Multi Class Machine Learning Algorithms for Intrusion Detection - A Performance Study

Belavagi, Manjula C.; Muniyal, Balachandra

doi:10.1007/978-981-10-6898-0_14

Cited by 8 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, a bat algorithm was utilized to optimize the ensemble model. Belavagi and Muniyal [73] identified that RF outperforms SVM, Gaussian naïve Bayes, and logistic regression for classification of a normal behavior and four classes of attacks (i.e., denial of service (DoS), remote to local (R2L), probe and user to root (U2R) attacks) for intrusion detection. Rodda and Erothi [63] discussed a class imbalance problem in IDSs and also identified that RF outperforms naïve Bayes, Bayes network, and C4.5 for classification of a normal behavior and four classes of attacks using the NSL-KDD dataset.…”

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

107

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are intrinsically linked to a comprehensive solution of cyberattacks prevention instruments. To achieve a higher detection rate, the ability to design an improved detection framework is sought after, particularly when utilizing ensemble learners. Designing an ensemble often lies in two main challenges such as the choice of available base classifiers and combiner methods. This paper performs an overview of how ensemble learners are exploited in IDSs by means of systematic mapping study. We collected and analyzed 124 prominent publications from the existing literature. The selected publications were then mapped into several categories such as years of publications, publication venues, datasets used, ensemble methods, and IDS techniques. Furthermore, this study reports and analyzes an empirical investigation of a new classifier ensemble approach, called stack of ensemble (SoE) for anomaly-based IDS. The SoE is an ensemble classifier that adopts parallel architecture to combine three individual ensemble learners such as random forest, gradient boosting machine, and extreme gradient boosting machine in a homogeneous manner. The performance significance among classification algorithms is statistically examined in terms of their Matthews correlation coefficients, accuracies, false positive rates, and area under ROC curve metrics. Our study fills the gap in current literature concerning an up-to-date systematic mapping study, not to mention an extensive empirical evaluation of the recent advances of ensemble learning techniques applied to IDSs.

show abstract

Section: Mapping Selected Studies By Ensemble Methodsmentioning

confidence: 99%

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Tama

Lim

2021

Computer Science Review

107

View full text Add to dashboard Cite

show abstract

“…On a different front, Ghafir et al [16] introduced MLAPT for intrusion detection, leveraging a private dataset. It is important to consider that the utilization of a non-public dataset may have implications for the model's accuracy.…”

Section: Literature Reviewmentioning

confidence: 99%

An Optimized Hybrid Deep Intrusion Detection Model (HD-IDM) for Enhancing Network Security

Ahmad,

Imran,

Qayyum

et al. 2023

Mathematics

View full text Add to dashboard Cite

Detecting cyber intrusions in network traffic is a tough task for cybersecurity. Current methods struggle with the complexity of understanding patterns in network data. To solve this, we present the Hybrid Deep Learning Intrusion Detection Model (HD-IDM), a new way that combines GRU and LSTM classifiers. GRU is good at catching quick patterns, while LSTM handles long-term ones. HD-IDM blends these models using weighted averaging, boosting accuracy, especially with complex patterns. We tested HD-IDM on four datasets: CSE-CIC-IDS2017, CSE-CIC-IDS2018, NSL KDD, and CIC-DDoS2019. The HD-IDM classifier achieved remarkable performance metrics on all datasets. It attains an outstanding accuracy of 99.91%, showcasing its consistent precision across the dataset. With an impressive precision of 99.62%, it excels in accurately categorizing positive cases, crucial for minimizing false positives. Additionally, maintaining a high recall of 99.43%, it effectively identifies the majority of actual positive cases while minimizing false negatives. The F1-score of 99.52% emphasizes its robustness, making it the top choice for classification tasks requiring precision and reliability. It is particularly good at ROC and precision/recall curves, discriminating normal and harmful network activities. While HD-IDM is promising, it has limits. It needs labeled data and may struggle with new intrusion methods. Future work should find ways to handle unlabeled data and adapt to emerging threats. Also, making HD-IDM work faster for real-time use and dealing with scalability challenges is key for its broader use in changing network environments.

show abstract

“…The NSL-KDD is a public dataset, which has been developed from the previous KDD99 dataset [22]. A statistical analysis performed on KDD99 dataset raised important issues that significantly affect the accuracy of intrusion detection and lead to a misleading evaluation of AIDS Belavagi et al [36] discussed the prediction analysis of different supervised ML algorithms namely Support Vector Machine, Logistic Regression, Gaussian Naive Bayes, and Random Forest using NSL-KDD dataset. Experimental results showed that the Random Forest achieved very good performance in identifying Dos, Probe, and U2R attacks, but it was poor in the identification of R2L attacks.…”

Section: Nsl-kdd Datasetmentioning

confidence: 99%

A Detailed Analysis of Benchmark Datasets for Network Intrusion Detection System

Ghurab

Gaphari

Alshami

et al. 2021

AJRCoS

View full text Add to dashboard Cite

The enormous increase in the use of the Internet in daily life has provided an opportunity for the intruder attempt to compromise the security principles of availability, confidentiality, and integrity. As a result, organizations are working to increase the level of security by using attack detection techniques such as Network Intrusion Detection System (NIDS), which monitors and analyzes network flow and attacks detection. There are a lot of researches proposed to develop the NIDS and depend on the dataset for the evaluation. Datasets allow evaluating the ability in detecting intrusion behavior. This paper introduces a detailed analysis of benchmark and recent datasets for NIDS. Specifically, we describe eight well-known datasets that include: KDD99, NSL-KDD, KYOTO 2006+, ISCX2012, UNSW-NB 15, CIDDS-001, CICIDS2017, and CSE-CIC-IDS2018. For each dataset, we provide a detailed analysis of its instances, features, classes, and the nature of the features. The main objective of this paper is to offer overviews of the datasets are available for the NIDS and what each dataset is comprised of. Furthermore, some recommendations were made to use network-based datasets.

show abstract

Multi Class Machine Learning Algorithms for Intrusion Detection - A Performance Study

Cited by 8 publications

References 17 publications

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation

An Optimized Hybrid Deep Intrusion Detection Model (HD-IDM) for Enhancing Network Security

A Detailed Analysis of Benchmark Datasets for Network Intrusion Detection System

Contact Info

Product

Resources

About