Identifying cyberattacks using machine learning techniques

Abstract

Cyberattacks have become increasingly frequent, targeted, and sophisticated, posing significant risks to individuals, organisations, and critical infrastructure. Traditional Intrusion Detection Systems (IDSs), particularly those relying on rule-based and signature-based approaches, have struggled to keep pace with the evolving nature of cyber threats, especially within encrypted network environments. This dissertation investigates the use of Artificial Neural Networks (ANNs) for cyberattack detection, with the goal of building an adaptive and accurate model capable of distinguishing between benign and malicious encrypted traffic flows. The analysis centres on the HIKARI-2022 dataset, a modern benchmark featuring encrypted network data labelled for binary classification. The data underwent extensive preprocessing, including variable filtering, scaling, and class balancing, to ensure a suitable foundation for training and evaluation. A baseline ANN model was initially developed and then incrementally refined through a structured hyperparameter tuning process, optimising aspects such as learning rate, network depth, batch size, dropout rate, classification threshold, and early stopping criteria. The final architecture consisted of three hidden layers with targeted regularisation and achieved strong generalisation performance. To improve interpretability, Permutation Feature Importance (PFI) and DeepSHAP were employed. These methods revealed that features related to temporal flow activity, payload size, and directionality played the most influential roles in classification. The findings support the effectiveness of carefully designed ANNs in distinguishing between benign and malicious traffic, even in complex encrypted environments.