Improving Multiclass Classification of Cybersecurity Breaches in Railway Infrastructure using Imbalanced Learning

Abstract

Machine learning approaches and algorithms are spreading in wide areas in research and technology. Cybersecurity breaches are the common anomalies for networked and distributed infrastructures which are monitored, registered, and described carefully. However, the description of each security breaches episode and its classification is still a difficult problem, especially in highly complex telecommunication infrastructure. Railway information infrastructure usually has a large scale and large diversity of possible security breaches. Today's situation shows the registering of the security breaches has a mature and stable character, but the problem of their automated classification is not solved completely. Many studies on security breaches multiclass classification show inadequate accuracy of classification. We investigated the origins of this problem and suggested the possible roots consist in disbalance the datasets used for machine learning multiclass classification. Thus, we proposed an approach to improve the accuracy of the classification and verified our approach on the really collected datasets with cybersecurity breaches in railway telecommunication infrastructure. We analyzed the results of applying three imbalanced learning methodologies, namely random oversampling, synthetic minority oversampling technique, and the last one with Tomek links. We have implemented three machine learning algorithms, namely Naïve Bayes, K-means, and support vector machine, on disbalances and balanced data to estimate imbalance learning methodologies with comparing results. The proposed approach demonstrated the increase of the accuracy for multiclass classification in the range from 30 to 41%, depending on the imbalanced learning technique. © 2021 ACM.