Mochamad Sanwasih, Fajar Septian, Ristasari Dwi Septiana

Deteksi Intrusi Jaringan Berbasis Machine Learning Menggunakan Model Boosting dengan Session-Level Feature Representation

Introduction

Deteksi intrusi jaringan berbasis machine learning menggunakan model boosting dengan session-level feature representation. Deteksi intrusi jaringan lebih adaptif menggunakan machine learning model boosting (XGBoost, LightGBM) dengan representasi fitur level sesi. Tingkatkan akurasi & F1-score.

Abstract

The increasing complexity of network security threats demands intrusion detection systems that are both contextual and adaptive. Conventional signature-based Intrusion Detection Systems (IDS) suffer from limitations in detecting emerging and previously unseen attack patterns, making machine learning–based approaches a more flexible alternative. However, fragmented packet-level feature representations still limit the ability of models to capture network behavior comprehensively. This study aims to evaluate the performance of boosting models, namely XGBoost and LightGBM, using the publicly available Cybersecurity Intrusion Detection Dataset from Kaggle, which represents network activity at the session level. The proposed approach develops a session-level feature representation based on aggregated and ratio-based features to capture network behavior characteristics more comprehensively. Experimental results demonstrate that the implementation of session-level feature representation yields consistent improvements across multiple evaluation metrics. Accuracy increased from 0.8779 to 0.8847, while the F1-score improved from 0.8452 to 0.8525 for XGBoost and from 0.8455 to 0.8523 for LightGBM. Furthermore, ROC-AUC increased from 0.8789 to 0.8844 for XGBoost and from 0.8793 to 0.8859 for LightGBM. Although the improvement in accuracy is relatively moderate, the gains in F1-score and ROC-AUC indicate enhanced discriminative capability and a better balance between precision and recall. The main contribution of this study lies in the integration of session-level feature engineering with boosting models within a systematic evaluation framework, emphasizing the critical role of behavioral feature representation in improving intrusion detection performance.

Review

This study tackles the increasingly complex challenge of network security by proposing an enhanced machine learning-based intrusion detection system (IDS). Recognizing the limitations of traditional signature-based methods and fragmented packet-level data, the authors introduce and evaluate a novel approach utilizing boosting models, specifically XGBoost and LightGBM, coupled with a session-level feature representation. The core contribution lies in the systematic integration of sophisticated feature engineering—based on aggregated and ratio-based features—with these advanced models, demonstrating a consistent improvement in intrusion detection performance across multiple evaluation metrics. The methodology employed is robust, leveraging state-of-the-art boosting algorithms and a publicly available dataset, which enhances the reproducibility and verifiability of the results. The strength of this work particularly shines in its development of a comprehensive session-level feature representation, effectively addressing the limitations inherent in packet-level data by providing a more holistic view of network behavior. The reported improvements in F1-score and ROC-AUC, alongside a moderate increase in accuracy, convincingly support the authors' assertion of enhanced discriminative capability and a better balance between precision and recall, crucial aspects for effective IDS. While the demonstrated improvements are valuable and contribute meaningfully to the field of cybersecurity, an expert reviewer would also consider the practical implications of the "relatively moderate" accuracy gain within real-world operational environments. Further discussion on the computational resources required for real-time session-level feature generation, or an analysis of the approach's robustness against a wider array of novel and sophisticated attack vectors beyond those present in the specific dataset, would enrich the study's practical relevance. Nevertheless, this paper makes a significant contribution by underscoring the critical role of advanced behavioral feature engineering in advancing the capabilities of machine learning-based intrusion detection systems.

Full Text

Comments

You need to be logged in to post a comment.