Mouhammad Alkasassbeh,Mohammad Almseidin

DOI: https://doi.org/10.48550/arXiv.1809.02610

2018-09-02

Abstract:Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanisms that is used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity, and availability of the services. The speed of the IDS is a very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The J48, MLP, and Bayes Network classifiers have been chosen for this study. It has been proven that the J48 classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type DOS, R2L, U2R, and PROBE.

Networking and Internet Architecture,Cryptography and Security

Ilhan Firat Kilincer,Fatih Ertam,Abdulkadir Sengur

DOI: https://doi.org/10.1016/j.comnet.2021.107840

IF: 5.493

2021-04-01

Computer Networks

Abstract:The increase in internet usage brings security problems with it. Malicious software can affect the operation of the systems and disrupt data confidentiality due to the security gaps in the systems. Intrusion Detection Systems (IDS) have been developed to detect and report attacks. In order to develop IDS systems, artificial intelligence-based approaches have been used more frequently. In this study, literature studies using CSE-CIC IDS-2018, UNSW-NB15, ISCX-2012, NSL-KDD and CIDDS-001 data sets, which are widely used to develop IDS systems, are reviewed in detail. In addition, max-min normalization was performed on these data sets and classification was made with support vector machine (SVM), K-Nearest neighbor (KNN), Decision Tree (DT) algorithms, which are among the classical machine learning approaches. As a result, more successful results have been obtained in some of the studies given in the literature. The study is thought to be useful for developing IDS systems on the basis of artificial intelligence with approaches such as machine learning.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

N. D. Patel,B. M. Mehtre,Rajeev Wankar

DOI: https://doi.org/10.1007/s10207-023-00792-x

2024-04-26

International Journal of Information Security

Abstract:An intrusion detection system (IDS) is a system that monitors network traffic for malicious activity and generates alerts. In anomaly-based detection, machine learning (ML) algorithms exploit various statistical and probabilistic methods to learn from past or historical experience and detect valuable patterns from large, unstructured, and complex datasets. ML-based network intrusion detection aims to identify malicious behavior and alert a system administrator when an intruder tries to penetrate the network. This paper deals with the study, strategic construction, and implementation of a network intrusion detection model based on ML methods. Among the available IDS datasets, five of the most relevant are chosen for the experimental analysis, which are NSL-KDD-2009, CIC-IDS2017, CIC-IDS2018, IoTID20, and UNSW-NB15 datasets. In order to reduce the computation time in the training sample and achieve computational complexity , we propose a computationally efficient and feasible algorithmic framework for analyzing the network traffic data. The developed approach mainly consists of two phases, i.e., "Scatter Matrices and Eigenvalue Computation based feature Selection" and "Classification procedure for the reduced dimension data." Experimental evaluation of various test case scenarios for the chosen datasets is carried out in the simulation setting. It is observed that the test results outperform the existing intrusion detection methods for detecting certain attack categories.

computer science, information systems, theory & methods, software engineering

Majdi Maabreh,Ibrahim Obeidat,Esraa Abu Elsoud,Asma Alnajjar,Rahaf Alzyoud,Omar Darwish

DOI: https://doi.org/10.3991/ijim.v16i14.30197

2022-07-26

International Journal of Interactive Mobile Technologies (iJIM)

Abstract:Cyberattacks have increased in tandem with the exponential expansion of computer networks and network applications throughout the world. In this study, we evaluate and compare four features selection methods, seven classical machine learning algorithms, and the deep learning algorithm on one million random instances of CSE-CIC-IDS2018 big data set for network intrusions. The dataset was preprocessed and cleaned and all learning algorithms were trained on the original values of features. The feature selection methods highlighted the importance of features related to forwarding direction (FWD) and two flow measures (FLOW) in predicting the binary traffic type; benign or attack. Furthermore, the results revealed that whether models are trained on all features or the top 30 features selected by any of the four features selection techniques used in this experiment, there is no significant difference in model performance. Moreover, we may be able to train ML models on only four features and have them perform similarly to models trained on all data,which may result in preferable models in terms of complexity, explainability, and scale for deployment. Furthermore, by choosing four unanimity features instead of all traffic features, training time may be reduced from 10% to 50% of the training time on all features.

Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

Ameera S. Jaradat,Malek M. Barhoush,Rawan S. Bani Easa

DOI: https://doi.org/10.11591/ijeecs.v25.i2.pp1151-1158

2022-02-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The main goal of intrusion detection system (IDS) is to monitor the network performance and to investigate any signs of any abnormalities over the network. Recently, intrusion detection systems employ machine learning techniques, due to the fact that machine learning techniques proved to have the ability of learning and adapting in addition to allowing a prompt response. This work proposes a model for intrusion detection and classification using machine learning techniques. The model first acquires the data set and transforms it in the proper format, then performs feature selection to pick out a subset of attributes that worth being considered. After that, the refined data set was processed by the Konstanz information miner (KNIME). To gain better performance and a decent comparative analysis, three different classifiers were applied. The anticipated classifiers have been executed and assessed utilizing the KNIME analytics platform using (CICIDS2017) datasets. The experimental results showed an accuracy rate ranging between (98.6) as the highest obtained while the average was (90.59%), which was satisfying compared to other approaches. The gained statistics of this research inspires the researchers of this field to use machine learning in cyber security and data analysis and build intrusion detection systems with higher accuracy.

Zachary Tauscher,Yushan Jiang,Kai Zhang,Jian Wang,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2108.08394

2021-08-19

Abstract:With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.

Cryptography and Security,Machine Learning

Zeeshan Ahmad,Adnan Shahid Khan,Cheah Wai Shiang,Johari Abdullah,Farhan Ahmad

DOI: https://doi.org/10.1002/ett.4150

IF: 3.6

2020-10-16

Transactions on Emerging Telecommunications Technologies

Abstract:<p>The rapid advances in the internet and communication fields have resulted in a huge increase in the network size and the corresponding data. As a result, many novel attacks are being generated and have posed challenges for network security to accurately detect intrusions. Furthermore, the presence of the intruders with the aim to launch various attacks within the network cannot be ignored. An intrusion detection system (IDS) is one such tool that prevents the network from possible intrusions by inspecting the network traffic, to ensure its confidentiality, integrity, and availability. Despite enormous efforts by the researchers, IDS still faces challenges in improving detection accuracy while reducing false alarm rates and in detecting novel intrusions. Recently, machine learning (ML) and deep learning (DL)‐based IDS systems are being deployed as potential solutions to detect intrusions across the network in an efficient manner. This article first clarifies the concept of IDS and then provides the taxonomy based on the notable ML and DL techniques adopted in designing network‐based IDS (NIDS) systems. A comprehensive review of the recent NIDS‐based articles is provided by discussing the strengths and limitations of the proposed solutions. Then, recent trends and advancements of ML and DL‐based NIDS are provided in terms of the proposed methodology, evaluation metrics, and dataset selection. Using the shortcomings of the proposed methods, we highlighted various research challenges and provided the future scope for the research in improving ML and DL‐based NIDS.</p>

telecommunications

Muhammad Ali Akhtar,Syed Muhammad Owais Qadri,Maria Andleeb Siddiqui,Syed Muhammad Nabeel Mustafa,Saba Javaid,Syed Abbas Ali

DOI: https://doi.org/10.1038/s41598-023-43816-1

IF: 4.6

2023-10-13

Scientific Reports

Abstract:Network security has developed as a critical research subject as a result of the Rapid advancements in the development of Internet and communication technologies over the previous decades. The expansion of networks and data has caused cyber-attacks on the systems, making it difficult for network security to detect breaches effectively. Current Intrusion Detection Systems (IDS) have several flaws, including their inability to prevent attacks on their own, the requirement for a professional engineer to administer them, and the occurrence of false alerts. As a result, a plethora of new attacks are being created, making it harder for network security to properly detect breaches. Despite the best efforts, IDS continues to struggle with increasing detection accuracy while lowering false alarm rates and detecting new intrusions. Therefore, network intrusion detection enhancement by preprocessing and generation of highly reliable algorithms is the main focus nowadays. Machine learning (ML) based IDS systems have recently been implemented as viable solutions for quickly detecting intrusions across the network. In this study, we use a combined data analysis technique with four Robust Machine learning ensemble algorithms, including the Voting Classifier, Bagging Classifier, Gradient Boosting Classifier, and Random Forest-based Bagging algorithm along with the proposed Robust genetic ensemble classifier. For each algorithm, a model is created and tested using a Network Dataset. To assess the performance of both algorithms in terms of their ability to anticipate the anomaly occurrence, graphs of performance rates have been evaluated. The suggested algorithm outperformed other methods as it shows the lowest values of mean square error (MSE) and mean absolute error (MAE). The experiments were conducted on the Network traffic dataset available on Kaggle, on the Python platform, which has limited samples. The proposed method can be applied in the future with more machine learning ensemble classifiers and deep learning techniques.

