Skip to main content
SpringerLink
Log in

A Comparative Study of Machine Learning Classifiers for Network Intrusion Detection

  • Conference paper
  • First Online:
Artificial Intelligence and Security (ICAIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11633))

Included in the following conference series:

Abstract

The network intrusion detection system (NIDS) has become an essential tool for detecting attacks in computer networks and protecting the critical information and systems. The effectiveness of an NIDS is usually measured by the high number of detected attacks and the low number of false alarms. Machine learning techniques are widely used for building robust intrusion detection systems, which adapt with the continuous changes in the network attacks. However, a comparison of such machine learning techniques needs more investigation to show their efficiency and appropriateness for detecting sophisticated malicious attacks. This study compares the most popular machine learning methods for intrusion detection in terms of accuracy, precision, recall, and training time cost. This comparison can provide a guideline for developers to choose the appropriate method when developing an effective NIDS. The evaluation of the adopted baseline machine learning classifiers is conducted on two public datasets, i.e., KDD99 and UNSW-NB15. The time taken to build a model for each classifier is also evaluated to measure their efficiency. The experimental results show that the Decision Tree (DT), Random Forests (RF), Hoeffding Tree (HT), and K-Nearest Neighbors (KNN) classifiers show higher accuracy with reasonable training time in the 10-fold cross validation test mode compared to other machine learning classifiers examined in this study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Li, G., Yan, Z., Fu, Y., Chen, H.: Data fusion for network intrusion detection: a review. Secur. Commun. Netw. 2018, 16 pages (2018)

    Google Scholar 

  2. Gong, C., Sarac, K.: A more practical approach for single-packet IP traceback using packet logging and marking. IEEE Trans. Parallel Distrib. Syst. 19(10), 1310–1324 (2008)

    Article  Google Scholar 

  3. Murugesan, V., Shalinie, M., Neethimani, N.: A brief survey of IP traceback methodologies. Acta Polytech. Hung. 11(9), 197–216 (2014)

    Google Scholar 

  4. Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of IEEE Conference on Computer Communications (INFOCOM 2001), Anchorage, Alaska, USA, pp. 878–886 (2001)

    Google Scholar 

  5. Crotti, M., Gringoli, F., Pelosato, P., Salgarelli, L.: A statistical approach to IP-level classification of network traffic. In: Proceedings of 2006 IEEE International Conference on Communications (ICC 2006), Istanbul, Turkey, pp. 170–176 (2006)

    Google Scholar 

  6. Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56–76 (2008)

    Article  Google Scholar 

  7. Callado, A., et al.: A survey on internet traffic identification. IEEE Commun. Surv. Tutorials 11(3), 37–52 (2009)

    Article  Google Scholar 

  8. Zhou, M., Lang, S.-d.: Mining frequency content of network traffic for intrusion detection. In: Proceedings of IASTED International Conference on Communication, Network and Information Security (CNIS 2003), New York, USA, pp. 101–107 (2003)

    Google Scholar 

  9. Dharmapurikar, S., Lockwood, J.W.: Fast and scalable pattern matching for network intrusion detection systems. IEEE J. Sel. Areas Commun. 24(10), 1781–1792 (2006)

    Article  Google Scholar 

  10. Chen, L., Leneutre, J.: A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Trans. Inf. Forensics Secur. 4(2), 165–178 (2009)

    Article  Google Scholar 

  11. Das, A., Nguyen, D., Zambreno, J., Memik, G., Choudhary, A.: An FPGA-based network intrusion detection architecture. IEEE Trans. Inf. Forensics Secur. 3(1), 118–132 (2008)

    Article  Google Scholar 

  12. Hu, W., Hu, W., Maybank, S.: AdaBoost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B Cybern. 38(2), 577–583 (2008)

    Article  Google Scholar 

  13. Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. Part C Appl. Rev. 41(1), 130–139 (2011)

    Article  Google Scholar 

  14. Hadlington, L.: Human factors in cybersecurity; examining the link between internet addition, impulsivity, attitudes towards cybersecurity, and risk cybersecurity behaviors. Heliyon 3(7), e00346 (2017)

    Google Scholar 

  15. Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)

    MATH  MathSciNet  Google Scholar 

  16. Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 International Workshop on Security and Privacy Analytics (IWSPA 2016), New Orleans, Louisiana, USA, pp. 64–69 (2016)

    Google Scholar 

  17. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 2, pp. 1702–1707. IEEE (2002)

    Google Scholar 

  18. Gumaei, A., Sammouda, R., Al-Salman, A.M., Alsanad, A.: An effective palmprint recognition approach for visible and multispectral sensor images. Sensors 18(5), 1575 (2018)

    Article  Google Scholar 

  19. Gumaei, A., Sammouda, R., Al-Salman, A.M.S., Alsanad, A.: An improved multispectral palmprint recognition system using autoencoder with regularized extreme learning machine. Comput. Intell. Neurosci. 2018, 13 pages (2018)

