Algorithm Selection Framework for Cyber Attack Detection

TL;DR

This paper introduces a framework for selecting optimal algorithms for cyber attack detection using meta-learning and user input, improving upon trial-and-error methods and demonstrating the importance of taxonomy in algorithm performance.

Contribution

It presents a novel algorithm selection framework employing meta-features and user input, and introduces a new machine learning taxonomy for cyber attack detection.

Findings

Meta-learning strategy outperforms rule-of-thumb in algorithm selection.

Framework successfully recommends five algorithms from the taxonomy.

Both strategies identify high-performing algorithms, though not always the best.

Abstract

The number of cyber threats against both wired and wireless computer systems and other components of the Internet of Things continues to increase annually. In this work, an algorithm selection framework is employed on the NSL-KDD data set and a novel paradigm of machine learning taxonomy is presented. The framework uses a combination of user input and meta-features to select the best algorithm to detect cyber attacks on a network. Performance is compared between a rule-of-thumb strategy and a meta-learning strategy. The framework removes the conjecture of the common trial-and-error algorithm selection method. The framework recommends five algorithms from the taxonomy. Both strategies recommend a high-performing algorithm, though not the best performing. The work demonstrates the close connectedness between algorithm selection and the taxonomy for which it is premised.