multidisciplinary sciences

Jie Li,Yanpeng Qu,Fei Chao,Hubert P. H. Shum,Edmond S. L. Ho,Longzhi Yang

DOI: https://doi.org/10.1007/978-3-319-98842-9_6

2019-01-01

Abstract:Network intrusion is a growing threat with potentially severe impacts, which can be damaging in multiple ways to network infrastructures and digital/intellectual assets in the cyberspace. The approach most commonly employed to combat network intrusion is the development of attack detection systems via machine learning and data mining techniques. These systems can identify and disconnect malicious network traffic, thereby helping to protect networks. This chapter systematically reviews two groups of common intrusion detection systems using fuzzy logic and artificial neural networks, and evaluates them by utilizing the widely used KDD 99 benchmark dataset. Based on the findings, the key challenges and opportunities in addressing cyberattacks using artificial intelligence techniques are summarized and future work suggested.

Siriporn Chimphlee,Witcha Chimphlee

DOI: https://doi.org/10.11591/ijeecs.v30.i2.pp1106-1119

2023-05-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:With the rapid growth of digital technology communications are overwhelmed by network data traffic. The demand for the internet is growing every day in today's cyber world, raising concerns about network security. Big Data are a term that describes a vast volume of complicated data that is critical for evaluating network patterns and determining what has occurred in the network. Therefore, detecting attacks in a large network is challenging. Intrusion detection system (IDS) is a promising cybersecurity research field. In this paper, we proposed an efficient classification scheme for IDS, which is divided into two procedures, on the CSE-CIC-IDS-2018 dataset, data pre-processing techniques including under-sampling, feature selection, and classifier algorithms were used to assess and decide the best performing model to classify invaders. We have implemented and compared seven classifier machine learning algorithms with various criteria. This work explored the application of the random forest (RF) for feature selection in conjunction with machine learning (ML) techniques including linear regression (LR), k-Nearest Neighbor (k-NN), classification and regression trees (CART), Bayes, RF, multi layer perceptron (MLP), and XGBoost in order to implement IDSS. The experimental results show that the MLP algorithm in the most successful with best performance with evaluation matrix.

Khadija M Abuali,Liyth Nissirat,Aida Al-Samawi

DOI: https://doi.org/10.3390/s23218959

2023-11-03

Abstract:With the rapid growth of social media networks and internet accessibility, most businesses are becoming vulnerable to a wide range of threats and attacks. Thus, intrusion detection systems (IDSs) are considered one of the most essential components for securing organizational networks. They are the first line of defense against online threats and are responsible for quickly identifying potential network intrusions. Mainly, IDSs analyze the network traffic to detect any malicious activities in the network. Today, networks are expanding tremendously as the demand for network services is expanding. This expansion leads to diverse data types and complexities in the network, which may limit the applicability of the developed algorithms. Moreover, viruses and malicious attacks are changing in their quantity and quality. Therefore, recently, several security researchers have developed IDSs using several innovative techniques, including artificial intelligence methods. This work aims to propose a support vector machine (SVM)-based deep learning system that will classify the data extracted from servers to determine the intrusion incidents on social media. To implement deep learning-based IDSs for multiclass classification, the CSE-CIC-IDS 2018 dataset has been used for system evaluation. The CSE-CIC-IDS 2018 dataset was subjected to several preprocessing techniques to prepare it for the training phase. The proposed model has been implemented in 100,000 instances of a sample dataset. This study demonstrated that the accuracy, true-positive recall, precision, specificity, false-positive recall, and F-score of the proposed model were 100%, 100%, 100%, 100%, 0%, and 100%, respectively.

