Evaluating the Impact of Different Feature as a Counter Data Aggregation approaches on the Performance of NIDSs and Their Selected Features-Reference-Cited by-同舟云学术

Evaluating the Impact of Different Feature as a Counter Data Aggregation approaches on the Performance of NIDSs and Their Selected Features

Published:2024-03-16 Issue:2 Volume:32 Page:263-280
ISSN:1367-0751
Container-title:Logic Journal of the IGPL
language:en
Short-container-title:

Author:

Magán-Carrión Roberto¹,Urda Daniel²,Diaz-Cano Ignacio³,Dorronsoro Bernabé⁴

Affiliation:

1. Network Engineering & Security Group , Department of Signal Theory, Communications and Telematics, CITIC-University of Granada, 18014, Granada, Spain , rmagan@ugr.es

2. Grupo de Inteligencia Computacional Aplicada (GICAP) , Departamento de Digitalización, Escuela Politécnica Superior, Universidad de Burgos, Av. Cantabria s/n, 09006, Burgos, Spain , durda@ubu.es

3. Applied Robotics Group , Department of Automatic, Electronic, Computer Architecture and Com. Net. Engineering, University of Cádiz, 11519, Puerto Real, Cádiz, Spain , ignacio.diaz@uca.es

4. Graphical Methods , Optimization & Learning (GOAL) Group, Department of Computer Engineering, University of Cádiz, 11519, Puerto Real, Cádiz, Spain; School of Computer Science, Faculty of Engineering, The University of Sydney, 2008, Darlington, NSW, Australia , bernabe.dorronsorodiaz@sydney.edu.au

Abstract

Abstract There is much effort nowadays to protect communication networks against different cybersecurity attacks (which are more and more sophisticated) that look for systems’ vulnerabilities they could exploit for malicious purposes. Network Intrusion Detection Systems (NIDSs) are popular tools to detect and classify such attacks, most of them based on ML models. However, ML-based NIDSs cannot be trained by feeding them with network traffic data as it is. Thus, a Feature Engineering (FE) process plays a crucial role transforming network traffic raw data onto derived one suitable for ML models. In this work, we study the effects of applying one such FE technique in different ways on the performance of two ML models (linear and non-linear) and their selected features. This the Feature as a Counter approach. The derived observations are computed from either with the same number of raw samples, (batch-based approaches) or by aggregating them by time intervals (timestamp-based approach). Results show that there is no significant differences between the proposed approaches neither in the performance of the models nor in the selected features that validate our proposal making it feasible to be widely used as a standard FE method.

Publisher

Oxford University Press (OUP)

Link

https://academic.oup.com/jigpal/article-pdf/32/2/263/58499062/jzae007.pdf

Reference36 articles.

1. Deep-intrusion detection system with enhanced unsw-nb15 dataset based on deep learning techniques;Aleesa;Journal of Engineering Science and Technology,2021

2. A systematic review of artificial intelligence and machine learning techniques for cyber security;Ali,2020

3. Performance evaluation of intrusion detection based on machine learning using Apache Spark;Belouch;Procedia Computer Science,2018

4. FCM: the fuzzy c-means clustering algorithm;Bezdek;Computers & Geosciences,1984