Skip to main content
SpringerLink
Log in

Machine Learning Boosted Trees Algorithms in Cybersecurity: A Comprehensive Review

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2024)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 920))

Included in the following conference series:

  • 191 Accesses

Abstract

In the ever-evolving landscape of cybersecurity, the integration of machine learning algorithms has become imperative to effectively detect and prevent cyber-attacks. This paper presents a comprehensive comparative study of three powerful boosted tree algorithms: XGBoost, CatBoost, and LightGBM, for network intrusion detection using the CICIDS2017 dataset, pre-processing the data to ensure its reliability, and utilizing the Chi-squared approach for feature selection. Detection model evaluation is performed using precision, recall, and F1-score, shedding light on the performance of each algorithm. Addressing challenges such as explainability and imbalanced data, we explore how these algorithms can enhance the security of digital systems. The literature review highlights the growing interest in the application of boosted trees in cybersecurity. Previous research has showcased the promising results of these algorithms in detecting and mitigating various cyber threats, making them valuable tools for fortifying digital security. XGBoost emerges as the most suitable choice, offering competitive accuracy while being faster in both training and prediction compared to the other algorithms. Additionally, SHAP values help identify key features influencing XGBoost’s predictions, with “Destination Port,” “Init Win bytes backward,” and “Init Win bytes forward” standing out as crucial contributors. The insights gained from this research can aid in developing more robust and transparent intrusion detection systems, by leveraging the power of machine learning algorithms, thus contributing to ongoing efforts in fortifying digital security against a constantly evolving threat landscape.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal (2018)

    Google Scholar 

  2. Salles, G.A.C.M.A., de Castro, P.F., de Carvalho, M.G.H.: Synthetic Network Traffic Data Generation and Classification of Advanced Persistent Threat Samples: A Case Study with GANs and XGBoost. https://www.researchgate.net/publication/322055024_Applying_Machine_Learning_Techniques_to_Detect_Malicious_URLs. Accessed 28 May 2023

  3. Subra, S.B.M., Subramanian, P., Kim, G.H.: An Ensemble Learning Based Approach for Intrusion Detection System in Cloud Computing. https://www.sciencedirect.com/science/article/pii/S1877050920317068. Accessed 28 May 2023

  4. Moustafa, M., Slay, J.: Link A Comparative Analysis of XGBoost and Random Forests for Intrusion Detection https://www.researchgate.net/publication/320634704_A_Comparative_Analysis_of_XGBoost_and_Random_Forests_for_Intrusion_Detection. Accessed 28 May 2023

  5. Al-Saleh, M., Al-Jarrah, O.: Machine Learning Applications in Intrusion Detection System (IDS): A Survey https://www.researchgate.net/publication/318788010_Machine_Learning_Applications_in_Intrusion_Detection_System_IDS_A_Survey. Accessed 28 May 2023

  6. Yacovazzi, J.R., Ya, C.K.Y.: Intrusion Detection Using XGBoost with DNN and LSTM-based Features. https://arxiv.org/abs/1810.00656. Accessed 29 May 2023

  7. Ghaleb, M., Harroud, H., Bakhouya, M.: A Lightweight Ensemble Learning Model for Network Intrusion Detection. https://www.sciencedirect.com/science/article/pii/S1084804520301402. Accessed 29 May 2023

  8. Reddy, S.U.N., Ravi, A.K., Raju, J.S.S.: A Machine Learning Approach for IoT Intrusion Detection System Using XGBoos. https://link.springer.com/chapter/https://doi.org/10.1007/978-981-13-2296-2_8. Accessed 28 May 2023

  9. Khatwani, M.G., Dhote, S.D.: Boosting and Bagging Techniques for Intrusion Detection System: A Survey. https://www.researchgate.net/publication/312645169_Boosting_and_Bagging_Techniques_for_Intrusion_Detection_System_A_Survey. Accessed 28 May 2023

  10. Priyanka, L.K., Suriya, N.R., Sarma, N.V.: A Comparative Study of Machine Learning Algorithms for Intrusion Detection. https://ieeexplore.ieee.org/abstract/document/8651597. Accessed 28 May 2023

  11. Bhattacharya, S., et al.: A Novel PCA-Firefly based XGBoost classification model for Intrusion Detection in Networks using GPU. https://www.researchgate.net/publication/338846393_A_Novel_PCA-Firefly_based_XGBoost_classification_model_for_Intrusion_Detection_in_Networks_using_GPU. Accessed 28 May 2023

  12. Musa, A., Vishi, K., Rexha, B.: Attack analysis of face recognition authentication systems using fast gradient sign method. Appl. Artif. Intell. 35(15), 1346–1360 (2021)

    Article  Google Scholar 

  13. Thaqi, R., Vishi, K., Rexha, B.: Enhancing burp suite with machine learning extension for vulnerability assessment of web applications. J. Appl. Secur. Res. 1–19 (2022)

    Google Scholar 

  14. Amazon Web Services, Inc Amazon SageMaker XGBoost: How It Works. Amazon SageMaker Documentation. https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost-HowItWorks.html. Accessed 28 May 2023

  15. Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A.V., Gulin, A.: CatBoost: unbiased boosting with categorical features by https://arxiv.org/abs/1706.09516). Accessed 28 May 2023

  16. Ke, G., et al.: LightGBM: A highly efficient gradient boosting decision tree for large-scale machine learning. In: Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS 2017) (2017). https://papers.nips.cc/paper/6907-lightgbm-a-highly-efficient-gradient-boosting-decision-tree. Accessed 28 May 2023

  17. Lundberg, S.M., Lee, S.-I.: A unified approach to interpreting model predictions. In: Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS’17), pp. 4765–4774. Curran Associates Inc. (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Prishtina, Kodra e Diellit Pn., 10000, Prishtina, Kosovo

    Vegim Bytyqi & Blerim Rexha

Authors
  1. Vegim Bytyqi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Blerim Rexha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Blerim Rexha .

Editor information

Editors and Affiliations

  1. Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bytyqi, V., Rexha, B. (2024). Machine Learning Boosted Trees Algorithms in Cybersecurity: A Comprehensive Review. In: Arai, K. (eds) Advances in Information and Communication. FICC 2024. Lecture Notes in Networks and Systems, vol 920. Springer, Cham. https://doi.org/10.1007/978-3-031-53963-3_12

Download citation

Publish with us

Policies and ethics

Search

Navigation