Network Threat Detection: Addressing Class Imbalanced Data with Deep Forest

TL;DR

This paper evaluates machine learning methods for IoT malware detection, focusing on class imbalance issues, and finds that ensemble methods like gcForest with resampling improve detection accuracy.

Contribution

It introduces an empirical analysis of imbalance handling techniques combined with ensemble methods for IoT threat detection, highlighting gcForest's effectiveness.

Findings

gcForest with resampling outperforms traditional methods

Addressing class imbalance improves detection performance

Ensemble methods are effective for IoT malware detection

Abstract

With the rapid expansion of Internet of Things (IoT) networks, detecting malicious traffic in real-time has become a critical cybersecurity challenge. This research addresses the detection challenges by presenting a comprehensive empirical analysis of machine learning techniques for malware detection using the IoT-23 dataset provided by the Stratosphere Laboratory. We address the significant class imbalance within the dataset through three resampling strategies. We implement and compare a few machine learning techniques. Our findings demonstrate that the combination of appropriate imbalance treatment techniques with ensemble methods, particularly gcForest, achieves better detection performance compared to traditional approaches. This work contributes significantly to the development of more intelligent and efficient automated threat detection systems for IoT environments, helping to secure critical infrastructure against sophisticated cyber attacks while optimizing computational resource usage.