• Login
    View Item 
    •   Shocker Open Access Repository Home
    • Engineering
    • Electrical Engineering and Computer Science
    • EECS Faculty Scholarship
    • EECS Research Publications
    • View Item
    •   Shocker Open Access Repository Home
    • Engineering
    • Electrical Engineering and Computer Science
    • EECS Faculty Scholarship
    • EECS Research Publications
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Comparison of machine learning and deep learning models for network intrusion detection systems

    View/Open
    KcDukka_2020.pdf (1.573Mb)
    Date
    2020-09-30
    Author
    Thapa, Niraj
    Liu, Zhipeng
    KC, Dukka B.
    Gokaraju, Balakrishna
    Roy, Kaushik
    Metadata
    Show full item record
    Citation
    Thapa, N.; Liu, Z.; KC, D.B.; Gokaraju, B.; Roy, K. Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems. Future Internet 2020, 12, 167
    Abstract
    The development of robust anomaly-based network detection systems, which are preferred over static signal-based network intrusion, is vital for cybersecurity. The development of a flexible and dynamic security system is required to tackle the new attacks. Current intrusion detection systems (IDSs) suffer to attain both the high detection rate and low false alarm rate. To address this issue, in this paper, we propose an IDS using different machine learning (ML) and deep learning (DL) models. This paper presents a comparative analysis of different ML models and DL models on Coburg intrusion detection datasets (CIDDSs). First, we compare different ML-and DL-based models on the CIDDS dataset. Second, we propose an ensemble model that combines the best ML and DL models to achieve high-performance metrics. Finally, we benchmarked our best models with the CIC-IDS2017 dataset and compared them with state-of-the-art models. While the popular IDS datasets like KDD99 and NSL-KDD fail to represent the recent attacks and suffer from network biases, CIDDS, used in this research, encompasses labeled flow-based data in a simulated office environment with both updated attacks and normal usage. Furthermore, both accuracy and interpretability must be considered while implementing AI models. Both ML and DL models achieved an accuracy of 99% on the CIDDS dataset with a high detection rate, low false alarm rate, and relatively low training costs. Feature importance was also studied using the Classification and regression tree (CART) model. Our models performed well in 10-fold cross-validation and independent testing. CART and convolutional neural network (CNN) with embedding achieved slightly better performance on the CIC-IDS2017 dataset compared to previous models. Together, these results suggest that both ML and DL methods are robust and complementary techniques as an effective network intrusion detection system.
    Description
    © 2020 Authors. Published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. Reuse of an article does not imply endorsement by the authors or MDPI.
    URI
    https://doi.org/10.3390/fi12100167
    https://soar.wichita.edu/handle/10057/19594
    Collections
    • EECS Research Publications

    Browse

    All of Shocker Open Access RepositoryCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsBy TypeThis CollectionBy Issue DateAuthorsTitlesSubjectsBy Type

    My Account

    LoginRegister

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    DSpace software copyright © 2002-2023  DuraSpace
    DSpace Express is a service operated by 
    Atmire NV