Intrusion detection systems using classical machine learning techniques versus integrated unsupervised feature learning and deep neural network

TL;DR

This paper compares classical machine learning methods requiring extensive feature engineering with integrated unsupervised feature learning and deep neural networks for intrusion detection, highlighting the effectiveness of DNN with PCA features.

Contribution

It presents a performance comparison between traditional ML and deep learning approaches for intrusion detection, emphasizing the benefits of unsupervised feature learning and DNNs.

Findings

DNN with PCA features achieved the highest effectiveness.

Unsupervised feature learning improved detection accuracy.

Deep Neural Networks performed well with Software Defined Networking features.

Abstract

Security analysts and administrators face a lot of challenges to detect and prevent network intrusions in their organizations, and to prevent network breaches, detecting the breach on time is crucial. Challenges arise while detecting unforeseen attacks. This work includes a performance comparison of classical machine learning approaches that require vast feature engineering, versus integrated unsupervised feature learning and deep neural networks on the NSL-KDD dataset. Various trials of experiments were run to identify suitable hyper-parameters and network configurations of machine learning models. The DNN using 15 features extracted using Principal Component analysis was the most effective modeling method. The further analysis using the Software Defined Networking features also presented a good accuracy using Deep Neural network.