Evaluating Machine Learning Algorithms for Detecting Network Intrusions (original) (raw)

A Comparative Analysis of Machine Learning Approaches to Intrusion Detection

Journal of Xi'an University of Architecture & Technology, 2021

Network administrators use a Network Intrusion Detection System (NIDS) to detect network security breaches in their enterprises. However, designing a convenient and dynamic NIDS for unanticipated and unpredictable attacks poses numerous obstacles. Signature-based Intrusion Detection Systems (IDS) are currently insufficient to handle the hazards posed by zero-day attacks to networked systems. On the NSL-KDD dataset, we applied data mining techniques and compared their performance on metrics such as accuracy, precision, and recall.

Machine Learning Algorithms Performance Evaluation for Intrusion Detection

Journal of Information Technology Management, 2021

The steadily growing dependency over network environment introduces risk over information flow. The continuous use of various applications makes it necessary to sustain a level of security to establish safe and secure communication amongst the organizations and other networks that is under the threat of intrusions. The detection of Intrusion is the major research problem faced in the area of information security, the objective is to scrutinize threats or intrusions to secure information in the network Intrusion detection system (IDS) is one of the key to conquer against unfamiliar intrusions where intruders continuously modify their pattern and methodologies. In this paper authors introduces Intrusion detection system (IDS) framework that is deployed over KDD Cup99 dataset by using machine learning algorithms as Support Vector Machine (SVM), Naïve Bayes and Random Forest for the purpose of improving the precision, accuracy and recall value to compute the best suited algorithm.

Intrusion Detection using Machine Learning Techniques: An Experimental Comparison

2021 International Congress of Advanced Technology and Engineering (ICOTEN)

Due to an exponential increase in the number of cyber-attacks, the need for improved Intrusion Detection Systems (IDS) is apparent than ever. In this regard, Machine Learning (ML) techniques are playing a pivotal role in the early classification of the attacks in case of intrusion detection within the system. However, due to the large number of algorithms available, the selection of the right method is a challenging task. To resolve this issue, this paper analyses some of the current state of the art intrusion detection methods and discusses their pros and cons. Further, a review of different ML methods is carried out with four methods showing to be the most suitable one for classifying attacks. Several algorithms are selected and investigated to evaluate the performance of IDS. These IDS classifies binary and multiclass attacks in terms of detecting whether or not the traffic has been considered as benign or an attack. The experimental results demonstrate that binary classification has greater consistency in their accuracy results which ranged from 0.9938 to 0.9977, while multiclass ranges from 0.9294 to 0.9983. However, it has been also observed that multiclass provides the best results with the algorithm k-Nearest neighbor giving an accuracy score of 0.9983 while the binary classification highest score is 0.9977 from Random Forest. The experimental results demonstrate that multiclass classification produces better performance in terms of intrusion detection by specifically differentiating between the attacks and allowing a more targeted response to an attack.

Intrusion detection in computer networks based on machine learning algorithms

Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements; they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, machine learning-based intrusion detection systems have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. This work aims to compare efficiency of machine learning methods in intrusion detection system, including artificial neural networks and support vector machine, with the hope of providing reference for establishing intrusion detection system in future. Compared with other related works in machine learning-based intrusion detectors, we propose to calculate the mean value via sampling different ratios of normal data for each measurement, which lead us to reach a better accuracy rate for observation data in real world. We compare the accuracy, detection rate, false alarm rate for 4 attack types. The extensive experimental results on the KDD-cup intrusion detection benchmark dataset demonstrate that the proposed approach produces higher performance than KDD Winner, especially for U2R and U2L type attacks.

Comparative Evaluation of Machine Learning Algorithms for Intrusion Detection

Asian Journal of Research in Computer Science, 2023

This study undertakes a comparative examination of machine learning algorithms used for intrusion detection, addressing the escalating challenge of safeguarding networks from malicious attacks in an era marked by a proliferation of network-related applications. Given the limitations of conventional security tools in combatting intrusions effectively, the adoption of machine learning emerges as a promising avenue for bolstering detection capabilities. The research evaluates the efficacy of three distinct machine learning algorithms—Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), and Naive Bayes—in identifying diverse attack categories, including Denial of Service, Probe, Remote to Local, and User to Root. Conducted on the NSL-KDD dataset, the analysis unveils CNN and RNN as superior performers compared to Naive Bayes, particularly in terms of detection accuracy. These findings extend value to both researchers and practitioners in the realm of intrusion detection systems, offering insights into optimal algorithmic choices. Furthermore, the study's implications resonate within broader contexts, such as the advancement of secure automation in industrial environments and the realm of automobile automation. Overall, this research contributes to the ongoing efforts to fortify network security and promote the development of safer technological landscapes.

