Machine Learning-Based Intrusion Detection on Multi-Class Imbalanced Dataset Using SMOTE

Abstract

The rapid development of information technology has brought numerous benefits to society, but it has also led to increased security vulnerabilities in network systems. Intrusion detection systems (IDS) play a crucial role in identifying malicious activities, but they face challenges due to imbalanced datasets where the number of attack samples outweighs normal activities. This paper explores the performance of an IDS using SMOTE (Synthetic Minority Over-sampling Technique) and various classification algorithms to address imbalanced datasets and enhance detection of multi-class intrusions. Related works in the field of intrusion detection are reviewed, highlighting the effectiveness of different algorithms and techniques. The proposed work presents a model that combines SMOTE with log normalization and feature selection to improve IDS performance. Experiments are conducted on the NSL-KDD and CIC-IDS2017 datasets, evaluating different oversampling configurations and machine learning models. The results show that applying SMOTE improves overall performance, with high accuracy, precision, recall, and F1-score. Feature selection has minimal impact on model performance, suggesting the presence of redundant features. The study concludes that SMOTE effectively addresses class imbalance and enhances IDS performance, emphasizing the importance of incorporating oversampling techniques in intrusion detection systems.