Evaluation of machine learning algorithms for anomaly detection

Nebrase Elmrabit; Feixiang Zhou; Fengyin Li; Huiyu Zhou

doi:10.1109/CyberSecurity49315.2020.9138871

Evaluation of machine learning algorithms for anomaly detection

Nebrase Elmrabit, Feixiang Zhou, Fengyin Li, Huiyu Zhou

Cyber Security and Networks

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

134 Citations (Scopus)

2247 Downloads (Pure)

Abstract

Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

Original language	English
Title of host publication	2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Publisher	IEEE
Number of pages	8
ISBN (Electronic)	9781728164281
ISBN (Print)	9781728164298
DOIs	https://doi.org/10.1109/CyberSecurity49315.2020.9138871
Publication status	Published - Jun 2020
Event	International Conference on Cyber Security and Protection of Digital Services - Online Duration: 15 Jun 2020 → 19 Jun 2020 https://www.c-mric.com/cs2020 (Link to conference website)

Conference

Conference	International Conference on Cyber Security and Protection of Digital Services
Abbreviated title	Cyber Security 2020
Period	15/06/20 → 19/06/20
Internet address	https://www.c-mric.com/cs2020 (Link to conference website)

Keywords

cyber security, intrusion detection, anomaly detection, machine learning, deep learning, smart grid
deep learning
smart grid
Cyber Security
anomaly detection
intrusion detection
machine learning

ASJC Scopus subject areas

Information Systems and Management
Artificial Intelligence
Safety, Risk, Reliability and Quality
Computer Networks and Communications
Computational Theory and Mathematics

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Documents and Links

10.1109/CyberSecurity49315.2020.9138871

Elmrabit, N. et al (2020) Evaluation of machine learning algorithms for anomaly detection
Copyright © 2020 IEEE. This is a post-peer review, pre-copy edited version of the article and may differ slightly from the final published version of the work. This work is made available in line with the publisher policy. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
Author accepted manuscript, 1 MB

Cite this

@inproceedings{cd2e3efc769f4f8b845d01593eeb8ad8,

title = "Evaluation of machine learning algorithms for anomaly detection",

abstract = "Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.",

keywords = "cyber security, intrusion detection, anomaly detection, machine learning, deep learning, smart grid, deep learning, smart grid, Cyber Security, anomaly detection, intrusion detection, machine learning",

author = "Nebrase Elmrabit and Feixiang Zhou and Fengyin Li and Huiyu Zhou",

note = "Acceptance in SAN AAM: no embargo; International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020 ; Conference date: 15-06-2020 Through 19-06-2020",

year = "2020",

month = jun,

doi = "10.1109/CyberSecurity49315.2020.9138871",

language = "English",

isbn = "9781728164298",

booktitle = "2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)",

publisher = "IEEE",

address = "United States",

url = "https://www.c-mric.com/cs2020",

}

Elmrabit, N, Zhou, F, Li, F & Zhou, H 2020, Evaluation of machine learning algorithms for anomaly detection. in 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)., 9138871, IEEE, International Conference on Cyber Security and Protection of Digital Services, 15/06/20. https://doi.org/10.1109/CyberSecurity49315.2020.9138871

TY - GEN

T1 - Evaluation of machine learning algorithms for anomaly detection

AU - Elmrabit, Nebrase

AU - Zhou, Feixiang

AU - Li, Fengyin

AU - Zhou, Huiyu

N1 - Acceptance in SAN AAM: no embargo

PY - 2020/6

Y1 - 2020/6

N2 - Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

AB - Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

KW - cyber security, intrusion detection, anomaly detection, machine learning, deep learning, smart grid

KW - deep learning

KW - smart grid

KW - Cyber Security

KW - anomaly detection

KW - intrusion detection

KW - machine learning

U2 - 10.1109/CyberSecurity49315.2020.9138871

DO - 10.1109/CyberSecurity49315.2020.9138871

M3 - Conference contribution

SN - 9781728164298

BT - 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

PB - IEEE

T2 - International Conference on Cyber Security and Protection of Digital Services

Y2 - 15 June 2020 through 19 June 2020

ER -

Evaluation of machine learning algorithms for anomaly detection

Abstract

Conference

Keywords

ASJC Scopus subject areas

UN SDGs

Documents and Links

Fingerprint

Cite this