Premium
Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset
Author(s) -
Bagui Sikha,
Kalaimannan Ezhil,
Bagui Subhash,
Nandi Debarghya,
Pinto Anthony
Publication year - 2019
Publication title -
security and privacy
Language(s) - English
Resource type - Journals
ISSN - 2475-6725
DOI - 10.1002/spy2.91
Subject(s) - c4.5 algorithm , feature selection , computer science , feature (linguistics) , decision tree , artificial intelligence , naive bayes classifier , machine learning , constant false alarm rate , selection (genetic algorithm) , pattern recognition (psychology) , data mining , support vector machine , linguistics , philosophy
This paper uses a hybrid feature selection process and classification techniques to classify cyber‐attacks in the UNSW‐NB15 dataset. A combination of k ‐means clustering, and a correlation‐based feature selection, were used to come up with an optimum subset of features and then two classification techniques, one probabilistic, Naïve Bayes (NB), and a second, based on decision trees (J48), were employed. Our results show that this hybrid feature selection method in combination with the NB model was able to improve the classification accuracy of most attacks, especially the rare attacks. The false alarm rates were lower for most of the attacks, and particularly the rare attacks, with this combination of feature selection and the NB model. The J48 decision tree model, however, did not perform any better with the feature selection, but its classification rate for all attack families was already very high, with or without feature selection.