Detecting intrusions in computer network traffic with machine learning approaches

Abstract

Security has been a crucial factor in this modern digital period due to the rapid development of information technology, which is followed by serious computer crimes that, in turn, led to the emergence of Intrusion Detection Systems (IDSs). Various approaches such as single machine learning classifiers and Ensemble Classifiers couple with features selection methods have been proposed to improve the performance of IDS. In this regard, in the previous work, we have used the NSL-KDD IDS dataset, Gain Ratio Feature Evaluator (GRFE), and Correlation Ranking Filter (CRF) feature selection methods coupled with various machine-learning techniques to detect intrusions in computer network traffic. While the experiment has demonstrated that GRFE selects the most relevant feature subsects over CRF, which results in different performance, the previous work can be extended as follows. First, the most relevant feature subset generated by GRFE in the previous work is employed to assess and compare the performance of a single machine learning technique (Lazy IBK, aka K-Nearest Neighbor) over an ensemble technique (Random Committee) while detecting intrusions in a computer network. Second, two distinct datasets (NSL-KDD and UNSW-NB15) are employed for better performance analysis. Third, limitations encountered in the domain of network intrusion detection are also discussed. The results reveal that the ensemble technique performs well over a single machine learning technique with a misclassification gap of 0.969% and 1.19% (obtained using NSL-KDD dataset) and 1.62% and 1.576% (obtained using UNSW-NB15 dataset).