CLASSIFICATION OF NETWORK ATTACKS USING MACHINE LEARNING METHODS IN CONDITIONS OF TRAINING DATA IMBALANCE
DOI:
https://doi.org/10.26906/SUNZ.2025.3.064Keywords:
network attacks, classification, machine learning, ensembles, bagging, boosting, quality metrics, SMOTEAbstract
The object of the research is the process of detecting network intrusions. The subject of the research is methods for classifying network intrusions. The aim of the research is to improve the quality and speed of ensemble classifiers in network intrusion classification problems under conditions of imbalance in training data. Methods used: machine learning methods, data preprocessing methods, ensemble classifiers, rebalancing method by synthetic minority augmentation. Results obtained: the effectiveness of using various approaches for classifying network intrusions under conditions of class imbalance in the training sample was investigated. A comprehensive approach was proposed, which involves preprocessing data using the SMOTE method for synthetic balancing of the training sample, as well as its subsequent analysis using ensemble machine learning models, which made it possible to improve the classification performance of minority classes. The best results were obtained when combining SMOTE with ensemble models, in particular Bagging, Gradient Boosting and AdaBoost. Conclusions. Based on the results of the study, an improved approach to network traffic classification was proposed, which combines pre-sampling by the SMOTE method with ensemble algorithms bagging and boosting. The combined use of these methods allowed to improve the value of the Recall metric for minority classes. Overall, the proposed approach provided an improvement in the classification quality: 18% for the Infiltration attack, 33% for the SQL Injection attack and up to 53% for the XSS attack compared to basic machine learning models without additional rebalancing of input data.Downloads
References
1. Akamai Technologies, Inc., "Fighting the Heat: EMEA’s Rising DDoS Threats," State of the Internet / Security, vol. 10, no. 02, 2024. [Online]. Available: https://www.akamai.com/content/dam/site/en/documents/state-of-the-internet/2023/2024/akamaisoti-2024-emea-ddos-report.pdf. Accessed: Jul. 27, 2025.
2. С. М. Лисенко & Р. В. Щука, "Аналіз методів виявлення шкідливого програмного забезпечення в комп’ютерних системах," Вісник Хмельницького національного університету. Технічні науки, no. 2, pp. 101–107, 2020, doi: 10.31891/2307-5732-2020-283-2-101-107. DOI: https://doi.org/10.31891/2307-5732-2020-283-2-101-107
3. L. Diana, P. Dini, and D. Paolini, "Overview on Intrusion Detection Systems for Computers Networking Security," Computers, vol. 14, no. 3, p. 87, 2025, doi: 10.3390/computers14030087. DOI: https://doi.org/10.3390/computers14030087
4. Y. Otoum and A. Nayak, "AS-IDS: Anomaly and Signature Based IDS for the Internet of Things," Journal of Network and Systems Management, vol. 29, p. 23, 2021, doi: 10.1007/s10922-021-09589-6. DOI: https://doi.org/10.1007/s10922-021-09589-6
5. N. Naik, P. Jenkins, N. Savage, L. Yang, K. Naik and J. Song, "Embedding Fuzzy Rules with YARA Rules for Performance Optimisation of Malware Analysis," 2020 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), Glasgow, UK, 2020, pp. 1-7, doi: 10.1109/FUZZ48607.2020.9177856.. DOI: https://doi.org/10.1109/FUZZ48607.2020.9177856
6. О. Заковоротний та А. Хулап, "АНАЛІЗ МОДЕЛЕЙ ВИЯВЛЕННЯ ВТОРГНЕНЬ НА ОСНОВІ НЕЙРОМЕРЕЖ У СИСТЕМАХ ІНТЕРНЕТУ РЕЧЕЙ," Системи управління, навігації та зв’язку. Збірник наукових праць, 2(80), сс. 125-131, doi: 10.26906/SUNZ.2025.2.125. DOI: https://doi.org/10.26906/SUNZ.2025.2.125
7. С. Гавриленко, В. Зозуля, В. Омельченко, "ДОСЛІДЖЕННЯ МЕТОДІВ ПІДВИЩЕННЯ ЯКОСТІ КЛАСИФІКАЦІЇ НА НЕЗБАЛАНСОВАНИХ ДАНИХ", Системи управління навігації та зв’язку. Збірник наукових праць, 2(72), сс. 87-91, 2023, doi: 10.26906/SUNZ.2023.2.087. DOI: https://doi.org/10.26906/SUNZ.2023.2.087
8. O. Hornostal and S. Gavrylenko, “Application of heterogeneous ensembles in problems of computer system state identification,” Advanced Information Systems, vol. 7, no. 4, pp. 5–12, Dec. 2023, doi: 10.20998/2522-9052.2023.4.01. DOI: https://doi.org/10.20998/2522-9052.2023.4.01
9. O. Hornostal and S. Gavrylenko, “Development of a method for identification of the state of computer systems based on bagging classifiers,” Advanced Information Systems, vol. 5, no. 4, pp. 5–9, Dec. 2021, doi: 10.20998/2522-9052.2021.4.01. DOI: https://doi.org/10.20998/2522-9052.2021.4.01
10. H. Chandrasekaran, K. Murugesan, S. C. Mana, B. K. U. A. Barathi, and S. Ramaswamy, “Handling imbalanced data in intrusion detection using time weighted Adaboost support vector machine classifier and crossover boosted Dwarf Mongoose Optimization algorithm,” Applied Soft Computing, vol. 167, p. 112327, 2024. DOI: https://doi.org/10.1016/j.asoc.2024.112327
11. R. Vaishali, “A Hybrid Gradient Boost Model for Intrusion Detection,” in Proc. 2023 7th Int. Conf. on Computing Methodologies and Communication (ICCMC), Erode, India, 2023, pp. 1106–1111, doi: 10.1109/ICCMC56507.2023.10084018. DOI: https://doi.org/10.1109/ICCMC56507.2023.10084018
12. V. Chelak, O. Hornostal, Y. Chelak, and S. Gavrylenko, "ADVANCED METHODS FOR CLASSIFICATION QUALITY ASSESSMENT LEVERAGING ROC ANALYSIS AND MULTIDIMENSIONAL CONFUSION MATRIX," Advanced Information Systems, vol. 9, no. 1, pp. 24–34, 2025, doi: 10.20998/2522-9052.2025.1.03. DOI: https://doi.org/10.20998/2522-9052.2025.1.03
13. R. Panigrahi and S. Borah, "A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems," International Journal of Engineering & Technology, vol. 7, no. 3.24, pp. 479–482, 2018, doi: 10.14419/ijet.v7i3.24.22797.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Oleksii Hornostal, Viktor Chelak
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
