The Effectiveness of Deploying Machine Learning Techniques in Information Security to Detect Nine Attacks: UNSW-NB15 Dataset as a Case Study

Abstract

The expanding landscape of cyber threats, alongside the diminished effectiveness of traditional detection methods, has necessitated the exploration of machine learning (ML) techniques in information security. This study investigates the potential of various ML techniques in detecting a myriad of network threats using the UNSW-NB15 dataset, a comprehensive repository of diverse network attack instances. The dataset is initially analyzed and subsequently prepared for ML algorithms by transforming non-numerical attributes into numerical features using the popular “Label Encoder” encoding method. Subsequently, an array of ML techniques, including Decision Tree, Random Forest, Gradient Boosting, XGB, AdaBoost, MLP, and Voting, is deployed on the prepared dataset. Three experimental setups were designed: 1) Binary classification to distinguish between normal and malicious attack types. 2) Multiclass classification to differentiate among various malicious attack types. 3) An enhancement experiment to improve upon the second experimental setup. These experiments were conducted to evaluate the ability of each algorithm to discern among the malicious attack types represented in the UNSW-NB15 dataset. The results suggest that the voting classifier exhibited superior performance in the attack detection process. Furthermore, the XGB algorithm demonstrated higher evaluation metrics compared to other techniques. Consequently, the XGB algorithm outperformed others regarding the performance measures used in the detection process. This study offers valuable insights into the application of ML techniques in enhancing information security and detection efficacy of complex cyber threats.