DEVELOPMENT OF A MACHINE LEARNING-BASED CYBER ATTACK DETECTION SYSTEM
Abstract
The rapid growth of cyber threats in networked environments necessitates intelligent and adaptive detection systems. This paper presents the development of a machine learning-based Intrusion Detection System (IDS) capable of identifying diverse cyber attacks with high accuracy and low false positive rates. We propose an ensemble approach combining XGBoost with feature engineering techniques applied on benchmark datasets including NSL-KDD, CICIDS 2017, and UNSW-NB15. The proposed system achieves a detection accuracy of 97.3%, a false positive rate of 2.1%, and a precision of 98.1%, outperforming conventional signature-based and anomaly-based methods. Experimental results validate that the model generalises well across multiple attack categories. The system architecture incorporates real-time data preprocessing, feature selection, model inference, and alert generation modules.
References
[1] Cybersecurity Ventures. (2024). 2024 Cybercrime Report. Cybersecurity Ventures, Northport, NY. Available: https://cybersecurityventures.com/cybercrime-report.
[2] Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 1–6.
[3] Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), 108–116.
[4] Moustafa, N., & Slay, J. (2015). UNSW-NB15: A comprehensive data set for network intrusion detection systems. Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), 1–6.
[5] Kim, J., Kim, J., Kim, H., Shim, M., & Choi, E. (2020). CNN-LSTM-based anomaly detection for network intrusion detection. Symmetry, 12(10), 1697.
[6] Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954–21961.
[7] Farnaaz, N., & Jabbar, M. A. (2016). Random forest modeling for network intrusion detection system. Procedia Computer Science, 89, 213–217.
[8] Chen, T., & Guestrin, C. (2016). XGBoost: A scalable tree boosting system. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 785–794.
[9] Catillo, M., Pecchia, A., & Villano, U. (2021). Characterization of machine learning approaches to detect network anomalies with CICIDS2017. Computers & Security, 108, 102283.
[10] Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1–22.
[11] Vakhidov, I. I. (2025). Evaluation of XGBoost ensemble methods for real-time intrusion detection in heterogeneous networks. Kokand University Andijan Branch Digital Technology Research Series, 3(1), 14–29.
[12] Lashkari, A. H., Draper-Gil, G., Mamun, M. S. I., & Ghorbani, A. A. (2017). Characterization of Tor traffic using time-based features. Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP), 253–262.
