Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning

Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning

In recent years, machine learning (ML) algorithms have been approved effective in the intrusion detection. However, as the ML algorithms are mainly applied to evaluate the anomaly of the network, the detection accuracy for cyberattacks with multiple types cannot be fully guaranteed. The existing alg...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Zengri Zeng, Wei Peng, Baokang Zhao
Formato: article
Lenguaje:EN
Publicado: Hindawi-Wiley 2021
Materias:
Technology (General)
T1-995
Science (General)
Q1-390
Acceso en línea:https://doaj.org/article/c3af11d54071445a8ff31338efc7b075
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:c3af11d54071445a8ff31338efc7b075
record_format dspace
spelling oai:doaj.org-article:c3af11d54071445a8ff31338efc7b0752021-11-15T01:19:23ZImproving the Accuracy of Network Intrusion Detection with Causal Machine Learning1939-012210.1155/2021/8986243https://doaj.org/article/c3af11d54071445a8ff31338efc7b0752021-01-01T00:00:00Zhttp://dx.doi.org/10.1155/2021/8986243https://doaj.org/toc/1939-0122In recent years, machine learning (ML) algorithms have been approved effective in the intrusion detection. However, as the ML algorithms are mainly applied to evaluate the anomaly of the network, the detection accuracy for cyberattacks with multiple types cannot be fully guaranteed. The existing algorithms for network intrusion detection based on ML or feature selection are on the basis of spurious correlation between features and cyberattacks, causing several wrong classifications. In order to tackle the abovementioned problems, this research aimed to establish a novel network intrusion detection system (NIDS) based on causal ML. The proposed system started with the identification of noisy features by causal intervention, while only the features that had a causality with cyberattacks were preserved. Then, the ML algorithm was used to make a preliminary classification to select the most relevant types of cyberattacks. As a result, the unique labeled cyberattack could be detected by the counterfactual detection algorithm. In addition to a relatively stable accuracy, the complexity of cyberattack detection could also be effectively reduced, with a maximum reduction to 94% on the size of training features. Moreover, in case of the availability of several types of cyberattacks, the detection accuracy was significantly improved compared with the previous ML algorithms.Zengri ZengWei PengBaokang ZhaoHindawi-WileyarticleTechnology (General)T1-995Science (General)Q1-390ENSecurity and Communication Networks, Vol 2021 (2021)
institution DOAJ
collection DOAJ
language EN
topic Technology (General)
T1-995
Science (General)
Q1-390
spellingShingle Technology (General)
T1-995
Science (General)
Q1-390
Zengri Zeng
Wei Peng
Baokang Zhao
Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning
description In recent years, machine learning (ML) algorithms have been approved effective in the intrusion detection. However, as the ML algorithms are mainly applied to evaluate the anomaly of the network, the detection accuracy for cyberattacks with multiple types cannot be fully guaranteed. The existing algorithms for network intrusion detection based on ML or feature selection are on the basis of spurious correlation between features and cyberattacks, causing several wrong classifications. In order to tackle the abovementioned problems, this research aimed to establish a novel network intrusion detection system (NIDS) based on causal ML. The proposed system started with the identification of noisy features by causal intervention, while only the features that had a causality with cyberattacks were preserved. Then, the ML algorithm was used to make a preliminary classification to select the most relevant types of cyberattacks. As a result, the unique labeled cyberattack could be detected by the counterfactual detection algorithm. In addition to a relatively stable accuracy, the complexity of cyberattack detection could also be effectively reduced, with a maximum reduction to 94% on the size of training features. Moreover, in case of the availability of several types of cyberattacks, the detection accuracy was significantly improved compared with the previous ML algorithms.
format article
author Zengri Zeng
Wei Peng
Baokang Zhao
author_facet Zengri Zeng
Wei Peng
Baokang Zhao
author_sort Zengri Zeng
title Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning
title_short Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning
title_full Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning
title_fullStr Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning
title_full_unstemmed Improving the Accuracy of Network Intrusion Detection with Causal Machine Learning
title_sort improving the accuracy of network intrusion detection with causal machine learning
publisher Hindawi-Wiley
publishDate 2021
url https://doaj.org/article/c3af11d54071445a8ff31338efc7b075
work_keys_str_mv AT zengrizeng improvingtheaccuracyofnetworkintrusiondetectionwithcausalmachinelearning
AT weipeng improvingtheaccuracyofnetworkintrusiondetectionwithcausalmachinelearning
AT baokangzhao improvingtheaccuracyofnetworkintrusiondetectionwithcausalmachinelearning
_version_ 1718428947461439488

Ejemplares similares