Impacts of Data Preprocessing and Hyperparameter Optimization on the Performance of Machine Learning Models Applied to Intrusion Detection Systems

TL;DR

This paper investigates how data preprocessing and hyperparameter tuning influence the effectiveness and efficiency of machine learning models used in intrusion detection systems, highlighting their importance for robust cybersecurity solutions.

Contribution

It provides a systematic evaluation of the effects of data preprocessing and hyperparameter optimization on ML model performance in IDS, filling a notable research gap.

Findings

Proper preprocessing improves model robustness

Hyperparameter tuning reduces training and testing times

Optimized models perform better in threat detection

Abstract

In the context of cybersecurity of modern communications networks, Intrusion Detection Systems (IDS) have been continuously improved, many of them incorporating machine learning (ML) techniques to identify threats. Although there are researches focused on the study of these techniques applied to IDS, the state-of-the-art lacks works concentrated exclusively on the evaluation of the impacts of data pre-processing actions and the optimization of the values of the hyperparameters of the ML algorithms in the construction of the models of threat identification. This article aims to present a study that fills this research gap. For that, experiments were carried out with two data sets, comparing attack scenarios with variations of pre-processing techniques and optimization of hyperparameters. The results confirm that the proper application of these techniques, in general, makes the generated classification models more robust and greatly reduces the execution times of these models' training and testing processes.