University Links: Home Page | Site Map
Covenant University Repository

AN ARGMAX ONE-VS-ALL APPROACH FOR MULTI-CLASS ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM

OWOKA, EMMANUEL OLUSOLA and Covenant University, Theses (2022) AN ARGMAX ONE-VS-ALL APPROACH FOR MULTI-CLASS ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEM. Masters thesis, COVENANT UNIVERSITY.

[img] PDF
Download (606kB)

Abstract

The internet is advancing at a fast pace, and it is very essential to individuals and organizations. Also, there are a lot of malicious actors on the internet and a successful attack on a victim can be very devastating. Hence, the growing need for cybersecurity. Network security helps protect computer networks from attackers and this can be achieved with the help of intrusion detection systems (IDS). Over the years researchers have proposed improvements to IDSs, however, the problem of low detection rate especially towards minority classes within the available datasets plagues the research area. This study builds and evaluates an ensemble anomaly-based network intrusion detection system for multi-class classification using an argmax one-vs-all approach. The Communications Security Establishment and the Canadian Institute for Cybersecurity Intrusion Detection System 2018 dataset (CSE-CIC-IDS2018), referred to as CICIDS2018, was used in this study. The eXtreme Gradient Boosting (XGBoost) was used for feature selection and the Minority Oversampling Technique (SMOTE) alongside cost-sensitive learning were utilized to address the imbalanced nature of the CICIDS2018 dataset. The Multilayer Perceptron (MLP), Random Forest (RF), and XGBoost were used to build the ensemble model. A one-vs-all approach was adopted to design an ensemble of the classifiers tailored to detecting a specific class within the dataset. This means that the feature selection process was done for each class, producing multiple datasets based on the number of classes within the dataset. The results of the classifiers are then combined and aggregated using the argmax function. Finally, the proposed model was evaluated against other models, existing works in literature and unknown attacks to see how well the model performs. The results showed that the proposed approach performs better than other approaches achieving a better macro average F1-score of 83.50% and an improved classification of the minority classes, attaining an F1-score of 29.95% and 75.98% in the infiltration and web classes respectively. The infiltration class was seen to be hard to decipher from the benign class and so approaches to properly separate and oversample the infiltration class should be taken to improve the detection of the class.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Intrusion Detection System, CICIDS2018, Cyber Security, Machine Learning, Deep Learning.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Engineering, Science and Mathematics > School of Electronics and Computer Science
Depositing User: AKINWUMI
Date Deposited: 13 Sep 2022 11:38
Last Modified: 13 Sep 2022 11:38
URI: http://eprints.covenantuniversity.edu.ng/id/eprint/16172

Actions (login required)

View Item View Item