Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights
The number of connected IoT devices is increasing significantly due to their many benefits, including automation, improved efficiency and quality of life, and reducing waste. However, these devices have several vulnerabilities that have led to the rapid growth in the number of attacks. Therefore, se...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-11-01
|
| Series: | Information |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2078-2489/15/11/741 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850266976340934656 |
|---|---|
| author | Filippo Genuario Giuseppe Santoro Michele Giliberti Stefania Bello Elvira Zazzera Donato Impedovo |
| author_facet | Filippo Genuario Giuseppe Santoro Michele Giliberti Stefania Bello Elvira Zazzera Donato Impedovo |
| author_sort | Filippo Genuario |
| collection | DOAJ |
| description | The number of connected IoT devices is increasing significantly due to their many benefits, including automation, improved efficiency and quality of life, and reducing waste. However, these devices have several vulnerabilities that have led to the rapid growth in the number of attacks. Therefore, several machine learning-based intrusion detection system (IDS) tools have been developed to detect intrusions and suspicious activity to and from a host (HIDS—Host IDS) or, in general, within the traffic of a network (NIDS—Network IDS). The proposed work performs a comparative analysis and an ablative study among recent machine learning-based NIDSs to develop a benchmark of the different proposed strategies. The proposed work compares both shallow learning algorithms, such as decision trees, random forests, Naïve Bayes, logistic regression, XGBoost, and support vector machines, and deep learning algorithms, such as DNNs, CNNs, and LSTM, whose approach is relatively new in the literature. Also, the ensembles are tested. The algorithms are evaluated on the KDD-99, NSL-KDD, UNSW-NB15, IoT-23, and UNB-CIC IoT 2023 datasets. The results show that the NIDS tools based on deep learning approaches achieve better performance in detecting network anomalies than shallow learning approaches, and ensembles outperform all the other models. |
| format | Article |
| id | doaj-art-e33e83deef3043fa8b14d489612cf99c |
| institution | OA Journals |
| issn | 2078-2489 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Information |
| spelling | doaj-art-e33e83deef3043fa8b14d489612cf99c2025-08-20T01:54:01ZengMDPI AGInformation2078-24892024-11-01151174110.3390/info15110741Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and InsightsFilippo Genuario0Giuseppe Santoro1Michele Giliberti2Stefania Bello3Elvira Zazzera4Donato Impedovo5Invest & Engineering S.r.l., Viale Paolo Borsellino e Giovanni Falcone, 17, 70125 Bari, BA, ItalyInvest & Engineering S.r.l., Viale Paolo Borsellino e Giovanni Falcone, 17, 70125 Bari, BA, ItalyInvest & Engineering S.r.l., Viale Paolo Borsellino e Giovanni Falcone, 17, 70125 Bari, BA, ItalyDigital Innovation S.r.l., Via Edoardo Orabona, 4, 70125 Bari, BA, ItalyKad3 S.r.l., Via Baione, snc, 70043 Monopoli, BA, ItalyDepartment of Computer Science, University of Bari “Aldo Moro”, Piazza Umberto I, 1, 70121 Bari, BA, ItalyThe number of connected IoT devices is increasing significantly due to their many benefits, including automation, improved efficiency and quality of life, and reducing waste. However, these devices have several vulnerabilities that have led to the rapid growth in the number of attacks. Therefore, several machine learning-based intrusion detection system (IDS) tools have been developed to detect intrusions and suspicious activity to and from a host (HIDS—Host IDS) or, in general, within the traffic of a network (NIDS—Network IDS). The proposed work performs a comparative analysis and an ablative study among recent machine learning-based NIDSs to develop a benchmark of the different proposed strategies. The proposed work compares both shallow learning algorithms, such as decision trees, random forests, Naïve Bayes, logistic regression, XGBoost, and support vector machines, and deep learning algorithms, such as DNNs, CNNs, and LSTM, whose approach is relatively new in the literature. Also, the ensembles are tested. The algorithms are evaluated on the KDD-99, NSL-KDD, UNSW-NB15, IoT-23, and UNB-CIC IoT 2023 datasets. The results show that the NIDS tools based on deep learning approaches achieve better performance in detecting network anomalies than shallow learning approaches, and ensembles outperform all the other models.https://www.mdpi.com/2078-2489/15/11/741intrusion detection systemsnetwork traffic monitoringcyber-attack monitoringmachine learningdeep learning |
| spellingShingle | Filippo Genuario Giuseppe Santoro Michele Giliberti Stefania Bello Elvira Zazzera Donato Impedovo Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights Information intrusion detection systems network traffic monitoring cyber-attack monitoring machine learning deep learning |
| title | Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights |
| title_full | Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights |
| title_fullStr | Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights |
| title_full_unstemmed | Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights |
| title_short | Machine Learning-Based Methodologies for Cyber-Attacks and Network Traffic Monitoring: A Review and Insights |
| title_sort | machine learning based methodologies for cyber attacks and network traffic monitoring a review and insights |
| topic | intrusion detection systems network traffic monitoring cyber-attack monitoring machine learning deep learning |
| url | https://www.mdpi.com/2078-2489/15/11/741 |
| work_keys_str_mv | AT filippogenuario machinelearningbasedmethodologiesforcyberattacksandnetworktrafficmonitoringareviewandinsights AT giuseppesantoro machinelearningbasedmethodologiesforcyberattacksandnetworktrafficmonitoringareviewandinsights AT michelegiliberti machinelearningbasedmethodologiesforcyberattacksandnetworktrafficmonitoringareviewandinsights AT stefaniabello machinelearningbasedmethodologiesforcyberattacksandnetworktrafficmonitoringareviewandinsights AT elvirazazzera machinelearningbasedmethodologiesforcyberattacksandnetworktrafficmonitoringareviewandinsights AT donatoimpedovo machinelearningbasedmethodologiesforcyberattacksandnetworktrafficmonitoringareviewandinsights |