Litcius/Paper detail

Detecting web attacks using random undersampling and ensemble learners

Richard Zuech, John Hancock, Taghi M. Khoshgoftaar

2021Journal Of Big Data84 citationsDOIOpen Access PDF

Abstract

Abstract Class imbalance is an important consideration for cybersecurity and machine learning. We explore classification performance in detecting web attacks in the recent CSE-CIC-IDS2018 dataset. This study considers a total of eight random undersampling (RUS) ratios: no sampling, 999:1, 99:1, 95:5, 9:1, 3:1, 65:35, and 1:1. Additionally, seven different classifiers are employed: Decision Tree (DT), Random Forest (RF), CatBoost (CB), LightGBM (LGB), XGBoost (XGB), Naive Bayes (NB), and Logistic Regression (LR). For classification performance metrics, Area Under the Receiver Operating Characteristic Curve (AUC) and Area Under the Precision-Recall Curve (AUPRC) are both utilized to answer the following three research questions. The first question asks: “Are various random undersampling ratios statistically different from each other in detecting web attacks?” The second question asks: “Are different classifiers statistically different from each other in detecting web attacks?” And, our third question asks: “Is the interaction between different classifiers and random undersampling ratios significant for detecting web attacks?” Based on our experiments, the answers to all three research questions is “Yes”. To the best of our knowledge, we are the first to apply random undersampling techniques to web attacks from the CSE-CIC-IDS2018 dataset while exploring various sampling ratios.

Topics & Concepts

UndersamplingRandom forestComputer scienceNaive Bayes classifierDecision treeMachine learningArtificial intelligenceSupport vector machineData miningNetwork Security and Intrusion DetectionImbalanced Data Classification TechniquesAnomaly Detection Techniques and Applications
Detecting web attacks using random undersampling and ensemble learners | Litcius