Abstract

Intrusion Detection for CyberSecurity: A Comparative study of Machine Learning, Deep Learning and Transfer Learning Methods


Abstract


With the increasing frequency and sophistication of cyber-attacks, intrusion detection has become a critical cybersecurity component to ensure the resilience and trustworthiness of modern digital systems and networks. Several machine learning and deep learning algorithms have been used. However, there is limited data on the comparative efficacy of these systems. We analyzed the usage of predefined machine learning algorithms (Logistic Regression, Decision Trees, Random Forest, Gaussian Naïve Bayes, Linear Support Vector Machine, and Gradient Boosting) and neural network centered deep learning algorithms (MLP, GRU, LSTM) and their efficiency in intrusion detection. We used the frequently used cybersecurity UNSW-NB15 dataset as our primary input for all the algorithms to test for efficacy. We then used Transfer Learning to build a more efficient model for detecting attacks using the BoT-IoT dataset (which contains a large amount of labelled data for various IoT attacks) for training and the UNSW-NB15 dataset for testing and validation. The data set consisted of around 2 million records with 49 features. By using transfer learning there was a significant increase in the percentage of various attacks detected correctly. Transfer learning appeared to be the best method for detection of the various attack categories, including known and unknown (or ‘zero-day’ attacks). The results need to be validated in larger data sets and ideally on real-time data to further enhance accuracy. There is a definite need to develop better intrusion detection systems that can work on large amounts of live data to keep up with the rapidly evolving cybersecurity threat landscape.




Keywords


Machine learning, Deep learning, Transfer Learning, UNSW-NB15, BoT-IoT, Zero-day attacks