A Systematic Analysis and Review on Intrusion Detection Systems Using Machine Learning and Deep Learning Algorithms

Abstract

An intrusion detection system (IDS) is crucial for defending computer networks and systems from cyberattacks, unauthorized entry, and harmful activities. Machine learning (ML) and deep learning (DL) based IDS is a security solution that uses sophisticated algorithms to automatically identify and predict malicious activity occurring within a computer network. It improves the network's security and identification of threats using various algorithms to monitor network traffic patterns, spot anomalies, and discern between normal and abnormal behavior. This study reviews 60 papers on the topic of IDS that implement various ML and DL techniques. The most commonly used techniques are the support vector machine (SVM), decision tree (DT), random forest (RF), K nearest neighbors, gradient boosting(GB), Naïve-Bayes (NB), multilayer perceptron (MLP), artificial neural network, recurrent neural network, and convolutional neural network (CNN). These techniques are tested on four different datasets: KDD Cup, NSL-KDD, UNSW-NB15, and Kyoto. The experimentation showed that, among ML algorithms, the DT classifier has the best average training time of 2.8 s, the best average testing time of 0.08 s, but achieved an average accuracy of 97.46% across all datasets. On the other hand, the NB classifier is easier to implement but took an average of 4.40 s in training time, 1.28 s in testing time, and has the least average accuracy of 74.22% across all datasets. The more sophisticated techniques such as SVM, MLP, GB, and CNN are time consuming with CNN taking the highest time in three out of four datasets. The RF algorithm achieved an average accuracy of 99.51%, the highest level of accuracy among all algorithms. In this way, a comprehensive analysis of the strengths and weaknesses of various ML and DL algorithms for IDS is presented.