A Survey of Network Intrusion Detection Using Machine Learning Techniques

Machine Learning and Data Mining for Emerging Trend in Cyber Dynamics, 2021

Nowadays, a huge amount of information flows daily on public and private computer networks. Since sensitive information has a high probability of being transmitted, there is an important need to protect networks from intrusions. Hence, adopting an intrusion detection system is imperative. As the frequency of sophisticated attacks has been increasing tremendously over the past years, machine learning approaches were introduced to identify intrusion patterns and prevent sophisticated attacks. This survey provides an up-to-date review of leading-edge techniques used by intrusion detection systems that rely on machine learning techniques. Moreover, it introduces important key machine learning concepts such as ensemble learning and feature selection that are applied to protect networks from unauthorized access and make networks and computers safer. The article then reviews signature, anomaly, and hybrid intrusion detection systems that apply machine learning techniques. It is observed that hybrid network intrusion detection system may be the most effective. Then, the article examines the characteristics of popular benchmark datasets for evaluating intrusion detection systems such as NSL-KDD, Kyoto 2006 +, and KDD Cup-'99 and performance metrics to appraise intrusion detection results. Finally, the article discusses research opportunities in the field of intrusion detection.

Evaluation of Machine Learning Algorithms for Intrusion Detection System

Intrusion detection system (IDS) is one of the implemented solutions against harmful attacks. Furthermore, attackers always keep changing their tools and techniques. However, implementing an accepted IDS system is also a challenging task. In this paper, several experiments have been performed and evaluated to assess various machine learning classifiers based on KDD intrusion dataset. It succeeded to compute several performance metrics in order to evaluate the selected classifiers. The focus was on false negative and false positive performance metrics in order to enhance the detection rate of the intrusion detection system. The implemented experiments demonstrated that the decision table classifier achieved the lowest value of false negative while the random forest classifier has achieved the highest average accuracy rate.

Intrusion Detection System Using machine learning Algorithms

ITM Web of Conferences

The world has experienced a radical change due to the internet. As a matter of fact, it assists people in maintaining their social networks and links them to other members of their social networks when they require assistance. In effect sharing professional and personal data comes with several risks to individuals and organizations. Internet became a crucial element in our daily life, therefore, the security of our DATA could be threatened at any time. For this reason, IDS plays a major role in protecting internet users against any malicious network attacks. (IDS) Intrusion Detection System is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. In this paper, the focus will be on three different classifications; starting by machine learning, algorithms NB, SVM and KNN. These algorithms will be used to define the best accuracy by means of the USNW NB 15 DATASET in the first stage. Based on the result of the first stage, t...

Comparison of Machine Learning Algorithms to Build Optimized Network Intrusion Detection System

American Scientific Publishers, 2019

Network Security is the most important aspect for all products and services offered by networking systems. The network density and usage in information systems, technical systems are humungous and is used by the entire world to provide connectivity from busiest hours to remote locations. Mission critical events, governmental organizations, information technology structures rely on continuous and smooth provision of network connection. This makes the basis of information security pillars-Confidentiality, which means that the data transferred between two users can be readable but should not be understandable, meaning it should be encrypted; Integrity, which focuses on the aspect of reliable message transfer preventing any kind of message tampering in the data transfer process; and finally Authentication and Availability, meaning that the user sending and receiving the data are genuine, and that the data is available, free from denial attacks.

Development and Assessment of Intrusion Detection System using Machine Learning Algorithm

In today's world, the internet is an important part of our life. People cannot think of a single moment without the existence of the internet. With the increasing involvement of the internet in our daily life, it is very important to make it secure. Now to make communication system more secure there is a need of Intrusion Detection Systems which can be roughly classified as anomaly-based detection systems and signature-based detection systems. In the paper we presents a simple and robust method for intrusion detection in computer networks based on Principal Component Analysis (PCA) where each network connection is transformed into an input data vector. PCA is used to reduce the high dimensional data vector to low dimensional data vector and then detection is done in less dimensional space with high efficiency and low use of system resources. We have used KDD Cup 99 dataset for experiment and result shown that this approach is promising in terms of detection accuracy. It is also effective to identify most known attacks as well as new attacks. However, a frequent update for both user profiles and attacks databases is crucial to improve the identification rates.