Machine Learning-Based Intrusion Detection System: An Experimental Comparison

Abstract

Recently, networks are moving toward automation and getting more and more intelligent. With the advent of big data and cloud computing technologies, lots and lots of data are being produced on the internet. Every day, petabytes of data are produced from websites, social media sites, or the internet. As more and more data are produced, a continuous threat of network attacks is also growing. An intrusion detection system (IDS) is used to detect such types of attacks in the network. IDS inspects packet headers and data and decides whether the traffic is anomalous or normal based on the contents of the packet. In this research, ML techniques are being used for intrusion detection purposes. Feature selection is also used for efficient and optimal feature selection. The research proposes a hybrid feature selection technique composed of the Pearson correlation coefficient and random forest model. For the machine learning (ML) model, decision tree, AdaBoost, and K-nearest neighbor are trained and tested on the TON_IoT dataset. The dataset is new and contains new and recent attack types and features. For deep learning (DL), multilayer perceptron (MLP) and long short-term memory are trained and tested. Evaluation is done on the basis of accuracy, precision, and recall. It is concluded from the results that the decision tree for ML and MLP for DL provides optimal accuracy with fewer false-positive and false-negative rates. It is also concluded from the results that the ML techniques are effective for detecting intrusion in the networks.

Received: 8 June 2022 | Revised: 6 July 2022 | Accepted: 11 July 2022

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.