Intrusion Detection using Machine Learning Techniques: An Experimental Comparison

TL;DR

This paper compares various machine learning techniques for intrusion detection, finding that multiclass classification with k-Nearest Neighbor yields the best accuracy, and binary classification shows high consistency.

Contribution

It provides an experimental comparison of multiple ML algorithms for intrusion detection, highlighting the most effective methods for binary and multiclass attack classification.

Findings

Binary classification accuracy ranges from 0.9938 to 0.9977.

Multiclass classification accuracy ranges from 0.9294 to 0.9983.

k-Nearest Neighbor achieves 0.9983 accuracy in multiclass detection.

Abstract

Due to an exponential increase in the number of cyber-attacks, the need for improved Intrusion Detection Systems (IDS) is apparent than ever. In this regard, Machine Learning (ML) techniques are playing a pivotal role in the early classification of the attacks in case of intrusion detection within the system. However, due to a large number of algorithms available, the selection of the right method is a challenging task. To resolve this issue, this paper analyses some of the current state-of-the-art intrusion detection methods and discusses their pros and cons. Further, a review of different ML methods is carried out with four methods showing to be the most suitable one for classifying attacks. Several algorithms are selected and investigated to evaluate the performance of IDS. These IDS classifies binary and multiclass attacks in terms of detecting whether or not the traffic has been considered as benign or an attack. The experimental results demonstrate that binary classification has greater consistency in their accuracy results which ranged from 0.9938 to 0.9977, while multiclass ranges from 0.9294 to 0.9983. However, it has been also observed that multiclass provides the best results with the algorithm k-Nearest neighbor giving an accuracy score of 0.9983 while the binary classification highest score is 0.9977 from Random Forest. The experimental results demonstrate that multiclass classification produces better performance in terms of intrusion detection by specifically differentiating between the attacks and allowing a more targeted response to an attack.