Niraj Thapa,Zhipeng Liu,B. KC Dukka,Balakrishna Gokaraju,Kaushik Roy,Dukka B. KC

DOI: https://doi.org/10.3390/fi12100167

2020-09-30

Future Internet

Abstract:The development of robust anomaly-based network detection systems, which are preferred over static signal-based network intrusion, is vital for cybersecurity. The development of a flexible and dynamic security system is required to tackle the new attacks. Current intrusion detection systems (IDSs) suffer to attain both the high detection rate and low false alarm rate. To address this issue, in this paper, we propose an IDS using different machine learning (ML) and deep learning (DL) models. This paper presents a comparative analysis of different ML models and DL models on Coburg intrusion detection datasets (CIDDSs). First, we compare different ML- and DL-based models on the CIDDS dataset. Second, we propose an ensemble model that combines the best ML and DL models to achieve high-performance metrics. Finally, we benchmarked our best models with the CIC-IDS2017 dataset and compared them with state-of-the-art models. While the popular IDS datasets like KDD99 and NSL-KDD fail to represent the recent attacks and suffer from network biases, CIDDS, used in this research, encompasses labeled flow-based data in a simulated office environment with both updated attacks and normal usage. Furthermore, both accuracy and interpretability must be considered while implementing AI models. Both ML and DL models achieved an accuracy of 99% on the CIDDS dataset with a high detection rate, low false alarm rate, and relatively low training costs. Feature importance was also studied using the Classification and regression tree (CART) model. Our models performed well in 10-fold cross-validation and independent testing. CART and convolutional neural network (CNN) with embedding achieved slightly better performance on the CIC-IDS2017 dataset compared to previous models. Together, these results suggest that both ML and DL methods are robust and complementary techniques as an effective network intrusion detection system.

Avinash R. Sonule,Mukesh Kalla,Amit Jain,D.S. Chouhan,,,,

DOI: https://doi.org/10.35940/ijeat.c5809.029320

2020-02-28

International Journal of Engineering and Advanced Technology

Abstract:The network attacks become the most important security problems in the today’s world. There is a high increase in use of computers, mobiles, sensors,IoTs in networks, Big Data, Web Application/Server,Clouds and other computing resources. With the high increase in network traffic, hackers and malicious users are planning new ways of network intrusions. Many techniques have been developed to detect these intrusions which are based on data mining and machine learning methods. Machine learning algorithms intend to detect anomalies using supervised and unsupervised approaches.Both the detection techniques have been implemented using IDS datasets like DARPA98, KDDCUP99, NSL-KDD, ISCX, ISOT.UNSW-NB15 is the latest dataset. This data set contains nine different modern attack types and wide varieties of real normal activities. In this paper, a detailed survey of various machine learning based techniques applied on UNSW-NB15 data set have been carried out and suggested thatUNSW-NB15 is more complex than other datasets and is assumed as a new benchmark data set for evaluating NIDSs.

Mikel K. Ngueajio,Gloria Washington,Danda B. Rawat,Yolande Ngueabou

DOI: https://doi.org/10.48550/arXiv.2209.05579

2022-09-12

Cryptography and Security

Abstract:With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.

Arushi Agarwal,Purushottam Sharma,Mohammed Alshehri,Ahmed A. Mohamed,Osama Alfarraj

DOI: https://doi.org/10.7717/peerj-cs.437

2021-04-07

PeerJ Computer Science

Abstract:In today’s cyber world, the demand for the internet is increasing day by day, increasing the concern of network security. The aim of an Intrusion Detection System (IDS) is to provide approaches against many fast-growing network attacks (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.), as it blocks the harmful activities occurring in the network system. In this work, three different classification machine learning algorithms—Naïve Bayes (NB), Support Vector Machine (SVM), and K-nearest neighbor (KNN)—were used to detect the accuracy and reducing the processing time of an algorithm on the UNSW-NB15 dataset and to find the best-suited algorithm which can efficiently learn the pattern of the suspicious network activities. The data gathered from the feature set comparison was then applied as input to IDS as data feeds to train the system for future intrusion behavior prediction and analysis using the best-fit algorithm chosen from the above three algorithms based on the performance metrics found. Also, the classification reports (Precision, Recall, and F1-score) and confusion matrix were generated and compared to finalize the support-validation status found throughout the testing phase of the model used in this approach.

computer science, information systems, artificial intelligence, theory & methods

Jakiur Rahman,Jaskaran Singh,Soumen Nayak,Biswajit Jena,Lopamudra Mohanty,Narpinder Singh,John R. Laird,Rajesh Singh,Deepak Garg,Narendra N. Khanna,Mostafa M. Fouda,Luca Saba,Jasjit S. Suri

