MMM-RF: A novel high accuracy multinomial mixture model for network intrusion detection systems

Abstract

The rise of malicious practice in network traffic is one of the most noticeable issues in network security. This practice is negatively impacting the productivity of various organizations and end-users. In this paper, a novel approach called Multinomial Mixture Modeling with Median Absolute Deviation and Random Forest Algorithm (MMM-RF) is proposed for the classification of network attacks. Conducted with a three fold objective, this paper aims to use Correlation Feature Selection (CFS) to perform analysis on the most prominent factors involved in network traffic, focuses on using T-Distributed Stochastic Neighbor Embedding (T-SNE) to minimize data dimension, and finally, the study explores the use of Synthetic Minority Oversampling Technique (SMOTE) coupled with random under-sampling in controlling imbalance in the CSE-CIC-IDS2018 dataset. The use of Multinomial Mixture Modeling (MMM) in this study is coupled with the Expectation-Maximization (EM) algorithm and Median Absolute Deviation (MAD). This precedes the use of the Random Forest (RF) classification algorithm on the CSE-CIC-IDS2018 dataset experiment. The outcome showed a high detection accuracy of 99.98% and a very low False Positive Rate (FPR) of 0.02%.