Evaluation of Machine Learning Algorithms for Anomaly Detection

Nebrase Elmrabit; Feixiang Zhou; Fengyin Li; Huiyu Zhou

doi:10.1109/CyberSecurity49315.2020.9138871

Evaluation of Machine Learning Algorithms for Anomaly Detection

Nebrase Elmrabit, Feixiang Zhou, Fengyin Li, Huiyu Zhou

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

146 Citations (Scopus)

Abstract

Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

Original language	English
Title of host publication	International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Number of pages	8
ISBN (Electronic)	9781728164281
DOIs	https://doi.org/10.1109/CyberSecurity49315.2020.9138871
Publication status	Published - 13 Jul 2020
Externally published	Yes
Event	2020 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020 - Virtual, Online, Ireland Duration: 15 Jun 2020 → 19 Jun 2020

Publication series

Name	International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020

Conference

Conference	2020 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020
Country/Territory	Ireland
City	Virtual, Online
Period	15/06/2020 → 19/06/2020

Bibliographical note

Funding Information:
This work was funded by EU Horizon 2020 DOMINOES Project (Grant Number: 771066).

Publisher Copyright:
© 2020 IEEE.

Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.

Keywords

anomaly detection
Cyber Security
deep learning
intrusion detection
machine learning
smart grid

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Artificial Intelligence
Computational Theory and Mathematics
Computer Networks and Communications
Information Systems and Management

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/CyberSecurity49315.2020.9138871Licence: Unspecified

Cite this

Elmrabit, N., Zhou, F., Li, F., & Zhou, H. (2020). Evaluation of Machine Learning Algorithms for Anomaly Detection. In International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020 Article 9138871 (International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CyberSecurity49315.2020.9138871

Elmrabit, Nebrase ; Zhou, Feixiang ; Li, Fengyin et al. / Evaluation of Machine Learning Algorithms for Anomaly Detection. International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020. Institute of Electrical and Electronics Engineers Inc., 2020. (International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020).

@inproceedings{25f2e26814e14daea7c5e9c91f9f0a72,

title = "Evaluation of Machine Learning Algorithms for Anomaly Detection",

abstract = "Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system. ",

keywords = "anomaly detection, Cyber Security, deep learning, intrusion detection, machine learning, smart grid",

author = "Nebrase Elmrabit and Feixiang Zhou and Fengyin Li and Huiyu Zhou",

note = "Funding Information: This work was funded by EU Horizon 2020 DOMINOES Project (Grant Number: 771066). Publisher Copyright: {\textcopyright} 2020 IEEE. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.; 2020 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020 ; Conference date: 15-06-2020 Through 19-06-2020",

year = "2020",

month = jul,

day = "13",

doi = "10.1109/CyberSecurity49315.2020.9138871",

language = "English",

series = "International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020",

address = "United States",

}

Elmrabit, N, Zhou, F, Li, F & Zhou, H 2020, Evaluation of Machine Learning Algorithms for Anomaly Detection. in International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020., 9138871, International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020, Institute of Electrical and Electronics Engineers Inc., 2020 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020, Virtual, Online, Ireland, 15/06/2020. https://doi.org/10.1109/CyberSecurity49315.2020.9138871

Evaluation of Machine Learning Algorithms for Anomaly Detection. / Elmrabit, Nebrase; Zhou, Feixiang; Li, Fengyin et al.
International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020. Institute of Electrical and Electronics Engineers Inc., 2020. 9138871 (International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Evaluation of Machine Learning Algorithms for Anomaly Detection

AU - Elmrabit, Nebrase

AU - Zhou, Feixiang

AU - Li, Fengyin

AU - Zhou, Huiyu

N1 - Funding Information: This work was funded by EU Horizon 2020 DOMINOES Project (Grant Number: 771066). Publisher Copyright: © 2020 IEEE. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.

PY - 2020/7/13

Y1 - 2020/7/13

N2 - Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

AB - Malicious attack detection is one of the critical cyber-security challenges in the peer-to-peer smart grid platforms due to the fact that attackers' behaviours change continuously over time. In this paper, we evaluate twelve Machine Learning (ML) algorithms in terms of their ability to detect anomalous behaviours over the networking practice. The evaluation is performed on three publicly available datasets: CICIDS-2017, UNSW-NB15 and the Industrial Control System (ICS) cyber-attack datasets. The experimental work is performed through the ALICE high-performance computing facility at the University of Leicester. Based on these experiments, a comprehensive analysis of the ML algorithms is presented. The evaluation results verify that the Random Forest (RF) algorithm achieves the best performance in terms of accuracy, precision, Recall, F1-Score and Receiver Operating Characteristic (ROC) curves on all these datasets. It is worth pointing out that other algorithms perform closely to RF and that the decision regarding which ML algorithm to select depends on the data produced by the application system.

KW - anomaly detection

KW - Cyber Security

KW - deep learning

KW - intrusion detection

KW - machine learning

KW - smart grid

U2 - 10.1109/CyberSecurity49315.2020.9138871

DO - 10.1109/CyberSecurity49315.2020.9138871

M3 - Conference contribution

AN - SCOPUS:85091978358

T3 - International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020

BT - International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2020 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020

Y2 - 15 June 2020 through 19 June 2020

ER -

Elmrabit N, Zhou F, Li F, Zhou H. Evaluation of Machine Learning Algorithms for Anomaly Detection. In International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020. Institute of Electrical and Electronics Engineers Inc. 2020. 9138871. (International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2020). doi: 10.1109/CyberSecurity49315.2020.9138871

Evaluation of Machine Learning Algorithms for Anomaly Detection

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Fingerprint

Cite this