Abstract
Machine learning based anomaly and attack detection is a topic under the spotlight for more than one decade. It is raising a significant research effort worldwide. The reasons of this interest lie in the ability of machine learning to introduce a large part of autonomy in the attacks detection process compared to the classical signature based approach, and then reduces the management cost of networks for NetOps, provides rapid and efficient results, and is prone to detect 0d attacks. This paper confirms this efficiency showing that using the simple Random Forest (RF) algorithms together with features selection allows detection ratio greater than 99%. However, despite a large set of attempts on the training stage for improving this detection ratio, RF never detects 100% of attacks. It especially always misses some attacks in the traffic, especially under-represented ones in the training dataset. False Negatives are certainly the most dramatic events for network security. In addition, it makes adversarial learning very easy to perform. This paper then presents a controversial study on machine learning based attack detection (using the significantly illustrative RF example), and its trustworthiness limits. This paper is then trying to break the current dogma that machine learning is THE solution for future cyber-security systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
For unsupervised learning, both training and detection phases are joint.
References
Elmrabit, N., Zhou, F., Li, F., Zhou, H.: Evaluation of machine learning algorithms for anomaly detection. In: IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security) (2020)
Jain, A.K.: Data clustering: 50 years beyond K-means. Pattern Recogn. Lett. 31(8), 651–666 (2010)
Ahmad, Z., Khan, A.S., Shiang, C.W., Abdullah, J., Ahmad, F.: Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol. 32(1), e4150 (2021)
Kelton, A.P., da Costa, J., Celso, O., Munoz, R., de Albuquerque, C.: Internet of Things: a survey on machine learning-based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019)
Laghrissi, F., Douzi, S., Douzi, K., Hssina, B.: Intrusion detection systems using Long Short-Term Memory (LSTM). J. Big Data 8, 65 (2021)
Alsulaiman, L., Al-Ahmadi, S.: Performance evaluation of machine learning techniques for DoS detection. J. Wirel. Sens. Netw. 10, 17 (2021)
Resende, P.A.A., Drummond, A.C.: A survey of random forest based methods for intrusion detection systems. ACM Comput. Surv. 51(3), 1–36 (2018)
Jiang, J., Wang, Q., Shi, Z., Lv, B., Qi, B.: RST-RF: a hybrid model based on rough set theory and random forest for network intrusion detection. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 77–81 (2018)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP, pp. 108–116 (2018)
RandomForestClassifier Scikit Learn. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClas-sifier.html
RandomOverSampler Imbalanced Learn. https://imbalanced-learn.org/stable/references/generated/imblearn.over_sampling.Random-OverSampler.html
Understanding the decision tree structure Scikit Learn. https://imbalanced-learn.org/stable/references/generated/imblearn.over_sampling.RandomOverSampler.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Vacher, Q., Owezarski, P. (2023). A Controversial Study on Random Forest Accuracy for Attack Detection. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2023, Volume 2. FTC 2023. Lecture Notes in Networks and Systems, vol 814. Springer, Cham. https://doi.org/10.1007/978-3-031-47451-4_41
Download citation
DOI: https://doi.org/10.1007/978-3-031-47451-4_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47450-7
Online ISBN: 978-3-031-47451-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)