Machine Learning for Improved Threat Detection: LightGBM vs. CatBoost

Abstract

Since attacks on information resources are common and come from both domestic and foreign sources, it is critical to ensure their security, particularly that of the network infrastructure that provides internet access. The identification of anomalies in these networks is mostly dependent on anomaly detection systems, or IDSs. However, the algorithms that IDSs use and their ability to learn are largely responsible for their efficacy. Given the complexity of malicious activities, it's critical to use techniques that offer maximum effectiveness and superior performance. The aim of this work is to assess how well boosting algorithms—more especially, LightGBM and CatBoost—identify fraudulent network traffic. The CICID2017 dataset was used in the study to apply LightGBM and CatBoost using Google Colab. Performance criteria including recall, accuracy, precision, and F1-score were employed to evaluate the classifiers. The analysis showed that CatBoost performed better than LightGBM models, with an astounding f1-score of 99.89%. On the other hand, with little data, the LightGBM model demonstrated reduced efficacy in detecting attack types. This study emphasizes how important it is to use efficient methods, like CatBoost, to boost anomaly detection systems' efficiency and strengthen information resource security against hostile activity on network infrastructures.