Evaluation of Machine Learning Algorithms for Intrusion Detection System (original) (raw)
Related papers
Machine Learning Algorithms Performance Evaluation for Intrusion Detection
Journal of Information Technology Management, 2021
The steadily growing dependency over network environment introduces risk over information flow. The continuous use of various applications makes it necessary to sustain a level of security to establish safe and secure communication amongst the organizations and other networks that is under the threat of intrusions. The detection of Intrusion is the major research problem faced in the area of information security, the objective is to scrutinize threats or intrusions to secure information in the network Intrusion detection system (IDS) is one of the key to conquer against unfamiliar intrusions where intruders continuously modify their pattern and methodologies. In this paper authors introduces Intrusion detection system (IDS) framework that is deployed over KDD Cup99 dataset by using machine learning algorithms as Support Vector Machine (SVM), Naïve Bayes and Random Forest for the purpose of improving the precision, accuracy and recall value to compute the best suited algorithm.
Performance Analysis of Machine Learning Techniques Used in Intrusion Detection Systems
In today's age, new developments are constantly occurring in the internet world. These developments, such as the number of internet users and the increase in web applications, have brought some risks in a matter called data security. Intrusion Detection Systems (IDS), a tool used for data and network security, prevent attacks on secure internal networks by developing specific simulations. In addition, it detects unexpected login and access requests and successfully removes threats. In recent history, many researchers have been working on safer IDS to prevent these threats. However, there is a limited number of performance comparisons of IDS machine learning techniques. Different techniques have been studied in the applications. Machine learning techniques such as decision trees, neural networks, random forest, AdaBoost, logistic regression, Naive Bayes, K-nearest neighbor algorithms on a data set of their performance and success rates were evaluated. F-measure, precision, specifity, accuracy and sensitivity analyses were performed and their classification was observed. NSLKDD was used as a data set on the studies. To solve the problem, the data set was analyzed in the Waikato Environment Knowledge Analysis (WEKA) environment. Although many algorithms applied on the data set gave close values, it was determined that K-nearest neighbor (KNN) applications showed the highest performance with a classification rate of %98,56.
2018 28th International Conference on Computer Theory and Applications (ICCTA), 2018
With the tremendous growth of the Internet and the continuous increase in malicious attacks on corporate networks, Intrusion Detection Systems (IDS) have been designed and adopted by organizations to accurately detect intrusion and other malicious activities. But these IDSs still suffer from setbacks such as False Positives (FP), low detection accuracy and False Negatives (FN). To enhance the performance of IDSs, machine learning classifiers are used to aid detection accuracy and greatly reduce the false positive and false negative rate. In this research we have evaluated six classifiers such as Decision Tree (J48), Random Forest (RF), K-Nearest Neighbor (K-NN), Nave Bayes (NB), Support Vector Machine (SVM) and Artificial Neural Networks (ANN) on three different types of datasets such as NSL-KDD, UNSW-NB15 and Phishing dataset. Our results show that K-NN and J48 are the best performing classifiers when it comes to detection accuracy, testing time and false positive rate.
Performance Evaluation of Supervised Machine Learning Algorithms for Intrusion Detection
Intrusion detection system plays an important role in network security. Intrusion detection model is a predictive model used to predict the network data traffic as normal or intrusion. Machine Learning algorithms are used to build accurate models for clustering, classification and prediction. In this paper classification and predictive models for intrusion detection are built by using machine learning classification algorithms namely Logistic Regression, Gaussian Naive Bayes, Support Vector Machine and Random Forest. These algorithms are tested with NSL-KDD data set. Experimental results shows that Random Forest Classifier out performs the other methods in identifying whether the data traffic is normal or an attack.
Performance Analysis of Network Intrusion Detection System using Machine Learning
International Journal of Advanced Computer Science and Applications, 2019
With the coming of the Internet and the increasing number of Internet users in recent years, the number of attacks has also increased. Protecting computers and networks is a hard task. An intrusion detection system is used to detect attacks and to protect computers and network systems from these attacks. This paper aimed to compare the performance of Random Forests, Decision Tree, Gaussian Naïve Bayes, and Support Vector Machines in detecting network attacks. An up-to-date dataset was chosen to compare the performance of these classifiers. The results of the conducted experiments demonstrate that both Random Forests and Decision Tree performed effectively in detecting attacks.
