A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks

Arif Rahman Hakim; Kalamullah Ramli; Kuni Inayah; Esti Rahmawati Agustina

doi:10.1109/ICITSI65188.2024.10929455

A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks

Arif Rahman Hakim, Kalamullah Ramli, Kuni Inayah, Esti Rahmawati Agustina

Department of Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Imbalanced datasets pose a significant challenge in intrusion detection, often reducing model performance in classifying attacks. This study evaluates the impact of three resampling techniques, BorderlineSMOTE, SMOTEENN, and SMOTETomek, on the performance of three popular classifiers: Random Forest, XGBoost, and SupportVector Machine (SVM). Using a dataset of over 2.5 million attack records generated by the BSSN honeynet targeting government networks, we assess accuracy, precision, recall, F1-score, specificity, and geometric mean. Results reveal that SMOTEENN consistently delivers superior performance across all classifiers, with notable efficiency in balancing data and enhancing detection accuracy. These findings underscore the importance of selecting the proper resampling technique and classifier for improving intrusion detection in imbalanced datasets.

Original language	English
Title of host publication	2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	106-111
Number of pages	6
ISBN (Electronic)	9798331511470
DOIs	https://doi.org/10.1109/ICITSI65188.2024.10929455
Publication status	Published - 2024
Event	2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Hybrid, Bandung, Indonesia Duration: 12 Dec 2024 → …

Publication series

Name	2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings

Conference

Conference	2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024
Country/Territory	Indonesia
City	Hybrid, Bandung
Period	12/12/24 → …

Keywords

exfiltration
honeynet
imbalance
machine learning
resampling

Access to Document

10.1109/ICITSI65188.2024.10929455

Cite this

Hakim, A. R., Ramli, K., Inayah, K., & Agustina, E. R. (2024). A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks. In 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings (pp. 106-111). (2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICITSI65188.2024.10929455

Hakim, Arif Rahman ; Ramli, Kalamullah ; Inayah, Kuni et al. / A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks. 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 106-111 (2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings).

@inproceedings{54ebf961c7084ab0ad3096f44b3e849d,

title = "A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks",

abstract = "Imbalanced datasets pose a significant challenge in intrusion detection, often reducing model performance in classifying attacks. This study evaluates the impact of three resampling techniques, BorderlineSMOTE, SMOTEENN, and SMOTETomek, on the performance of three popular classifiers: Random Forest, XGBoost, and SupportVector Machine (SVM). Using a dataset of over 2.5 million attack records generated by the BSSN honeynet targeting government networks, we assess accuracy, precision, recall, F1-score, specificity, and geometric mean. Results reveal that SMOTEENN consistently delivers superior performance across all classifiers, with notable efficiency in balancing data and enhancing detection accuracy. These findings underscore the importance of selecting the proper resampling technique and classifier for improving intrusion detection in imbalanced datasets.",

keywords = "exfiltration, honeynet, imbalance, machine learning, resampling",

author = "Hakim, {Arif Rahman} and Kalamullah Ramli and Kuni Inayah and Agustina, {Esti Rahmawati}",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 ; Conference date: 12-12-2024",

year = "2024",

doi = "10.1109/ICITSI65188.2024.10929455",

language = "English",

series = "2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "106--111",

booktitle = "2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings",

address = "United States",

}

Hakim, AR, Ramli, K, Inayah, K & Agustina, ER 2024, A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks. in 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings. 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 106-111, 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024, Hybrid, Bandung, Indonesia, 12/12/24. https://doi.org/10.1109/ICITSI65188.2024.10929455

A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks. / Hakim, Arif Rahman; Ramli, Kalamullah; Inayah, Kuni et al.
2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. p. 106-111 (2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks

AU - Hakim, Arif Rahman

AU - Ramli, Kalamullah

AU - Inayah, Kuni

AU - Agustina, Esti Rahmawati

PY - 2024

Y1 - 2024

N2 - Imbalanced datasets pose a significant challenge in intrusion detection, often reducing model performance in classifying attacks. This study evaluates the impact of three resampling techniques, BorderlineSMOTE, SMOTEENN, and SMOTETomek, on the performance of three popular classifiers: Random Forest, XGBoost, and SupportVector Machine (SVM). Using a dataset of over 2.5 million attack records generated by the BSSN honeynet targeting government networks, we assess accuracy, precision, recall, F1-score, specificity, and geometric mean. Results reveal that SMOTEENN consistently delivers superior performance across all classifiers, with notable efficiency in balancing data and enhancing detection accuracy. These findings underscore the importance of selecting the proper resampling technique and classifier for improving intrusion detection in imbalanced datasets.

AB - Imbalanced datasets pose a significant challenge in intrusion detection, often reducing model performance in classifying attacks. This study evaluates the impact of three resampling techniques, BorderlineSMOTE, SMOTEENN, and SMOTETomek, on the performance of three popular classifiers: Random Forest, XGBoost, and SupportVector Machine (SVM). Using a dataset of over 2.5 million attack records generated by the BSSN honeynet targeting government networks, we assess accuracy, precision, recall, F1-score, specificity, and geometric mean. Results reveal that SMOTEENN consistently delivers superior performance across all classifiers, with notable efficiency in balancing data and enhancing detection accuracy. These findings underscore the importance of selecting the proper resampling technique and classifier for improving intrusion detection in imbalanced datasets.

KW - exfiltration

KW - honeynet

KW - imbalance

KW - machine learning

KW - resampling

UR - http://www.scopus.com/inward/record.url?scp=105002484221&partnerID=8YFLogxK

U2 - 10.1109/ICITSI65188.2024.10929455

DO - 10.1109/ICITSI65188.2024.10929455

M3 - Conference contribution

AN - SCOPUS:105002484221

T3 - 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings

SP - 106

EP - 111

BT - 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024

Y2 - 12 December 2024

ER -

Hakim AR, Ramli K, Inayah K, Agustina ER. A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks. In 2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2024. p. 106-111. (2024 International Conference on Information Technology Systems and Innovation, ICITSI 2024 - Proceedings). doi: 10.1109/ICITSI65188.2024.10929455

A Comparative Analysis of Cross-Classifiers with Resampled Datasets for Exfiltration Attacks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this