Evaluation of machine learning algorithms for anomaly detection

Nebrase Elmrabit, Feixiang Zhou, Fengyin Li, Huiyu Zhou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

90 Citations (Scopus)
1943 Downloads (Pure)


Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.
Original languageEnglish
Title of host publication2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
Number of pages8
ISBN (Electronic)9781728164281
ISBN (Print)9781728164298
Publication statusPublished - Jun 2020
EventInternational Conference on Cyber Security and Protection of Digital Services - Online
Duration: 15 Jun 202019 Jun 2020
https://www.c-mric.com/cs2020 (Link to conference website)


ConferenceInternational Conference on Cyber Security and Protection of Digital Services
Abbreviated titleCyber Security 2020
Internet address


  • cyber security, intrusion detection, anomaly detection, machine learning, deep learning, smart grid
  • deep learning
  • smart grid
  • Cyber Security
  • anomaly detection
  • intrusion detection
  • machine learning

ASJC Scopus subject areas

  • Information Systems and Management
  • Artificial Intelligence
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Computational Theory and Mathematics


Dive into the research topics of 'Evaluation of machine learning algorithms for anomaly detection'. Together they form a unique fingerprint.

Cite this