Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features

Ming Liu; Ling Cen; Dymitr Ruta

doi:10.15439/2023F4457

Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features

Ming Liu, Ling Cen, Dymitr Ruta

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

The rapid proliferation of Internet of Things (IoT) devices has revolutionized the way we interact with and manage our surroundings. However, this widespread adoption has also brought forth significant cybersecurity challenges. IoT devices, with their interconnectedness and varying functionalities, present a unique threat landscape that requires tailored detection techniques. Traditional approaches to cybersecurity, primarily focused on network monitoring and anomaly detection, often fall short in effectively identifying threats originating from IoT devices due to their dynamic and complex behaviors. This paper addresses our solution for FedCSIS 2023 Challenge: Cybersecurity Threat Detection in the behavior of IoT Devices. First, we aggregated time series features, and then at the feature selection stage, we filtered and combined different categorical and numerical features to generate four different feature sets. The Gradient boosting models, i.e. lightgbm, catboost and xgboost, are applied and trained individually with hyper-parameter tuning. The final three submissions are two best individual lightgbm models with the AUC scores of 0.9999 and 0.9998, respectively on the different feature sets, which secured the 4th place with a final score of 0.9993, and one ensemble result with a AUC score of 0.9998 from combination of xgboost, catboost and lightgbm, which has the final score of 0.9997 while unluckily was missing in the final three evaluation entries.

Original language	British English
Title of host publication	Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023
Editors	Maria Ganzha, Leszek Maciaszek, Leszek Maciaszek, Marcin Paprzycki, Dominik Slezak, Dominik Slezak, Dominik Slezak
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1311-1315
Number of pages	5
ISBN (Electronic)	9788396744784
DOIs	https://doi.org/10.15439/2023F4457
State	Published - 2023
Event	18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023 - Warsaw, Poland Duration: 17 Sep 2023 → 20 Sep 2023

Publication series

Name	Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023

Conference

Conference	18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023
Country/Territory	Poland
City	Warsaw
Period	17/09/23 → 20/09/23

Keywords

CatBoost
Cybersecurity threat detection
Ensemble Learning
Gradient Boosting Trees
LightGBM
Stacking
XGBoost

Access to Document

10.15439/2023F4457

Cite this

Liu, M., Cen, L., & Ruta, D. (2023). Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features. In M. Ganzha, L. Maciaszek, L. Maciaszek, M. Paprzycki, D. Slezak, D. Slezak, & D. Slezak (Eds.), Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023 (pp. 1311-1315). (Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.15439/2023F4457

Liu, Ming ; Cen, Ling ; Ruta, Dymitr. / Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features. Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023. editor / Maria Ganzha ; Leszek Maciaszek ; Leszek Maciaszek ; Marcin Paprzycki ; Dominik Slezak ; Dominik Slezak ; Dominik Slezak. Institute of Electrical and Electronics Engineers Inc., 2023. pp. 1311-1315 (Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023).

@inproceedings{2330636b548d4775ad57d0a8cc512691,

title = "Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features",

abstract = "The rapid proliferation of Internet of Things (IoT) devices has revolutionized the way we interact with and manage our surroundings. However, this widespread adoption has also brought forth significant cybersecurity challenges. IoT devices, with their interconnectedness and varying functionalities, present a unique threat landscape that requires tailored detection techniques. Traditional approaches to cybersecurity, primarily focused on network monitoring and anomaly detection, often fall short in effectively identifying threats originating from IoT devices due to their dynamic and complex behaviors. This paper addresses our solution for FedCSIS 2023 Challenge: Cybersecurity Threat Detection in the behavior of IoT Devices. First, we aggregated time series features, and then at the feature selection stage, we filtered and combined different categorical and numerical features to generate four different feature sets. The Gradient boosting models, i.e. lightgbm, catboost and xgboost, are applied and trained individually with hyper-parameter tuning. The final three submissions are two best individual lightgbm models with the AUC scores of 0.9999 and 0.9998, respectively on the different feature sets, which secured the 4th place with a final score of 0.9993, and one ensemble result with a AUC score of 0.9998 from combination of xgboost, catboost and lightgbm, which has the final score of 0.9997 while unluckily was missing in the final three evaluation entries.",

keywords = "CatBoost, Cybersecurity threat detection, Ensemble Learning, Gradient Boosting Trees, LightGBM, Stacking, XGBoost",

author = "Ming Liu and Ling Cen and Dymitr Ruta",

note = "Publisher Copyright: {\textcopyright} 2023 Polish Information Processing Society.; 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023 ; Conference date: 17-09-2023 Through 20-09-2023",

year = "2023",

doi = "10.15439/2023F4457",

language = "British English",

series = "Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1311--1315",

editor = "Maria Ganzha and Leszek Maciaszek and Leszek Maciaszek and Marcin Paprzycki and Dominik Slezak and Dominik Slezak and Dominik Slezak",

booktitle = "Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023",

address = "United States",

}

Liu, M, Cen, L & Ruta, D 2023, Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features. in M Ganzha, L Maciaszek, L Maciaszek, M Paprzycki, D Slezak, D Slezak & D Slezak (eds), Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023. Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023, Institute of Electrical and Electronics Engineers Inc., pp. 1311-1315, 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023, Warsaw, Poland, 17/09/23. https://doi.org/10.15439/2023F4457

Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features. / Liu, Ming; Cen, Ling; Ruta, Dymitr.
Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023. ed. / Maria Ganzha; Leszek Maciaszek; Leszek Maciaszek; Marcin Paprzycki; Dominik Slezak; Dominik Slezak; Dominik Slezak. Institute of Electrical and Electronics Engineers Inc., 2023. p. 1311-1315 (Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features

AU - Liu, Ming

AU - Cen, Ling

AU - Ruta, Dymitr

PY - 2023

Y1 - 2023

N2 - The rapid proliferation of Internet of Things (IoT) devices has revolutionized the way we interact with and manage our surroundings. However, this widespread adoption has also brought forth significant cybersecurity challenges. IoT devices, with their interconnectedness and varying functionalities, present a unique threat landscape that requires tailored detection techniques. Traditional approaches to cybersecurity, primarily focused on network monitoring and anomaly detection, often fall short in effectively identifying threats originating from IoT devices due to their dynamic and complex behaviors. This paper addresses our solution for FedCSIS 2023 Challenge: Cybersecurity Threat Detection in the behavior of IoT Devices. First, we aggregated time series features, and then at the feature selection stage, we filtered and combined different categorical and numerical features to generate four different feature sets. The Gradient boosting models, i.e. lightgbm, catboost and xgboost, are applied and trained individually with hyper-parameter tuning. The final three submissions are two best individual lightgbm models with the AUC scores of 0.9999 and 0.9998, respectively on the different feature sets, which secured the 4th place with a final score of 0.9993, and one ensemble result with a AUC score of 0.9998 from combination of xgboost, catboost and lightgbm, which has the final score of 0.9997 while unluckily was missing in the final three evaluation entries.

AB - The rapid proliferation of Internet of Things (IoT) devices has revolutionized the way we interact with and manage our surroundings. However, this widespread adoption has also brought forth significant cybersecurity challenges. IoT devices, with their interconnectedness and varying functionalities, present a unique threat landscape that requires tailored detection techniques. Traditional approaches to cybersecurity, primarily focused on network monitoring and anomaly detection, often fall short in effectively identifying threats originating from IoT devices due to their dynamic and complex behaviors. This paper addresses our solution for FedCSIS 2023 Challenge: Cybersecurity Threat Detection in the behavior of IoT Devices. First, we aggregated time series features, and then at the feature selection stage, we filtered and combined different categorical and numerical features to generate four different feature sets. The Gradient boosting models, i.e. lightgbm, catboost and xgboost, are applied and trained individually with hyper-parameter tuning. The final three submissions are two best individual lightgbm models with the AUC scores of 0.9999 and 0.9998, respectively on the different feature sets, which secured the 4th place with a final score of 0.9993, and one ensemble result with a AUC score of 0.9998 from combination of xgboost, catboost and lightgbm, which has the final score of 0.9997 while unluckily was missing in the final three evaluation entries.

KW - CatBoost

KW - Cybersecurity threat detection

KW - Ensemble Learning

KW - Gradient Boosting Trees

KW - LightGBM

KW - Stacking

KW - XGBoost

UR - http://www.scopus.com/inward/record.url?scp=85179184342&partnerID=8YFLogxK

U2 - 10.15439/2023F4457

DO - 10.15439/2023F4457

M3 - Conference contribution

AN - SCOPUS:85179184342

T3 - Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023

SP - 1311

EP - 1315

BT - Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023

A2 - Ganzha, Maria

A2 - Maciaszek, Leszek

A2 - Paprzycki, Marcin

A2 - Slezak, Dominik

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023

Y2 - 17 September 2023 through 20 September 2023

ER -

Liu M, Cen L, Ruta D. Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features. In Ganzha M, Maciaszek L, Maciaszek L, Paprzycki M, Slezak D, Slezak D, Slezak D, editors, Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 1311-1315. (Proceedings of the 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023). doi: 10.15439/2023F4457

Gradient Boosting Models for Cybersecurity Threat Detection with Aggregated Time Series Features

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this