    Google Scholar 

  20. Weiss, S.M., Kulikowski, C.A.: Computer Systems That Learn: Classification and Prediction Methods from Statistics, Neural Nets, Machine Learning, and Expert Systems. Morgan Kaufmann Publishers Inc., San Francisco (1991)

    Google Scholar 

  21. Pal, S.K., Skowron, A.: Rough-Fuzzy Hybridization: A New Trend in Decision Making. Springer, Singapore (1999)

    MATH  Google Scholar 

  22. Alsanad, A.: Forecasting daily demand of orders using random forest classifier. Int. J. Comput. Sci. Netw. Secur. 18(4), 79–83 (2018)

    Google Scholar 

  23. Solanki, M., Dhamdhere, V.: Intrusion detection system using means of data mining by using C 4.5 algorithm. Int. J. Appl. Innov. Eng. Manag. (IJAIEM) 4(5), 2319–2484 (2015)

    Google Scholar 

  24. Nguyen, H.A., Choi, D.: Application of data mining to network intrusion detection: classifier selection model. In: Ma, Y., Choi, D., Ata, S. (eds.) Challenges for Next Generation Network Operations and Service Management (APNOMS 2008). LNCS, vol. 5297, pp. 399–408. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88623-5_41

    Chapter  Google Scholar 

  25. Gao, B., Ma, H.-Y., Yang, Y.-H.: HMMs (Hidden Markov models) based on anomaly intrusion detection method. In: Proceedings of 2002 International Conference on Machine Learning and Cybernetics, Beijing, China (2002)

    Google Scholar 

  26. Gomez, J., Dasgupta, D.: Evolving fuzzy classifiers for intrusion detection. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, New York, USA (2001)

    Google Scholar 

  27. Ye, N., Li, X., Chen, Q., Emran, S., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 31, 266–274 (2001)

    Google Scholar 

  28. Goonatilake, R., Herath, A., Herath, S., Herath, S., Herath, J.: Intrusion detection using the chi-square goodness-of-fit test for information assurance, network, forensics and software security. J. Comput. Sci. Coll. 23(1), 255–263 (2007)

    MATH  Google Scholar 

  29. Dao, V.N., Vemuri, V.R.: Computer network intrusion detection: a comparison of neural network methods. Differ. Equ. Dyn. Syst. 10(1&2), 201–214 (2002)

    MATH  MathSciNet  Google Scholar 

  30. Malik, A.J., Khan, F.A.: A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection. Cluster Comput. (2017). https://doi.org/10.1007/s10586-017-0971-8

  31. Malik, A.J., Shahzad, W., Khan, F.A.: Network intrusion detection using hybrid binary PSO and random forests algorithm. Secur. Commun. Netw. 8(16), 2646–2660 (2015)

    Article  Google Scholar 

  32. Malik, A.J., Khan, F.A.: A hybrid technique using multi-objective particle swarm optimization and random forests for PROBE attacks detection in a network. In: IEEE Conference on Systems, Man, and Cybernetics, Manchester, UK, 13–16 October 2013 (2013)

    Google Scholar 

  33. Malik, A.J., Shahzad, W., Khan, F.A.: Binary PSO and random forests algorithm for PROBE attacks detection in a network. In: IEEE Congress on Evolutionary Computation (CEC 2011), New Orleans, USA, 5–8 June 2011 (2011)

    Google Scholar 

  34. Ryu, S., Yang, B.: A comparative study of machine learning algorithms and their ensembles for Botnet detection. J. Comput. Commun. 6(05), 119 (2018)

    Article  Google Scholar 

  35. Bansal, A., Mahapatra, S.: A comparative analysis of machine learning techniques for botnet detection. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp. 91–98. ACM, October 2017

    Google Scholar 

  36. Ali, A., Hu, Y.H., Hsieh, C.C.G., Khan, M.: A comparative study on machine learning algorithms for network defense. Va. J. Sci. 68(3), 1 (2017)

    Google Scholar 

  37. KDD Cup 1999 Data. Kdd.ics.uci.edu (2018). https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 23 Mar 2018

  38. UNSW-NB15 Dataset: UNSW Canberra at the Australian Defense Force Academy, Canberra, Australia (2015). https://www.unsw.adfa.edu.au/australian-centre-for-cybersecurity/cybersecurity/ADFA-NB15-Datasets/. Accessed 23 Mar 2018

  39. WEKA: Data Mining Software in Java (2018). http://www.cs.waikato.ac.nz/ml/weka. Accessed 25 Sept 2018

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Farrukh Aslam Khan

  2. Department of Computer Science, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia

    Abdu Gumaei

Authors
  1. Farrukh Aslam Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdu Gumaei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Farrukh Aslam Khan .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Khan, F.A., Gumaei, A. (2019). A Comparative Study of Machine Learning Classifiers for Network Intrusion Detection. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11633. Springer, Cham. https://doi.org/10.1007/978-3-030-24265-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24265-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24264-0

  • Online ISBN: 978-3-030-24265-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation