Evaluating the Performance of Classification Algorithms on the UNSW-NB15 Dataset for Network Intrusion Detection
Abstract
Network intrusion detection is a critical aspect of cybersecurity, aiming to distinguish between normal and malicious network activities. This study evaluates the performance of various machine learning algorithms on the UNSW-NB15 dataset for binary classification of network traffic into normal and attack categories. We employed several preprocessing steps, including handling missing values, encoding categorical features, and addressing class imbalance using a mix of Synthetic Minority Over-sampling Technique (SMOTE) and undersampling. The models evaluated include k-Nearest Neighbors (k-NN), Naive Bayes, Logistic Regression, Support Vector Machines (SVM), and Neural Networks. Our experimental results show that complex models like Neural Networks and SVMs significantly outperform simpler models. The Neural Network model achieved the highest accuracy of 92%, with a precision of 91%, recall of 93%, and an F1-score of 92%. SVM also performed robustly with an accuracy of 90%. Simpler models, while less effective, still achieved respectable performance, with Logistic Regression and k-NN reaching accuracies of 88% and 85%, respectively. The study highlights the importance of comprehensive preprocessing and the implementation of advanced machine learning techniques for effective network intrusion detection. The results suggest that while complex models offer superior detection capabilities, simpler models can still be valuable in resource-constrained environments. Future research should focus on applying these models to real-world data, exploring more advanced neural network architectures, and implementing cost-sensitive learning techniques to further enhance detection performance and efficiency.
Full Text:
PDFReferences
N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Information Security Journal, vol. 25, no. 1–3, 2016, doi: 10.1080/19393555.2015.1125974.
K. Jiang, W. Wang, A. Wang, and H. Wu, “Network Intrusion Detection Combined Hybrid Sampling With Deep Hierarchical Network,” IEEE Access, vol. 8, pp. 32464–32476, 2020, doi: 10.1109/ACCESS.2020.2973730.
J. Vitorino, R. Andrade, I. Praça, O. Sousa, and E. Maia, “A Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection,” 2022, pp. 191–207. doi: 10.1007/978-3-031-08147-7_13.
A. B H, B. S. Akki, H. M. Harshitha, N. R, and V. D.E, “A Survey on Intrusion Detection System using Machine Learning Techniques,” Int J Res Appl Sci Eng Technol, vol. 11, no. 5, pp. 473–477, May 2023, doi: 10.22214/ijraset.2023.51499.
A. A. Salih and A. M. Abdulazeez, “Evaluation of Classification Algorithms for Intrusion Detection System: A Review,” Journal of Soft Computing and Data Mining, vol. 02, no. 01, Apr. 2021, doi: 10.30880/jscdm.2021.02.01.004.
R. Zhao, Y. Mu, L. Zou, and X. Wen, “A Hybrid Intrusion Detection System Based on Feature Selection and Weighted Stacking Classifier,” IEEE Access, vol. 10, pp. 71414–71426, 2022, doi: 10.1109/ACCESS.2022.3186975.
A. Golrang, A. M. Golrang, S. Yildirim Yayilgan, and O. Elezaj, “A Novel Hybrid IDS Based on Modified NSGAII-ANN and Random Forest,” Electronics (Basel), vol. 9, no. 4, p. 577, Mar. 2020, doi: 10.3390/electronics9040577.
N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, Nov. 2019, doi: 10.1016/j.future.2019.05.041.
M. Barreno, B. Nelson, R. Sears, A. D. Joseph, and J. D. Tygar, “Can machine learning be secure?,” in Proceedings of the 2006 ACM Symposium on Information, computer and communications security, New York, NY, USA: ACM, Mar. 2006, pp. 16–25. doi: 10.1145/1128817.1128824.
H. Han, H. Kim, and Y. Kim, “An Efficient Hyperparameter Control Method for a Network Intrusion Detection System Based on Proximal Policy Optimization,” Symmetry (Basel), vol. 14, no. 1, p. 161, Jan. 2022, doi: 10.3390/sym14010161.
M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A survey of network-based intrusion detection data sets,” Comput Secur, vol. 86, pp. 147–167, Sep. 2019, doi: 10.1016/j.cose.2019.06.005.
DOI: http://dx.doi.org/10.22441/fifo.2024.v16i1.009
Refbacks
- There are currently no refbacks.
Jurnal Ilmiah FIFO
Print ISSN: 2085-4315 | |
Online ISSN: 2502-8332 |
Sekretariat
Fakultas Ilmu Komputer
Universitas Mercu Buana
Jl. Raya Meruya Selatan, Kembangan, Jakarta 11650
Tlp./Fax: +62215871335
http://publikasi.mercubuana.ac.id/index.php/fifo
e-mail:[email protected]
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.