Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An AutoML-based approach for Network Intrusion Detection

Nana Kankam Gyimah, Judith Mwakalonge, Gurcan Comert, Saidi Siuhi, Robert Akinie, Methusela Sulle, Denis Ruganuza, Benibo Izison, Arthur Mukwaya

TL;DR

This paper evaluates AutoML frameworks for network intrusion detection, developing automated algorithms to enhance performance, reduce false positives, and eliminate manual feature selection, while comparing them to traditional machine learning using the NSL-KDD dataset.

Abstract

In this paper, we present an automated machine learning (AutoML) approach for network intrusion detection, leveraging a stacked ensemble model developed using the MLJAR AutoML framework. Our methodology combines multiple machine learning algorithms, including LightGBM, CatBoost, and XGBoost, to enhance detection accuracy and robustness. By automating model selection, feature engineering, and hyperparameter tuning, our approach reduces the manual overhead typically associated with traditional machine learning methods. Extensive experimentation on the NSL-KDD dataset demonstrates that the stacked ensemble model outperforms individual models, achieving high accuracy and minimizing false positives. Our findings underscore the benefits of using AutoML for network intrusion detection, as the AutoML-driven stacked ensemble achieved the highest performance with 90\% accuracy and an 89\% F1 score, outperforming individual models like Random Forest (78\% accuracy, 78\% F1 score), XGBoost and CatBoost (both 80\% accuracy, 80\% F1 score), and LightGBM (78\% accuracy, 78\% F1 score), providing a more adaptable and efficient solution for network security applications.

An AutoML-based approach for Network Intrusion Detection

TL;DR

This paper evaluates AutoML frameworks for network intrusion detection, developing automated algorithms to enhance performance, reduce false positives, and eliminate manual feature selection, while comparing them to traditional machine learning using the NSL-KDD dataset.

Abstract

In this paper, we present an automated machine learning (AutoML) approach for network intrusion detection, leveraging a stacked ensemble model developed using the MLJAR AutoML framework. Our methodology combines multiple machine learning algorithms, including LightGBM, CatBoost, and XGBoost, to enhance detection accuracy and robustness. By automating model selection, feature engineering, and hyperparameter tuning, our approach reduces the manual overhead typically associated with traditional machine learning methods. Extensive experimentation on the NSL-KDD dataset demonstrates that the stacked ensemble model outperforms individual models, achieving high accuracy and minimizing false positives. Our findings underscore the benefits of using AutoML for network intrusion detection, as the AutoML-driven stacked ensemble achieved the highest performance with 90\% accuracy and an 89\% F1 score, outperforming individual models like Random Forest (78\% accuracy, 78\% F1 score), XGBoost and CatBoost (both 80\% accuracy, 80\% F1 score), and LightGBM (78\% accuracy, 78\% F1 score), providing a more adaptable and efficient solution for network security applications.

Paper Structure

This paper contains 14 sections, 14 equations, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Proposed Methodology
  4. Random Forest
  5. XGBoost (Extreme Gradient Boosting)
  6. CatBoost
  7. LightGBM(LGBM)
  8. Dataset, Experiment Setup, Hyper-parameter tuning and Evaluation Metrics
  9. Dataset
  10. Hyper-parameter Tuning
  11. Evaluation Metrics
  12. Experiment Setup
  13. Results and Discussion
  14. Conclusion and Future Work

Figures (3)

  • Figure 1: A comparative overview of traditional ML and AutoML approaches. Traditional ML requires manual steps like data preprocessing, feature extraction, model selection, and tuning, while AutoML automates these tasks, streamlining the workflow from data collection to predictions raj2023automl.
  • Figure 2: Comparison of performance metrics (Accuracy, Precision, Recall, and F1 Score) for individual models (Random Forest, XGBoost, CatBoost, and LGBM) in network intrusion detection, highlighting variations across key metrics.
  • Figure 3: Comparison of accuracy and F1 score across individual models (Random Forest, XGBoost, CatBoost, and LGBM) and the AutoML Stacked Ensemble model. The Stacked Ensemble achieves the highest performance, demonstrating the effectiveness of ensemble stacking for network intrusion detection.