Skip to main content
Springer Nature Link
Log in

A Comparison of Three Machine Learning Algorithms in the Classification of Network Intrusion

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1347))

Included in the following conference series:

  • 1842 Accesses

Abstract

Intrusion Detection Systems (IDS) effort to detect intrusion and misuse attack computer systems by assembling and examining data of computer networks. The IDS is usually examining huge traffic data based on Machine Learning (ML) algorithms to identify harmful changes or attacks, however, which algorithm can manifest the best performance is an issue to be investigated. ML-IDS requires to decrease false alarm and increase true alarm rates. In this work, three tree-based ML algorithms which are Decision Tree (DT), Decision Jungle (DJ), and Decision Forest (DF) have been tested and evaluated in an IDS model. The main objective of this work is to compare the performance of the three algorithms based on accuracy, precision and recall evaluation criteria. The Knowledge Discovery in Databases (KDD) methodology and Kaggle intrusion detection dataset are used in the testing. The results show that the DF achieves the highest overall accuracy of 99.83%, the DJ achieves the second highest overall accuracy of 99.74% and the DT achieves the lowest overall accuracy of 95.59%. The obtained results can serve as a benchmark in the evaluation of advanced IDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Khalaf, B.A., Mostafa, S.A., Mustapha, A., Mohammed, M.A., Abduallah, W.M.: Comprehensive review of artificial intelligence and statistical approaches in distributed denial of service attack and defense methods. IEEE Access 7, 51691–51713 (2019)

    Article  Google Scholar 

  2. Jubair, M.A., et al.: Bat optimized link state routing protocol for energy-aware mobile ad-hoc networks. Symmetry 11(11), 1409 (2019)

    Article  Google Scholar 

  3. Richariya, V., Singh, U.P., Mishra, R.: Distributed approach of intrusion detection system: survey. Int. J. Adv. Comput. Res. 2(4), 358 (2012)

    Google Scholar 

  4. Aburomman, A.A., Reaz, M.B.I.: A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38, 360–372 (2016)

    Article  Google Scholar 

  5. Farnaaz, N., Jabbar, M.A.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89(1), 213–217 (2016)

    Article  Google Scholar 

  6. Khalaf, B.A., Mostafa, S.A., Mustapha, A., Abdullah, N.: An adaptive model for detection and prevention of DDoS and flash crowd flooding attacks. In: 2018 International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR), pp. 1–6. IEEE, August 2018

    Google Scholar 

  7. Elmasry, W., Akbulut, A., Zaim, A.H.: Empirical study on multiclass classification-based network intrusion detection. Comput. Intell. 35(4), 919–954 (2019)

    Article  MathSciNet  Google Scholar 

  8. Ishak, A.M., Mustapha, A., Idrus, S.Z.S., Abd Wahab, M.H., Mostafa, S.A.: Correlation impact by random forest towards prediction of phishing website. In:  IOP Conference Series: Materials Science and Engineering, vol. 917, no. 1, p. 012043. IOP Publishing (2020)

    Google Scholar 

  9. Razali, N., Mostafa, S.A., Mustapha, A., Abd Wahab, M.H., Ibrahim, N.A.: Risk factors of cervical cancer using classification in data mining. In: Journal of Physics: Conference Series, vol. 1529, no. 2, p. 022102. IOP Publishing, April 2020

    Google Scholar 

  10. Rajagopal, S., Hareesha, K.S., Kundapur, P.P.: Performance analysis of binary and multiclass models using azure machine learning. International Journal of Electrical & Computer Engineering (2088-8708), 10 (2020)

    Google Scholar 

  11. Razali, N., Mustapha, A., Abd Wahab, M.H., Mostafa, S.A., Rostam, S.K.: A data mining approach to prediction of liver diseases. In: Journal of Physics: Conference Series, vol. 1529, no. 3, p. 032002. IOP Publishing, April 2020

    Google Scholar 

  12. Dhanabal, L., Shantharajah, S.P.: A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446–452 (2015)

    Google Scholar 

  13. Shamim, A., Balakrishnan, V., Kazmi, M., Sattar, Z.: Intelligent data mining in autonomous heterogeneous distributed and dynamic data sources. In: 2nd International Conference on Innovations in Engineering and Technology (ICCET’2014), pp. 19–20, Sept 2014

