TY - GEN
T1 - A Comparative Study of Machine Learning Classifiers for Network Intrusion Detection
AU - Khan, Farrukh Aslam
AU - Gumaei, Abdu
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - The network intrusion detection system (NIDS) has become an essential tool for detecting attacks in computer networks and protecting the critical information and systems. The effectiveness of an NIDS is usually measured by the high number of detected attacks and the low number of false alarms. Machine learning techniques are widely used for building robust intrusion detection systems, which adapt with the continuous changes in the network attacks. However, a comparison of such machine learning techniques needs more investigation to show their efficiency and appropriateness for detecting sophisticated malicious attacks. This study compares the most popular machine learning methods for intrusion detection in terms of accuracy, precision, recall, and training time cost. This comparison can provide a guideline for developers to choose the appropriate method when developing an effective NIDS. The evaluation of the adopted baseline machine learning classifiers is conducted on two public datasets, i.e., KDD99 and UNSW-NB15. The time taken to build a model for each classifier is also evaluated to measure their efficiency. The experimental results show that the Decision Tree (DT), Random Forests (RF), Hoeffding Tree (HT), and K-Nearest Neighbors (KNN) classifiers show higher accuracy with reasonable training time in the 10-fold cross validation test mode compared to other machine learning classifiers examined in this study.
AB - The network intrusion detection system (NIDS) has become an essential tool for detecting attacks in computer networks and protecting the critical information and systems. The effectiveness of an NIDS is usually measured by the high number of detected attacks and the low number of false alarms. Machine learning techniques are widely used for building robust intrusion detection systems, which adapt with the continuous changes in the network attacks. However, a comparison of such machine learning techniques needs more investigation to show their efficiency and appropriateness for detecting sophisticated malicious attacks. This study compares the most popular machine learning methods for intrusion detection in terms of accuracy, precision, recall, and training time cost. This comparison can provide a guideline for developers to choose the appropriate method when developing an effective NIDS. The evaluation of the adopted baseline machine learning classifiers is conducted on two public datasets, i.e., KDD99 and UNSW-NB15. The time taken to build a model for each classifier is also evaluated to measure their efficiency. The experimental results show that the Decision Tree (DT), Random Forests (RF), Hoeffding Tree (HT), and K-Nearest Neighbors (KNN) classifiers show higher accuracy with reasonable training time in the 10-fold cross validation test mode compared to other machine learning classifiers examined in this study.
KW - Computer networks
KW - KDD99 dataset
KW - Machine learning techniques
KW - Network intrusion detection
KW - UNSW-NB15 dataset
UR - http://www.scopus.com/inward/record.url?scp=85070197738&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-24265-7_7
DO - 10.1007/978-3-030-24265-7_7
M3 - Conference contribution
AN - SCOPUS:85070197738
SN - 9783030242640
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 75
EP - 86
BT - Artificial Intelligence and Security - 5th International Conference, ICAIS 2019, Proceedings
A2 - Sun, Xingming
A2 - Pan, Zhaoqing
A2 - Bertino, Elisa
PB - Springer Verlag
T2 - 5th International Conference on Artificial Intelligence and Security, ICAIS 2019
Y2 - 26 July 2019 through 28 July 2019
ER -