Network-based Intrusion Detection: A One-class Classification Approach

The adoption of new technologies and the increasing amount of connected devices have drawn the attention of cyberattackers, whose intentions are oriented to disturb computational services or even steal critical information. This poses new challenges in the design of Intrusion Detection Systems (IDS), which are in charge of detecting threats. When dealing with unknown cyber-attacks, anomaly-based IDS (AIDS) have drawn the attention of the research community, since they could detect, for instance, zero-day attacks. A recurrent critical aspect in the design of these systems is the training procedures. In the context of attack detection, training involves difficulties due to the imbalanced nature (one class much more represented than the other) of the associated data sets. Hence, approaches to address the class imbalance are always relevant. In this work, we present the evaluation of different machine learning (ML) algorithms, known as one-class classifiers, that hold the potential to be implemented over an AIDS. For this task, we used the UNSWNB15, comparing their performance using pertinent metrics that are normally used to assess an attack detection algorithm.