Show simple item record

Files in this item

Thumbnail
Name:
information_10_00159.pdf
Size:
3.041Mb
Format:
PDF
View/Open

Improving intrusion detection model prediction by threshold adaptation

Item metadata

dc.contributor.authorAl Tobi, Amjad Mohamed Hamdan
dc.contributor.authorDuncan, Ishbel Mary Macdonald
dc.date.accessioned2019-05-02T12:30:01Z
dc.date.available2019-05-02T12:30:01Z
dc.date.issued2019-04-30
dc.identifier.citationAl Tobi , A M H & Duncan , I M M 2019 , ' Improving intrusion detection model prediction by threshold adaptation ' , Information , vol. 10 , no. 5 , 159 , pp. 1-42 . https://doi.org/10.3390/info10050159en
dc.identifier.issn2078-2489
dc.identifier.otherPURE: 258834046
dc.identifier.otherPURE UUID: a62db5d7-00dc-4312-a222-1f3fec02a408
dc.identifier.otherORCID: /0000-0001-7297-9199/work/57088496
dc.identifier.otherScopus: 85065886636
dc.identifier.otherWOS: 000470959300006
dc.identifier.urihttp://hdl.handle.net/10023/17630
dc.descriptionThis research was supported and funded by the Government of the Sultanate of Oman represented by the Ministry of Higher Education and the Sultan Qaboos University.en
dc.description.abstractNetwork traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the accuracy of anomaly-based network intrusion detection systems (IDS) that are built using predictive models in a batch learning setup. This work investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these intrusion detection models. Specifically, this research studied the adaptability features of three well known machine learning algorithms: C5.0, Random Forest and Support Vector Machine. Each algorithm’s ability to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. Multiple IDS datasets were used for the analysis, including a newly generated dataset (STA2018). This research demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation traffic have different statistical properties. Tests were undertaken to analyse the effects of feature selection and data balancing on model accuracy when different significant features in traffic were used. The effects of threshold adaptation on improving accuracy were statistically analysed. Of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates.
dc.format.extent42
dc.language.isoeng
dc.relation.ispartofInformationen
dc.rights© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).en
dc.subjectIntrusion Detection Systemen
dc.subjectAnomaly-based IDSen
dc.subjectThreshold adaptationen
dc.subjectPrediction accuracy improvementen
dc.subjectMachine learningen
dc.subjectSTA2018 dataseten
dc.subjectC5.0en
dc.subjectRandom foresten
dc.subjectSupport vector machineen
dc.subjectQA75 Electronic computers. Computer scienceen
dc.subjectT Technologyen
dc.subjectArtificial Intelligenceen
dc.subjectComputer Science Applicationsen
dc.subjectDASen
dc.subjectBDCen
dc.subject.lccQA75en
dc.subject.lccTen
dc.titleImproving intrusion detection model prediction by threshold adaptationen
dc.typeJournal articleen
dc.description.versionPublisher PDFen
dc.contributor.institutionUniversity of St Andrews. School of Computer Scienceen
dc.identifier.doihttps://doi.org/10.3390/info10050159
dc.description.statusPeer revieweden
dc.identifier.urlhttps://www.mdpi.com/journal/information/special_issues/ML_Cybersecurityen


This item appears in the following Collection(s)

Show simple item record

Items in the St Andrews Research Repository are protected by copyright, with all rights reserved, unless otherwise indicated.