Cyberattack Predictions with Destination Port  
Author Richard Zuech


Co-Author(s) John Hancock; Taghi M. Khoshgoftaar


Abstract When analyzing cybersecurity datasets with machine learning, researchers commonly need to consider whether or not to include Destination Port (DP) as an input feature. We assess the impact of Destination Port as a predictive feature by using it as the only (single) input feature with the CSECIC- IDS2018 dataset and three classifiers: LightGBM (LGB), CatBoost (CB), and Categorical Naive Bayes (CNB). Binary classification is applied to CSE-CIC-IDS2018 to predict attack or normal instances with the Area Under the Receiver Operating Characteristic Curve (AUC) and F1 classification performance metrics. All three classifiers strongly agree that including Destination Port as the only input feature results in favorable performance, with AUC scores of 0.9073. In the CSECIC- IDS2018 dataset, some Destination Ports exhibit lopsided distributions between normal and attack traffic.


Keywords Intrusion Detection, Cybersecurity, Destination Port, Machine Learning
    Article #:  RQD26-160

Proceedings of 26th ISSAT International Conference on Reliability & Quality in Design
Virtual Event

August 5-7, 2021