<rdf:RDF xmlns:rdf="http://www.openarchives.org/OAI/2.0/rdf/" xmlns:ow="http://www.ontoweb.org/ontology/1#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://dspace.org/ds/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:doc="http://www.lyncode.com/xoai" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/rdf/ http://www.openarchives.org/OAI/2.0/rdf.xsd">
   <ow:Publication rdf:about="oai:digibug.ugr.es:10481/90257">
      <dc:title>Methodology for the detection of contaminated training datasets for machine learning-based Network Intrusion Detection Systems</dc:title>
      <dc:creator>Medina-Arco, Joaquín Gaspar</dc:creator>
      <dc:creator>Magán Carrión, Roberto</dc:creator>
      <dc:creator>Rodríguez-Gómez, Rafael Alejandro</dc:creator>
      <dc:creator>García Teodoro, Pedro</dc:creator>
      <dc:subject>Anomaly detection</dc:subject>
      <dc:subject>NIDS</dc:subject>
      <dc:subject>Deep learning</dc:subject>
      <dc:subject>Autoencoders</dc:subject>
      <dc:subject>Methodology</dc:subject>
      <dc:subject>Real network datasets</dc:subject>
      <dc:subject>Data quality</dc:subject>
      <dc:description>This publication has been partially funded by MICIN/AEI/10.13039/501100011033 under&#xd;
grants PID2020-113462RB-I00 and PID2020-114495RB-I00 and the PPJIA2022-51 and PPJIA2022-52&#xd;
projects from the University of Granada’s own funding plan.</dc:description>
      <dc:description>With the significant increase in cyber-attacks and attempts to gain unauthorised access to systems and information, Network Intrusion-Detection Systems (NIDSs) have become essential detection tools. Anomaly-based systems use machine learning techniques to distinguish between normal and anomalous traffic. They do this by using training datasets that have been previously gathered and labelled, allowing them to learn to detect anomalies in future data. However, such datasets can be accidentally or deliberately contaminated, compromising the performance of NIDS. This has been the case of the UGR’16 dataset, in which, during the labelling process, botnet-type attacks were not identified in the subset intended for training. This paper addresses the mislabelling problem of real network traffic datasets by introducing a novel methodology that (i) allows analysing the quality of a network traffic dataset by identifying possible hidden or unidentified anomalies and (ii) selects the ideal subset of data to optimise the performance of the anomaly detection model even in the presence of hidden attacks erroneously labelled as normal network traffic. To this end, a two-step process that makes incremental use of the training dataset is proposed. Experiments conducted on the contaminated UGR’16 dataset in conjunction with the state-of-the-art NIDS, Kitsune, conclude with the feasibility of the approach to reveal observations of hidden botnet-based attacks on this dataset.</dc:description>
      <dc:date>2024-04-01T09:42:26Z</dc:date>
      <dc:date>2024-04-01T09:42:26Z</dc:date>
      <dc:date>2024-01-12</dc:date>
      <dc:type>journal article</dc:type>
      <dc:identifier>Medina-Arco, J.G.; Magán-Carrión, R.; Rodríguez-Gómez, R.A.; García-Teodoro, P. Methodology for the Detection of Contaminated Training Datasets for Machine Learning-Based Network Intrusion-Detection Systems. Sensors 2024, 24, 479. https://doi.org/10.3390/s24020479</dc:identifier>
      <dc:identifier>https://hdl.handle.net/10481/90257</dc:identifier>
      <dc:identifier>10.3390/s24020479</dc:identifier>
      <dc:language>eng</dc:language>
      <dc:rights>http://creativecommons.org/licenses/by-nd/4.0/</dc:rights>
      <dc:rights>open access</dc:rights>
      <dc:rights>Attribution-NoDerivatives 4.0 Internacional</dc:rights>
      <dc:publisher>MDPI</dc:publisher>
   </ow:Publication>
</rdf:RDF>