A Comparative Study of Machine Learning Classifiers for Network Intrusion Detection

The network intrusion detection system (NIDS) has become an essential tool for detecting attacks in computer networks and protecting the critical information and systems. The effectiveness of an NIDS is usually measured by the high number of detected attacks and the low number of false alarms. Machine learning techniques are widely used for building robust intrusion detection systems, which adapt with the continuous changes in the network attacks. However, a comparison of such machine learning techniques needs more investigation to show their efficiency and appropriateness for detecting sophisticated malicious attacks. This study compares the most popular machine learning methods for intrusion detection in terms of accuracy, precision, recall, and training time cost. This comparison can provide a guideline for developers to choose the appropriate method when developing an effective NIDS. The evaluation of the adopted baseline machine learning classifiers is conducted on two public datasets, i.e., KDD99 and UNSW-NB15. The time taken to build a model for each classifier is also evaluated to measure their efficiency. The experimental results show that the Decision Tree (DT), Random Forests (RF), Hoeffding Tree (HT), and K-Nearest Neighbors (KNN) classifiers show higher accuracy with reasonable training time in the 10-fold cross validation test mode compared to other machine learning classifiers examined in this study.

[1]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[2]  Luca Salgarelli,et al.  A statistical approach to IP-level classification of network traffic , 2006, 2006 IEEE International Conference on Communications.

[3]  Zheng Yan,et al.  Data Fusion for Network Intrusion Detection: A Review , 2018, Secur. Commun. Networks.

[4]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[5]  Witold Kinsner,et al.  Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification , 2016, IWSPA@CODASPY.

[6]  Lin Chen,et al.  A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks , 2009, IEEE Transactions on Information Forensics and Security.

[7]  Farrukh Aslam Khan,et al.  Binary PSO and random forests algorithm for PROBE attacks detection in a network , 2011, 2011 IEEE Congress of Evolutionary Computation (CEC).

[8]  Shingo Mabu,et al.  An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[9]  Jonatan Gómez,et al.  Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[10]  L. Hadlington Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours , 2017, Heliyon.

[11]  Casimir A. Kulikowski,et al.  Computer Systems That Learn: Classification and Prediction Methods from Statistics, Neural Nets, Machine Learning and Expert Systems , 1990 .

[12]  Farrukh Aslam Khan,et al.  A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection , 2018, Cluster Computing.

[13]  Ajantha Herath,et al.  Intrusion detection using the chi-square goodness-of-fit test for information assurance, network, forensics and software security , 2007 .

[14]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[15]  Bo Gao,et al.  HMMs (Hidden Markov models) based on anomaly intrusion detection method , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[16]  AbdulMalik S. Al-Salman,et al.  An Improved Multispectral Palmprint Recognition System Using Autoencoder with Regularized Extreme Learning Machine , 2018, Comput. Intell. Neurosci..

[17]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[18]  Marcus A. Maloof,et al.  Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[19]  Rachid Sammouda,et al.  An Effective Palmprint Recognition Approach for Visible and Multispectral Sensor Images , 2018, Sensors.

[20]  Z. Kovács,et al.  Impact of the glazing system on the U-factor and inside surface temperature of windows , 2014 .

[21]  Farrukh Aslam Khan,et al.  A Hybrid Technique Using Multi-objective Particle Swarm Optimization and Random Forests for PROBE Attacks Detection in a Network , 2013, 2013 IEEE International Conference on Systems, Man, and Cybernetics.

[22]  Mercy Shalinie,et al.  A Brief Survey of IP Traceback Methodologies , 2014 .

[23]  Baijian Yang,et al.  A Comparative Study of Machine Learning Algorithms and Their Ensembles for Botnet Detection , 2018 .

[24]  Sudipta Mahapatra,et al.  A comparative analysis of machine learning techniques for botnet detection , 2017, SIN.

[25]  Farrukh Aslam Khan,et al.  Network intrusion detection using hybrid binary PSO and random forests algorithm , 2015, Secur. Commun. Networks.

[26]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[27]  Andrzej Skowron,et al.  Rough-Fuzzy Hybridization: A New Trend in Decision Making , 1999 .

[28]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[29]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[30]  Judith Kelner,et al.  A Survey on Internet Traffic Identification , 2009, IEEE Communications Surveys & Tutorials.

[31]  Alok N. Choudhary,et al.  An FPGA-Based Network Intrusion Detection Architecture , 2008, IEEE Transactions on Information Forensics and Security.

[32]  John W. Lockwood,et al.  Fast and Scalable Pattern Matching for Network Intrusion Detection Systems , 2006, IEEE Journal on Selected Areas in Communications.