Detecting and Mitigating Advanced Persistent Threats using Machine Learning Techniques

No Thumbnail Available
Kannankeril George, Charles Libin
Issue Date
MSc in Cyber Security
Dublin Business School
Intrusion detection systems play a pivotal role in safeguarding networks by analyzing network data to identify potential intrusions. The effectiveness of these systems relies on achieving high accuracy and detection rates while maintaining low false alarm rates. To analyze network data, a variety of techniques, including expert systems, data mining, and state transition analysis, are commonly employed. This project focuses on feature selection utilizing Recursive Feature Elimination (RFE) to enhance the performance of intrusion detection systems. Subsequently, attack detection is carried out on the NSL-KDD dataset using various machine learning algorithms, namely Random Forest, K-Neighbors, and Support Vector Classifier. Additionally, an Ensemble Learning approach is implemented, combining the outputs of all models for classification purposes. The primary aim is to conduct accuracy comparisons among the individual machine learning models and the Ensemble Learning framework. The study demonstrates the application of machine learning algorithms for intrusion detection on the NSL-KDD dataset. Random Forest, K-Neighbors, and Support Vector Classifier serve as standalone models in this project. Moreover, an Ensemble Learning methodology is utilized to harness the collective decision-making capabilities of all models. The project rigorously evaluates the accuracy of each model and the Ensemble Learning technique. Through meticulous accuracy comparisons conducted on the NSL-KDD dataset, this project provides insights into the efficacy of diverse machine learning approaches for intrusion detection. By employing feature selection techniques and evaluating various models, the study contributes to understanding the strengths and limitations of individual algorithms and highlights the potential advantages offered by Ensemble Learning in enhancing the accuracy of intrusion detection systems.