    Google Scholar 

  14. Gao, X., Shan, C., Hu, C., Niu, Z., Liu, Z.: An adaptive ensemble machine learning model for intrusion detection. IEEE Access 7, 82512–82521 (2019)

    Article  Google Scholar 

  15. Ghosh, P., Mitra, R.: Proposed GA-BFSS and logistic regression based intrusion detection system. In: Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), pp. 1–6. IEEE, February 2015

    Google Scholar 

  16. Stibor, T., Timmis, J., Eckert, C.: A comparative study of real-valued negative selection to statistical anomaly detection techniques. In: Jacob, C., Pilat, M.L., Bentley, P.J., Timmis, J.I. (eds.) ICARIS 2005. LNCS, vol. 3627, pp. 262–275. Springer, Heidelberg (2005). https://doi.org/10.1007/11536444_20

    Chapter  Google Scholar 

  17. Li, Y., Qiu, R., Jing, S.: Intrusion detection system using Online Sequence Extreme Learning Machine (OS-ELM) in advanced metering infrastructure of smart grid. PLoS ONE 13(2), e0192216 (2018)

    Article  Google Scholar 

  18. Shakya, S., Kaphle, B.R.: Intrusion detection system using back propagation algorithm and compare its performance with self organizing map. J. Adv. Coll. Eng. Manag. 1, 127 (2016)

    Article  Google Scholar 

  19. Microsoft Azure Machine Learning Studio. https://studio.azureml.net/. Accessed on June 2016

  20. Introducing Kaggle Simulations. https://www.kaggle.com/what0919/intrusion-detection. Accessed on 2019

  21. Micro Average vs Macro average Performance in a Multiclass classification setting, Data Science (2018). https://datascience.stackexchange.com/questions/15989/micro-average-vs-macro-average-performance-in-a-multiclass-classification-settin

  22. Khalaf, B.A., et al.: A simulation study of syn flood attack in cloud computing environment. AUS J. 1–10, 2019 (2019)

    Google Scholar 

  23. Al-Ta’i, Z.T.M., Abass, J.M., Abd Al-Hameed, O.Y.: Image steganography between Firefly and PSO Algorithms. Int. J. Comput. Sci. Inform. Secur. 15(2), 9 (2017)

    Google Scholar 

  24. Babatunde, O.S., Ahmad, A.R., Mostafa, S.A., khalaf, B.A., Fadel, A.H., Shamala, P.: A smart network intrusion detection system based on network data analyzer and support vector machine. In: International Journal of Emerging Trends in Engineering Research, vol. 8, no. 1, pp. 213–220 (2020)

    Google Scholar 

  25. Fadel, H., Hameed, R.S., Hasoon, J.N., Mostafa, S.A.: A Light-weight ESalsa20 Ciphering based on 1D Logistic and Chebyshev Chaotic Maps. Solid State Technol. 63(1), 1078–1093 (2020)

    Google Scholar 

Download references

Acknowledgement

This paper is supported by Universiti Tun Hussein Onn Malaysia.

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Technology, University Tun Hussein Onn Malaysia, 86400, Johor, Malaysia

    Amir Zulhilmi, Salama A. Mostafa & Aida Mustapha

  2. College of Basic Education, University of Diyala, 32001, Diyala, Iraq

    Bashar Ahmed Khalaf

  3. Research Management Centre, University Tun Hussein Onn Malaysia, 86400, Johor, Malaysia

    Siti Solehah Tenah

Authors
  1. Amir Zulhilmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salama A. Mostafa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bashar Ahmed Khalaf
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aida Mustapha
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Siti Solehah Tenah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Salama A. Mostafa .

Editor information

Editors and Affiliations

  1. National Advanced IPv6 Centre, Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

  2. Hodeidah University, Hodeidah, Yemen

    Nibras Abdullah

  3. National Advanced IPv6 Centre, Universiti Sains Malaysia, Penang, Malaysia

    Selvakumar Manickam

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zulhilmi, A., Mostafa, S.A., Khalaf, B.A., Mustapha, A., Tenah, S.S. (2021). A Comparison of Three Machine Learning Algorithms in the Classification of Network Intrusion. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2020. Communications in Computer and Information Science, vol 1347. Springer, Singapore. https://doi.org/10.1007/978-981-33-6835-4_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-33-6835-4_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-33-6834-7

  • Online ISBN: 978-981-33-6835-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics