Abstract
In the ever-evolving landscape of cybersecurity, the integration of machine learning algorithms has become imperative to effectively detect and prevent cyber-attacks. This paper presents a comprehensive comparative study of three powerful boosted tree algorithms: XGBoost, CatBoost, and LightGBM, for network intrusion detection using the CICIDS2017 dataset, pre-processing the data to ensure its reliability, and utilizing the Chi-squared approach for feature selection. Detection model evaluation is performed using precision, recall, and F1-score, shedding light on the performance of each algorithm. Addressing challenges such as explainability and imbalanced data, we explore how these algorithms can enhance the security of digital systems. The literature review highlights the growing interest in the application of boosted trees in cybersecurity. Previous research has showcased the promising results of these algorithms in detecting and mitigating various cyber threats, making them valuable tools for fortifying digital security. XGBoost emerges as the most suitable choice, offering competitive accuracy while being faster in both training and prediction compared to the other algorithms. Additionally, SHAP values help identify key features influencing XGBoost’s predictions, with “Destination Port,” “Init Win bytes backward,” and “Init Win bytes forward” standing out as crucial contributors. The insights gained from this research can aid in developing more robust and transparent intrusion detection systems, by leveraging the power of machine learning algorithms, thus contributing to ongoing efforts in fortifying digital security against a constantly evolving threat landscape.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal (2018)
Salles, G.A.C.M.A., de Castro, P.F., de Carvalho, M.G.H.: Synthetic Network Traffic Data Generation and Classification of Advanced Persistent Threat Samples: A Case Study with GANs and XGBoost. https://www.researchgate.net/publication/322055024_Applying_Machine_Learning_Techniques_to_Detect_Malicious_URLs. Accessed 28 May 2023
Subra, S.B.M., Subramanian, P., Kim, G.H.: An Ensemble Learning Based Approach for Intrusion Detection System in Cloud Computing. https://www.sciencedirect.com/science/article/pii/S1877050920317068. Accessed 28 May 2023
Moustafa, M., Slay, J.: Link A Comparative Analysis of XGBoost and Random Forests for Intrusion Detection https://www.researchgate.net/publication/320634704_A_Comparative_Analysis_of_XGBoost_and_Random_Forests_for_Intrusion_Detection. Accessed 28 May 2023
Al-Saleh, M., Al-Jarrah, O.: Machine Learning Applications in Intrusion Detection System (IDS): A Survey https://www.researchgate.net/publication/318788010_Machine_Learning_Applications_in_Intrusion_Detection_System_IDS_A_Survey. Accessed 28 May 2023
Yacovazzi, J.R., Ya, C.K.Y.: Intrusion Detection Using XGBoost with DNN and LSTM-based Features. https://arxiv.org/abs/1810.00656. Accessed 29 May 2023
Ghaleb, M., Harroud, H., Bakhouya, M.: A Lightweight Ensemble Learning Model for Network Intrusion Detection. https://www.sciencedirect.com/science/article/pii/S1084804520301402. Accessed 29 May 2023
Reddy, S.U.N., Ravi, A.K., Raju, J.S.S.: A Machine Learning Approach for IoT Intrusion Detection System Using XGBoos. https://link.springer.com/chapter/https://doi.org/10.1007/978-981-13-2296-2_8. Accessed 28 May 2023
Khatwani, M.G., Dhote, S.D.: Boosting and Bagging Techniques for Intrusion Detection System: A Survey. https://www.researchgate.net/publication/312645169_Boosting_and_Bagging_Techniques_for_Intrusion_Detection_System_A_Survey. Accessed 28 May 2023
Priyanka, L.K., Suriya, N.R., Sarma, N.V.: A Comparative Study of Machine Learning Algorithms for Intrusion Detection. https://ieeexplore.ieee.org/abstract/document/8651597. Accessed 28 May 2023
Bhattacharya, S., et al.: A Novel PCA-Firefly based XGBoost classification model for Intrusion Detection in Networks using GPU. https://www.researchgate.net/publication/338846393_A_Novel_PCA-Firefly_based_XGBoost_classification_model_for_Intrusion_Detection_in_Networks_using_GPU. Accessed 28 May 2023
Musa, A., Vishi, K., Rexha, B.: Attack analysis of face recognition authentication systems using fast gradient sign method. Appl. Artif. Intell. 35(15), 1346–1360 (2021)
Thaqi, R., Vishi, K., Rexha, B.: Enhancing burp suite with machine learning extension for vulnerability assessment of web applications. J. Appl. Secur. Res. 1–19 (2022)
Amazon Web Services, Inc Amazon SageMaker XGBoost: How It Works. Amazon SageMaker Documentation. https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost-HowItWorks.html. Accessed 28 May 2023
Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A.V., Gulin, A.: CatBoost: unbiased boosting with categorical features by https://arxiv.org/abs/1706.09516). Accessed 28 May 2023
Ke, G., et al.: LightGBM: A highly efficient gradient boosting decision tree for large-scale machine learning. In: Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS 2017) (2017). https://papers.nips.cc/paper/6907-lightgbm-a-highly-efficient-gradient-boosting-decision-tree. Accessed 28 May 2023
Lundberg, S.M., Lee, S.-I.: A unified approach to interpreting model predictions. In: Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS’17), pp. 4765–4774. Curran Associates Inc. (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bytyqi, V., Rexha, B. (2024). Machine Learning Boosted Trees Algorithms in Cybersecurity: A Comprehensive Review. In: Arai, K. (eds) Advances in Information and Communication. FICC 2024. Lecture Notes in Networks and Systems, vol 920. Springer, Cham. https://doi.org/10.1007/978-3-031-53963-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-53963-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53962-6
Online ISBN: 978-3-031-53963-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)