Intrusion Detection using Machine Learning Techniques
2021
An Intrusion is an uncredited access to a computer in your organization or a personal computer. As the world is becoming more internet-oriented and data leaks occur more than ever in our tech-savvy world, we need to know about these attacks so that they can be prevented hence coming into action Intrusion Detection System. IDS are systems that alert about the attack by analyzing the traffic on the network for signs of unauthorized activity. To identify the attack and alert about that possible attack, this system needs to be trained on some previous attacks data, for this study, the improved version of the KDD99 dataset, NSL-KDD dataset have been used for training the Machine Learning Model. In this analysis of Machine Learning algorithms, the algorithms under consideration are Logistic Regression, Support Vector Machine, Decision Tree, Random Forest. For comparison of the performance of the algorithms metrics like Accuracy Score, Confusion Matrix, and Classification Report were consi...
International Journal of Computer Science and Information Technology, 2019
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it's unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
INTRUSION DETECTION MODEL USING MACHINE LEARNING ALGORITHMS ON NSL-KDD DATASET
International Journal of Computer Networks & Communications (IJCNC), 2024
Big data, generated by various sources such as mobile devices, sensors, and the Internet of Things (IoT), has many characteristics such as volume, velocity, variety, variability, veracity, validity, vulnerability, volatility, visualization, and value. An Intrusion Detection System (IDS) is essential for cybersecurity to detect intrusions before or after attacks. Traditional software methods struggle to store, manage, and analyze big data, developing new techniques for effective and rapid intrusion detection in organizations and enterprises. This study introduces the IDS Random Forest (RF) model in binary and multiclass classification for intrusion detection. In this model, we used the Synthetic Minority Oversampling TEchnique (SMOTE) to address class imbalances, and the RF classifier to classify attacks using the Network Security Laboratory (NSL)-KDD dataset. In the experiment, we compared the IDS-RF model with the Support Vector Machine (SVM), k-Nearest Neighbor (k-NN), and Logistic Regression (LR) classifiers in terms of accuracy, precision, recall, f1-score, and times for training and testing. The experimental results showed that the IDS-RF model achieved high performance in binary and multiclass classification compared to others. In addition, the proposed model also achieved high accuracies for each class (Normal, DoS, Probe, U2R, or R2L) and obtained 98.69%, 99.72%, 98.93%, 95.13%, and 89%, respectively.
Intrusion Detection using Machine Learning Techniques: An Experimental Comparison
2021 International Congress of Advanced Technology and Engineering (ICOTEN)
Due to an exponential increase in the number of cyber-attacks, the need for improved Intrusion Detection Systems (IDS) is apparent than ever. In this regard, Machine Learning (ML) techniques are playing a pivotal role in the early classification of the attacks in case of intrusion detection within the system. However, due to the large number of algorithms available, the selection of the right method is a challenging task. To resolve this issue, this paper analyses some of the current state of the art intrusion detection methods and discusses their pros and cons. Further, a review of different ML methods is carried out with four methods showing to be the most suitable one for classifying attacks. Several algorithms are selected and investigated to evaluate the performance of IDS. These IDS classifies binary and multiclass attacks in terms of detecting whether or not the traffic has been considered as benign or an attack. The experimental results demonstrate that binary classification has greater consistency in their accuracy results which ranged from 0.9938 to 0.9977, while multiclass ranges from 0.9294 to 0.9983. However, it has been also observed that multiclass provides the best results with the algorithm k-Nearest neighbor giving an accuracy score of 0.9983 while the binary classification highest score is 0.9977 from Random Forest. The experimental results demonstrate that multiclass classification produces better performance in terms of intrusion detection by specifically differentiating between the attacks and allowing a more targeted response to an attack.
An Investigation on Intrusion Detection System Using Machine Learning
RM, 2018
With prevalent technologies like Internet of Things, Cloud Computing and Social Networking, large amounts of network traffic and data are generated. Hence, there is a need for Intrusion Detection Systems that monitors the network and analyzes the incoming traffic dynamically. In this paper, NSL-KDD is used to evaluate the machine learning algorithms for intrusion detection. However, not all features improve performance in a large datasets. Therefore, reducing and selecting a particular set of features improve the speed and accuracy. So, features are selected using Recursive Feature Elimination (RFE). We have conducted a rigorous experiment on Intrusion Detection System (IDS) that uses machine learning algorithms, namely, Random Forest and Support Vector Machine (SVM). We have demonstrated the comparison between the model's performance before and after feature selection of both Random Forest and SVM. We have also presented the confusion matrices.