Optimize network intrusion detection system based on PCA feature extraction and three naïve bayes classifiers

Abstract

Ransomware has become one of the major threats to private organizations, state and local organizations in the last three years, especially since the WannaCry malware. Ransomware is a child in the malware family that hijacks users’ data and related resources using security measures such as cryptographic and then demands bitcoin in compensation for the data that has been encrypted. Network Intrusion Detection Systems (NIDS) are now needed to protect data from hackers and keep information systems and networks from getting hurt as much as possible. It examines and predicts user behavior, which is then classified as an assault or expected behavior. This study will present a suggestion to improve hybrid (anomaly-misuse) NIDS by experimenting with three different Nave Bayes (NB) classifiers: Gaussian Naive Bayes (GNB), Multinomial Naive Bayes (MNB), and Complement Naive Bayes (CNB). To improve accuracy and reduce the computational time in NIDS, Principal Component Analysis (PCA) will be exploited. The UNSW-NB15 dataset was used to evaluate the suggested system’s performance, and the outcomes of the experiments are as follows: when using all features of UNSW-NB15 Datasets the Accuracy of GNB, MNB and CNB is 97%, 92%, and %94, when using PCA feature extraction with 10 PC the Accuracy of GNB, MNB and CNB is 100%, 88% and %100, when using PCA feature extraction with 20 PC the Accuracy of GNB, MNB and CNB is 100%, 92% and %100. When using PCA feature extraction with 30 PC, GNB, MNB, and CNB is 100%, 99%, and %100. According to the findings, 30 PCs improved the accuracy of the three algorithms and gave the best results, meaning that the increase in the number of PC leads to a rise in the system’s accuracy.