This paper introduced a robust anomaly detection framework utilizing the BPF-extended tracking honeypot (BETH) dataset, designed to benchmark cybersecurity applications with real-world kernel-process and network logs. Comprehensive preprocessing, including feature engineering, numerical scaling, and ADASYN for class imbalance handling, prepared the dataset for effective machine learning application. Multiple classifiers, such as LightGBM, CatBoost, support vector machines (SVM), K-nearest neighbors (KNN), and logistic regression, were evaluated using precision, recall, F1-score, and accuracy metrics. CatBoost emerged as the top-performing standalone model with high precision and recall. An artificial neural network (ANN) was subsequently introduced to complement traditional models, leveraging its capability to detect nonlinear relationships. The hybrid approach combined CatBoost’s robust feature extraction with ANN’s pattern recognition strengths, further refining anomaly detection. Ensemble techniques, such as stacking and voting classifiers, were also explored to aggregate predictions from multiple models. The hybrid model demonstrated exceptional performance, achieving an accuracy of 99.0% and an F1-score of 98.6%, outperforming standalone models. This research highlights the synergy of machine learning, feature engineering, and hybrid ensemble strategies, providing an effective solution for anomaly detection in complex cybersecurity scenarios.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hybrid Integration of Machine Learning and Deep Learning Approaches for Accurate Anomaly Detection with the BETH Data

  • G. Naga Rama Devi,
  • Dasari Chaithanya,
  • UdayaLaxmi Aditya Teki,
  • D. Chandra Mouli,
  • A. Lakshmana Rao,
  • Nagagopiraju Vullam

摘要

This paper introduced a robust anomaly detection framework utilizing the BPF-extended tracking honeypot (BETH) dataset, designed to benchmark cybersecurity applications with real-world kernel-process and network logs. Comprehensive preprocessing, including feature engineering, numerical scaling, and ADASYN for class imbalance handling, prepared the dataset for effective machine learning application. Multiple classifiers, such as LightGBM, CatBoost, support vector machines (SVM), K-nearest neighbors (KNN), and logistic regression, were evaluated using precision, recall, F1-score, and accuracy metrics. CatBoost emerged as the top-performing standalone model with high precision and recall. An artificial neural network (ANN) was subsequently introduced to complement traditional models, leveraging its capability to detect nonlinear relationships. The hybrid approach combined CatBoost’s robust feature extraction with ANN’s pattern recognition strengths, further refining anomaly detection. Ensemble techniques, such as stacking and voting classifiers, were also explored to aggregate predictions from multiple models. The hybrid model demonstrated exceptional performance, achieving an accuracy of 99.0% and an F1-score of 98.6%, outperforming standalone models. This research highlights the synergy of machine learning, feature engineering, and hybrid ensemble strategies, providing an effective solution for anomaly detection in complex cybersecurity scenarios.