-container-title:Computers

Author:

Bagui Sikha S.¹^ORCID,Mink Dustin¹^ORCID,Bagui Subhash C.²^ORCID,Subramaniam Sakthivel¹

Affiliation:

1. Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA

2. Department of Mathematics and Statistics, University of West Florida, Pensacola, FL 32514, USA

Abstract

Machine Learning is widely used in cybersecurity for detecting network intrusions. Though network attacks are increasing steadily, the percentage of such attacks to actual network traffic is significantly less. And here lies the problem in training Machine Learning models to enable them to detect and classify malicious attacks from routine traffic. The ratio of actual attacks to benign data is significantly high and as such forms highly imbalanced datasets. In this work, we address this issue using data resampling techniques. Though there are several oversampling and undersampling techniques available, how these oversampling and undersampling techniques are most effectively used is addressed in this paper. Two oversampling techniques, Borderline SMOTE and SVM-SMOTE, are used for oversampling minority data and random undersampling is used for undersampling majority data. Both the oversampling techniques use KNN after selecting a random minority sample point, hence the impact of varying KNN values on the performance of the oversampling technique is also analyzed. Random Forest is used for classification of the rare attacks. This work is done on a widely used cybersecurity dataset, UNSW-NB15, and the results show that 10% oversampling gives better results for both BMSOTE and SVM-SMOTE.

Funder

the National Centers of Academic Excellence in Cybersecurity

Cyber Research Innovation Grant Program

Publisher

MDPI AG

Subject

Computer Networks and Communications,Human-Computer Interaction

Link

https://www.mdpi.com/2073-431X/12/10/204/pdf

Reference33 articles.

1. Cisco (2023). What Is a Cyberattack?—Most Common Types, Cisco. Available online: https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~how-cyber-attacks-work.

2. What Is a Cyberattack?, IBM. Available online: https://www.ibm.com/topics/cyber-attack.

3. Delplace, A., Hermoso, S., and Anandita, K. (2020). Cyber Attack Detection thanks to Machine Learning Algorithms. arXiv, Available online: https://arxiv.org/abs/2001.06309.

4. Alencar, R. (2017). Resampling Strategies for Imbalanced Datasets, Kaggle. Available online: https://www.kaggle.com/code/rafjaa/resampling-strategies-for-imbalanced-datasets.

5. Network intrusion detection using oversampling technique and machine learning algorithms;Ahmed;PeerJ. Comput. Sci.,2022

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Hybrid Models for IoT Security: Tackling Class Imbalance;2024 11th International Conference on Wireless Networks and Mobile Communications (WINCOM);2024-07-23

2. Strip Steel Defect Prediction Based on Improved Immune Particle Swarm Optimisation–Improved Synthetic Minority Oversampling Technique–Stacking;Applied Sciences;2024-07-04

3. Influence of Preprocessing Methods of Automated Milking Systems Data on the Prediction of Mastitis with Machine Learning Models;2024-06-25

4. Credit Card Fraud Detection Using Machine Learning;2024 IEEE International Conference on Cybernetics and Innovations (ICCI);2024-03-29

5. Resampling to Classify Rare Attack Tactics in UWF-ZeekData22;Knowledge;2024-03-14