Abstract
The network intrusion detection system (NIDS) has become an essential tool for detecting attacks in computer networks and protecting the critical information and systems. The effectiveness of an NIDS is usually measured by the high number of detected attacks and the low number of false alarms. Machine learning techniques are widely used for building robust intrusion detection systems, which adapt with the continuous changes in the network attacks. However, a comparison of such machine learning techniques needs more investigation to show their efficiency and appropriateness for detecting sophisticated malicious attacks. This study compares the most popular machine learning methods for intrusion detection in terms of accuracy, precision, recall, and training time cost. This comparison can provide a guideline for developers to choose the appropriate method when developing an effective NIDS. The evaluation of the adopted baseline machine learning classifiers is conducted on two public datasets, i.e., KDD99 and UNSW-NB15. The time taken to build a model for each classifier is also evaluated to measure their efficiency. The experimental results show that the Decision Tree (DT), Random Forests (RF), Hoeffding Tree (HT), and K-Nearest Neighbors (KNN) classifiers show higher accuracy with reasonable training time in the 10-fold cross validation test mode compared to other machine learning classifiers examined in this study.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Li, G., Yan, Z., Fu, Y., Chen, H.: Data fusion for network intrusion detection: a review. Secur. Commun. Netw. 2018, 16 pages (2018)
Gong, C., Sarac, K.: A more practical approach for single-packet IP traceback using packet logging and marking. IEEE Trans. Parallel Distrib. Syst. 19(10), 1310–1324 (2008)
Murugesan, V., Shalinie, M., Neethimani, N.: A brief survey of IP traceback methodologies. Acta Polytech. Hung. 11(9), 197–216 (2014)
Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of IEEE Conference on Computer Communications (INFOCOM 2001), Anchorage, Alaska, USA, pp. 878–886 (2001)
Crotti, M., Gringoli, F., Pelosato, P., Salgarelli, L.: A statistical approach to IP-level classification of network traffic. In: Proceedings of 2006 IEEE International Conference on Communications (ICC 2006), Istanbul, Turkey, pp. 170–176 (2006)
Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56–76 (2008)
Callado, A., et al.: A survey on internet traffic identification. IEEE Commun. Surv. Tutorials 11(3), 37–52 (2009)
Zhou, M., Lang, S.-d.: Mining frequency content of network traffic for intrusion detection. In: Proceedings of IASTED International Conference on Communication, Network and Information Security (CNIS 2003), New York, USA, pp. 101–107 (2003)
Dharmapurikar, S., Lockwood, J.W.: Fast and scalable pattern matching for network intrusion detection systems. IEEE J. Sel. Areas Commun. 24(10), 1781–1792 (2006)
Chen, L., Leneutre, J.: A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Trans. Inf. Forensics Secur. 4(2), 165–178 (2009)
Das, A., Nguyen, D., Zambreno, J., Memik, G., Choudhary, A.: An FPGA-based network intrusion detection architecture. IEEE Trans. Inf. Forensics Secur. 3(1), 118–132 (2008)
Hu, W., Hu, W., Maybank, S.: AdaBoost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B Cybern. 38(2), 577–583 (2008)
Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. Part C Appl. Rev. 41(1), 130–139 (2011)
Hadlington, L.: Human factors in cybersecurity; examining the link between internet addition, impulsivity, attitudes towards cybersecurity, and risk cybersecurity behaviors. Heliyon 3(7), e00346 (2017)
Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)
Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 International Workshop on Security and Privacy Analytics (IWSPA 2016), New Orleans, Louisiana, USA, pp. 64–69 (2016)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 2, pp. 1702–1707. IEEE (2002)
Gumaei, A., Sammouda, R., Al-Salman, A.M., Alsanad, A.: An effective palmprint recognition approach for visible and multispectral sensor images. Sensors 18(5), 1575 (2018)
