A detection model for user-to-root attacks using the AdaBoost classifier

Abstract

Intrusion detection in enterprise networks is a key area of interest in computer security today because of its importance and vast application, such as detection of attacks by legal users. Current attack detection based on the AdaBoost classifier is inadequately accurate. In addition, recent contributions to detection of user-to-root attacks based on the AdaBoost algorithm use standard datasets which are not necessarily contextual to local settings. The aim of this study was to build a detection model for user-to-root attacks with a high detection rate and low false alarm rate using the AdaBoost classifier. User-to-root attacks are the most dangerous of all network insider attacks. This model used 40 days’ network traffic data from the enterprise network of National Water and Sewerage Corporation, and used categorical data. The model was built using Jupyter Notebook Integrated Development Environment. Feature engineering generated additional relevant features, one feature was dropped using mean imputation, upscaling was performed to deal with the unbalanced nature of the dataset, embedded feature selection technique was used for feature selection, and integer encoding was used to transform the categorical features into numericals. The training dataset was first fitted on K-Nearest Neighbor, Naïve Bayes, Support Vector Machine, and Random Forest base classifiers. The latter was then used as the weak learner for the AdaBoost classifier. Results showed a high Detection Rate of 95.05%, F1 Score of 0.89 and False Alarm Rate of 0.91. This dissertation provides up-to-date literature to scholars in related studies and this model can be integrated into anomaly based Network Intrusion Detection Systems. This study recommends that Machine Learning researchers need to use contextual data, standard methods and standard tools to build attack detection models for accurate attack detections, developers should adopt and use this model if developing Network Intrusion Detection Systems, the cybersecurity industry needs to involve Machine Learning experts in order to leverage accurate intrusion detection by Network Intrusion Detection Systems, and that researchers could also focus on applying this algorithm to balanced data as well as discuss other constraints identified by this study.