Practical Performance of a Distributed Processing Framework for Machine-Learning-based NIDS

TL;DR

This paper evaluates the performance of a distributed processing framework for machine-learning-based Network Intrusion Detection Systems by implementing five classifiers and analyzing their throughput, latency, and bottlenecks.

Contribution

It provides a comprehensive performance evaluation of different classifiers within a distributed NIDS framework, highlighting bottlenecks and differences in processing efficiency.

Findings

Decision Tree and Random Forest show higher throughput.

Naive Bayes has lower latency.

Identified bottlenecks in the distributed processing system.

Abstract

Network Intrusion Detection Systems (NIDSs) detect intrusion attacks in network traffic. In particular, machine-learning-based NIDSs have attracted attention because of their high detection rates of unknown attacks. A distributed processing framework for machine-learning-based NIDSs employing a scalable distributed stream processing system has been proposed in the literature. However, its performance, when machine-learning-based classifiers are implemented has not been comprehensively evaluated. In this study, we implement five representative classifiers (Decision Tree, Random Forest, Naive Bayes, SVM, and kNN) based on this framework and evaluate their throughput and latency. By conducting the experimental measurements, we investigate the difference in the processing performance among these classifiers and the bottlenecks in the processing performance of the framework.