Gumaei, A., Sammouda, R., Al-Salman, A.M.S., Alsanad, A.: An improved multispectral palmprint recognition system using autoencoder with regularized extreme learning machine. Comput. Intell. Neurosci. 2018, 13 pages (2018)
Weiss, S.M., Kulikowski, C.A.: Computer Systems That Learn: Classification and Prediction Methods from Statistics, Neural Nets, Machine Learning, and Expert Systems. Morgan Kaufmann Publishers Inc., San Francisco (1991)
Pal, S.K., Skowron, A.: Rough-Fuzzy Hybridization: A New Trend in Decision Making. Springer, Singapore (1999)
Alsanad, A.: Forecasting daily demand of orders using random forest classifier. Int. J. Comput. Sci. Netw. Secur. 18(4), 79–83 (2018)
Solanki, M., Dhamdhere, V.: Intrusion detection system using means of data mining by using C 4.5 algorithm. Int. J. Appl. Innov. Eng. Manag. (IJAIEM) 4(5), 2319–2484 (2015)
Nguyen, H.A., Choi, D.: Application of data mining to network intrusion detection: classifier selection model. In: Ma, Y., Choi, D., Ata, S. (eds.) Challenges for Next Generation Network Operations and Service Management (APNOMS 2008). LNCS, vol. 5297, pp. 399–408. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88623-5_41
Gao, B., Ma, H.-Y., Yang, Y.-H.: HMMs (Hidden Markov models) based on anomaly intrusion detection method. In: Proceedings of 2002 International Conference on Machine Learning and Cybernetics, Beijing, China (2002)
Gomez, J., Dasgupta, D.: Evolving fuzzy classifiers for intrusion detection. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, New York, USA (2001)
Ye, N., Li, X., Chen, Q., Emran, S., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 31, 266–274 (2001)
Goonatilake, R., Herath, A., Herath, S., Herath, S., Herath, J.: Intrusion detection using the chi-square goodness-of-fit test for information assurance, network, forensics and software security. J. Comput. Sci. Coll. 23(1), 255–263 (2007)
Dao, V.N., Vemuri, V.R.: Computer network intrusion detection: a comparison of neural network methods. Differ. Equ. Dyn. Syst. 10(1&2), 201–214 (2002)
Malik, A.J., Khan, F.A.: A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection. Cluster Comput. (2017). https://doi.org/10.1007/s10586-017-0971-8
Malik, A.J., Shahzad, W., Khan, F.A.: Network intrusion detection using hybrid binary PSO and random forests algorithm. Secur. Commun. Netw. 8(16), 2646–2660 (2015)
Malik, A.J., Khan, F.A.: A hybrid technique using multi-objective particle swarm optimization and random forests for PROBE attacks detection in a network. In: IEEE Conference on Systems, Man, and Cybernetics, Manchester, UK, 13–16 October 2013 (2013)
Malik, A.J., Shahzad, W., Khan, F.A.: Binary PSO and random forests algorithm for PROBE attacks detection in a network. In: IEEE Congress on Evolutionary Computation (CEC 2011), New Orleans, USA, 5–8 June 2011 (2011)
Ryu, S., Yang, B.: A comparative study of machine learning algorithms and their ensembles for Botnet detection. J. Comput. Commun. 6(05), 119 (2018)
Bansal, A., Mahapatra, S.: A comparative analysis of machine learning techniques for botnet detection. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp. 91–98. ACM, October 2017
Ali, A., Hu, Y.H., Hsieh, C.C.G., Khan, M.: A comparative study on machine learning algorithms for network defense. Va. J. Sci. 68(3), 1 (2017)
KDD Cup 1999 Data. Kdd.ics.uci.edu (2018). https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 23 Mar 2018
UNSW-NB15 Dataset: UNSW Canberra at the Australian Defense Force Academy, Canberra, Australia (2015). https://www.unsw.adfa.edu.au/australian-centre-for-cybersecurity/cybersecurity/ADFA-NB15-Datasets/. Accessed 23 Mar 2018
WEKA: Data Mining Software in Java (2018). http://www.cs.waikato.ac.nz/ml/weka. Accessed 25 Sept 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Khan, F.A., Gumaei, A. (2019). A Comparative Study of Machine Learning Classifiers for Network Intrusion Detection. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11633. Springer, Cham. https://doi.org/10.1007/978-3-030-24265-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-24265-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24264-0
Online ISBN: 978-3-030-24265-7
eBook Packages: Computer ScienceComputer Science (R0)