An Explainable Anomaly Detection Benchmark of Gradient Boosting Algorithms for Network Intrusion Detection Systems

Nowadays, protecting computer systems by preventing malicious network attacks is a vital topic. In recent years, ma-chine learning-based network intrusion detection systems (NIDS) started showing effective results. While the task of classifying cyber attacks in NIDS has been studied extensively in t...

Full description

Saved in:
Bibliographic Details
Main Authors: Yilmaz, Merve Nur, Bardak, Batuhan
Format: Conference Proceeding
Language:English
Subjects:
Benchmark testing
Boosting
ensemble learning
Intrusion detection system
machine learning
Network intrusion detection
Neural networks
Prediction algorithms
SHAP
Shapley value
Technological innovation
Training
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Nowadays, protecting computer systems by preventing malicious network attacks is a vital topic. In recent years, ma-chine learning-based network intrusion detection systems (NIDS) started showing effective results. While the task of classifying cyber attacks in NIDS has been studied extensively in the literature, there is no comprehensive benchmark study with gradient boosting algorithms on recent open-source datasets. This paper aims to evaluate different gradient boosting-based algorithm performances including XGBoost, CatBoost, and LightGBM on different open-source NIDS datasets such as CIC-IDS2017, CSE-CIC-IDS2018, and INSDN. Furthermore, the SHapley Additive exPlanations (SHAP) is applied to increase the interpretability of the models and investigate the relationship between cyber attacks and the network features. Our experimental results demonstrate that the XGBoost model consistently outperforms other comparative models in F1 score for all datasets. At the same time, we compare the training/inference time of different gradient boosting algorithms which is an important constraint for real-time intrusion detection systems. Moreover, the different important features between different datasets can help data sci-entists for designing better artificial intelligence-based intrusion detection algorithms.
ISSN:2770-7946
DOI:10.1109/ASYU56188.2022.9925451