A Brief Analysis on Machine Learning Classifiers for Intrusion Detection to Enhance Network Security

Abstract

Network-based applications present new threats and necessitate new security measures, which necessitate greater attention to speed and accuracy. The rapid expansion of malicious activity with the attacks poses substantial dangers to network security despite the numerous new security technologies that have been developed. Intrusion Detection Systems (IDS) are extensively relied upon by network managers to catch these kinds of network intrusions in the act. Detecting intrusions using machine learning is one of the most common ways, in which models are learned from data to distinguish between regular and anomalous traffic. Despite the prevalence of machine learning methodologies, there hasn't been much research into machine learning algorithms for intrusion detection. When it comes to protecting sensitive information and systems, the Network Intrusion Detection System (NIDS) is a must-have model. If a NIDS detects more threats than false alarms, it is considered to be a good tool for security. Intrusion detection systems that are able to adapt to the ever-changing nature of network threats are built using machine learning techniques. It's still unclear how effective and appropriate these machine learning approaches are for detecting advanced hostile attempts. In terms of accuracy, precision, recall, and training time cost, this study analyses the most common machine learning classifier approaches for intrusion detection. Developers can use this comparison to help them select the best NIDS development method. KDD99, CSE-CIC-IDS2018 and UNSW-NB15 datasets are used in the evaluation of the adopted basic machine learning classifiers. Classifiers like Decision Tree (DT), Random Forest, Support Vector Machine, Logistic Regression and K-Nearest Neighbour (KNN) are tested in the experiments. The classifiers working, limitations are briefly discussed in this manuscript.