DOI: https://doi.org/10.1080/08839514.2024.2376983

IF: 2.777

2024-07-13

Applied Artificial Intelligence

Abstract:Intrusion detection systems (IDS) play a critical role in ensuring the security and integrity of computer networks. There is a constant demand for the development of powerful, novel, and generalized methods for IDS that can accurately detect and classify intrusions. In this study, we aim to evaluate the benefits of linear classifiers (LC) and nonlinear classifiers (NLC) in IDS. We employed ten machine learning (ML) classifiers, consisting of five LC and five NLC. These classifiers underwent cross-validation for performance evaluation, unseen analysis, statistical tests, and power analysis on measuring the minimum sample size. Four hypotheses were formulated and validated on five processed intrusion attack datasets. NLC outperformed LC, with a mean accuracy (ACC)/area-under-the-curve (AUC) increase of 22.26%/20.3% on the WUSTL-EHMS dataset, with improvements of ACC/AUC by 5.5%/2.3% on the UNSW-NB15 dataset. In the unseen analysis, NLC achieved an ACC/AUC increase of 21.9%/21.8% when trained on WUSTL-EHMS and tested on UNSW-NB15. Lastly, when using a mixed dataset of WUSTL-EHMS and UNSW-NB15, NLC demonstrated an ACC/AUC increase of 11.67%/5.5%. The model performed well in cross-validation protocols, and the statistical tests yielded significant p-values. NLC provides generalized and robust solutions to detect intrusion attacks, ensuring the integrity and security of computer networks.

computer science, artificial intelligence,engineering, electrical & electronic

Geeta Singh,Neelu Khare

DOI: https://doi.org/10.1080/1206212X.2021.1885150

2021-02-15

International Journal of Computers and Applications

Abstract:The evolution in the attack scenarios has been such that finding efficient and optimal Network Intrusion Detection Systems (NIDS) with frequent updates has become a big challenge. NIDS implementation using machine learning (ML) techniques and updated intrusion datasets is one of the solutions for effective modeling of NIDS. This article presents a brief description of publicly available labeled intrusion datasets and ML techniques. Later a brief explanation of the literary works is given in which machine learning techniques are applied for NIDS implementation in different networking scenarios, such as traditional networks, cloud networks, Ad-Hoc, WSNs, and IoT networks. Hence, this article brings together publicly available intrusion datasets and machine learning techniques utilized in recent intrusion detection systems to reveal present-day challenges and future directions. This article also explains problems associated with NIDS. This will help researchers to enhance the existing NIDS models as well as to develop new effective models.

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.3390/fi13050111

2021-04-28

Future Internet

Abstract:Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

Hafiza Anisa Ahmed,Anum Hameed,Narmeen Zakaria Bawany

DOI: https://doi.org/10.7717/peerj-cs.820

2022-01-07

PeerJ Computer Science

Abstract:The expeditious growth of the World Wide Web and the rampant flow of network traffic have resulted in a continuous increase of network security threats. Cyber attackers seek to exploit vulnerabilities in network architecture to steal valuable information or disrupt computer resources. Network Intrusion Detection System (NIDS) is used to effectively detect various attacks, thus providing timely protection to network resources from these attacks. To implement NIDS, a stream of supervised and unsupervised machine learning approaches is applied to detect irregularities in network traffic and to address network security issues. Such NIDSs are trained using various datasets that include attack traces. However, due to the advancement in modern-day attacks, these systems are unable to detect the emerging threats. Therefore, NIDS needs to be trained and developed with a modern comprehensive dataset which contains contemporary common and attack activities. This paper presents a framework in which different machine learning classification schemes are employed to detect various types of network attack categories. Five machine learning algorithms: Random Forest, Decision Tree, Logistic Regression, K-Nearest Neighbors and Artificial Neural Networks, are used for attack detection. This study uses a dataset published by the University of New South Wales (UNSW-NB15), a relatively new dataset that contains a large amount of network traffic data with nine categories of network attacks. The results show that the classification models achieved the highest accuracy of 89.29% by applying the Random Forest algorithm. Further improvement in the accuracy of classification models is observed when Synthetic Minority Oversampling Technique (SMOTE) is applied to address the class imbalance problem. After applying the SMOTE, the Random Forest classifier showed an accuracy of 95.1% with 24 selected features from the Principal Component Analysis method.

computer science, information systems, artificial intelligence, theory & methods