Rapid Cyber-Attack Detection System with Low Probability of Missed Attack Warnings

We develop a rapid cyberattack detection system with a low probability of missed warnings and a reduced number of features that decreases the complexity of a classification model. Firstly, we adopt four feature selection methods separately to extract features: Boruta algorithm, Extreme Gradient Boosting (XGB) algorithm, network security expertise knowledge and multiple feature selection methods combining XGB and Pearson's Correlation Coefficient test. Secondly, we create classification models under each feature selection strategy using Random Forest, Ctree and XGB algorithms for all four different feature selection strategies. Thirdly, to train the 12 classification models, we use a network traffic dataset (UNSW-NB15, N= 257,673) with nine types of cyberattacks. Finally, the model performances are evaluated using features count, accuracy, sensitivity, specificity, False Negative Rate (FNR) and responding time (prediction time or computation time). We identify the random forest model, which is filtered through the feature selection strategy of XGB and Pearson's correlation coefficient test, as the best model. It has the minimum features count (seven), 94.37% accuracy, 3.68% FNR and 1.94 sec responding time. The proposed model has higher performance compared to nine previous studies. Our proposed predictive model with the least number of features provides higher attack detection accuracy and lesser FNR within minimum responding time.