TY - GEN
T1 - A Nested-Cascade Machine Learning Based Model for Intrusion Detection Systems
AU - Torres, Romina
AU - Solis, Miguel A.
AU - Martinez, Vicente
AU - Salas, Rodrigo
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - In datasets, the preponderance of imbalanced classes impedes accurate cyberattack categorization. While high aggregate accuracy is sought, it's paramount to adeptly classify all attack types, especially the under-represented ones. Existing methodologies, such as Ensemble techniques and the Synthetic Minority Oversampling Technique (SMOTE), address these disparities, yet the dynamic nature of underrepresented cyberattacks in cybersecurity remains a concern. To address this, we introduce a nested cascade model tailored for diverse cyberattacks within imbalanced datasets. This model leverages binary classifiers across tiers, each targeting a specific attack type. Before initializing the cascade, SMOTE is applied to counterbalance class disparities. The cascade's classification sequence employs a dual strategy: an initial one-vs-all binary classifier approach for pending classes, followed by prioritization based on model performance. We assessed our approach using the UNSW-NB15 dataset. Preliminary results indicate approximately 80% efficiency across metrics like accuracy, recall, and Fl-score. Notably, SMOTE's in- tegration yielded significant improvements for underrepresented classes.
AB - In datasets, the preponderance of imbalanced classes impedes accurate cyberattack categorization. While high aggregate accuracy is sought, it's paramount to adeptly classify all attack types, especially the under-represented ones. Existing methodologies, such as Ensemble techniques and the Synthetic Minority Oversampling Technique (SMOTE), address these disparities, yet the dynamic nature of underrepresented cyberattacks in cybersecurity remains a concern. To address this, we introduce a nested cascade model tailored for diverse cyberattacks within imbalanced datasets. This model leverages binary classifiers across tiers, each targeting a specific attack type. Before initializing the cascade, SMOTE is applied to counterbalance class disparities. The cascade's classification sequence employs a dual strategy: an initial one-vs-all binary classifier approach for pending classes, followed by prioritization based on model performance. We assessed our approach using the UNSW-NB15 dataset. Preliminary results indicate approximately 80% efficiency across metrics like accuracy, recall, and Fl-score. Notably, SMOTE's in- tegration yielded significant improvements for underrepresented classes.
KW - Intrusion detection
KW - cascading
KW - classification
KW - cybersecurity
KW - imbalanced dataset
KW - machine learning
UR - http://www.scopus.com/inward/record.url?scp=85189564046&partnerID=8YFLogxK
U2 - 10.1109/CHILECON60335.2023.10418750
DO - 10.1109/CHILECON60335.2023.10418750
M3 - Conference contribution
AN - SCOPUS:85189564046
T3 - Proceedings - IEEE CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies, ChileCon
BT - ChileCon 2023 - 2023 IEEE CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies, ChileCon 2023
Y2 - 5 December 2023 through 7 December 2023
ER -