IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v12y2020i10p167-d421767.html
   My bibliography  Save this article

Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems

Author

Listed:
  • Niraj Thapa

    (Department of Computational Data Science and Engineering, North Carolina A&T State University, Greensboro, NC 27411, USA)

  • Zhipeng Liu

    (Department of Computer Science, North Carolina A&T State University, Greensboro, NC 27411, USA)

  • Dukka B. KC

    (Electrical Engineering and Computer Science Department, Wichita State University, Wichita, KS 67260, USA)

  • Balakrishna Gokaraju

    (Department of Computational Data Science and Engineering, North Carolina A&T State University, Greensboro, NC 27411, USA)

  • Kaushik Roy

    (Department of Computer Science, North Carolina A&T State University, Greensboro, NC 27411, USA)

Abstract

The development of robust anomaly-based network detection systems, which are preferred over static signal-based network intrusion, is vital for cybersecurity. The development of a flexible and dynamic security system is required to tackle the new attacks. Current intrusion detection systems (IDSs) suffer to attain both the high detection rate and low false alarm rate. To address this issue, in this paper, we propose an IDS using different machine learning (ML) and deep learning (DL) models. This paper presents a comparative analysis of different ML models and DL models on Coburg intrusion detection datasets (CIDDSs). First, we compare different ML- and DL-based models on the CIDDS dataset. Second, we propose an ensemble model that combines the best ML and DL models to achieve high-performance metrics. Finally, we benchmarked our best models with the CIC-IDS2017 dataset and compared them with state-of-the-art models. While the popular IDS datasets like KDD99 and NSL-KDD fail to represent the recent attacks and suffer from network biases, CIDDS, used in this research, encompasses labeled flow-based data in a simulated office environment with both updated attacks and normal usage. Furthermore, both accuracy and interpretability must be considered while implementing AI models. Both ML and DL models achieved an accuracy of 99% on the CIDDS dataset with a high detection rate, low false alarm rate, and relatively low training costs. Feature importance was also studied using the Classification and regression tree (CART) model. Our models performed well in 10-fold cross-validation and independent testing. CART and convolutional neural network (CNN) with embedding achieved slightly better performance on the CIC-IDS2017 dataset compared to previous models. Together, these results suggest that both ML and DL methods are robust and complementary techniques as an effective network intrusion detection system.

Suggested Citation

  • Niraj Thapa & Zhipeng Liu & Dukka B. KC & Balakrishna Gokaraju & Kaushik Roy, 2020. "Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems," Future Internet, MDPI, vol. 12(10), pages 1-16, September.
  • Handle: RePEc:gam:jftint:v:12:y:2020:i:10:p:167-:d:421767
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/12/10/167/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/12/10/167/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Jiaqi Zhao & Ming Xu & Yunzhi Chen & Guoliang Xu, 2023. "A DNN Architecture Generation Method for DDoS Detection via Genetic Alogrithm," Future Internet, MDPI, vol. 15(4), pages 1-20, March.
    2. Junwen Lu & Jinhui Wang & Xiaojun Wei & Keshou Wu & Guanfeng Liu, 2022. "Deep Anomaly Detection Based on Variational Deviation Network," Future Internet, MDPI, vol. 14(3), pages 1-17, March.
    3. Diego Lopez-Bernal & David Balderas & Pedro Ponce & Arturo Molina, 2021. "Education 4.0: Teaching the Basics of KNN, LDA and Simple Perceptron Algorithms for Binary Classification Problems," Future Internet, MDPI, vol. 13(8), pages 1-14, July.
    4. Giulia Cecili & Paolo De Fioravante & Pasquale Dichicco & Luca Congedo & Marco Marchetti & Michele Munafò, 2023. "Land Cover Mapping with Convolutional Neural Networks Using Sentinel-2 Images: Case Study of Rome," Land, MDPI, vol. 12(4), pages 1-20, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:12:y:2020:i:10:p:167-:d:421767. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.