Critical Infrastructure Protection and Malware Analysis Lab, Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied Sciences, Islamabad 44000, Pakistan.
Shenzhen Institute of Information Technology, Shenzhen 518109, China.
Sensors (Basel). 2023 Jun 22;23(13):5829. doi: 10.3390/s23135829.
The advancements and reliance on digital data necessitates dependence on information technology. The growing amount of digital data and their availability over the Internet have given rise to the problem of information security. With the increase in connectivity among devices and networks, maintaining the information security of an asset has now become essential for an organization. Intrusion detection systems (IDS) are widely used in networks for protection against different network attacks. Several machine-learning-based techniques have been used among researchers for the implementation of anomaly-based IDS (AIDS). In the past, the focus primarily remained on the improvement of the accuracy of the system. Efficiency with respect to time is an important aspect of an IDS, which most of the research has thus far somewhat overlooked. For this purpose, we propose a multi-layered filtration framework (MLFF) for feature reduction using a statistical approach. The proposed framework helps reduce the detection time without affecting the accuracy. We use the CIC-IDS2017 dataset for experiments. The proposed framework contains three filters and is connected in sequential order. The accuracy, precision, recall and F1 score are calculated against the selected machine learning models. In addition, the training time and the detection time are also calculated because these parameters are considered important in measuring the performance of a detection system. Generally, decision tree models, random forest methods, and artificial neural networks show better results in the detection of network attacks with minimum detection time.
数字数据的进步和依赖需要依赖信息技术。越来越多的数字数据及其在互联网上的可用性引发了信息安全问题。随着设备和网络之间的连接性增加,维护资产的信息安全现在对组织来说至关重要。入侵检测系统(IDS)广泛用于网络中以防止各种网络攻击。研究人员在实现基于异常的 IDS(AIDS)时使用了几种基于机器学习的技术。过去,重点主要集中在提高系统的准确性上。时间效率是 IDS 的一个重要方面,而迄今为止,大多数研究在某种程度上都忽略了这一点。为此,我们提出了一种使用统计方法进行特征减少的多层过滤框架(MLFF)。该框架有助于在不影响准确性的情况下减少检测时间。我们使用 CIC-IDS2017 数据集进行实验。该框架包含三个过滤器,并按顺序连接。针对选定的机器学习模型计算准确性、精度、召回率和 F1 分数。此外,还计算了训练时间和检测时间,因为这些参数在衡量检测系统的性能时被认为很重要。通常,决策树模型、随机森林方法和人工神经网络在以最小检测时间检测网络攻击方面表现出更好的结果。
