Evaluation of Machine Learning based Network Attack Detection

The growth in the internet and communication technologies has driven tremendous developments in various application areas such as smart cities, cloud computing, internet-of-things, e-banking, e-commerce and e-government. However, with the advancements in networking infrastructure, hacking tools and methodologies have been much evolved thereby enabling hackers to attempt newer and more complicated cyber-attacks. Consequently, cyber-security has now emerged as a vital research area to address security concerns. Traditional security mechanisms such as firewalls and anti-viruses are not enough to protect networks and accurately detect intrusions. An Intrusion Detection System (IDS) provides an additional layer of security that prevents networks against possible intrusions through continuous surveillance of the network traffic. Despite the effectiveness of IDS and enormous research being conducted on the very topic, IDS still poses challenges to accurately detect intrusions, novel cyber-attacks and reducing false positive rates. Recently, Machine Learning (ML) and Deep Learning (DL) techniques have been exploited to overcome the inherent deficiencies of IDS. Existing research has demonstrated that ML and DL have great potential to detect intrusions and classify cyber-attacks in an efficient manner. Based on their inherent learning capabilities, ML and DL-based techniques can effectively detect patterns (features) from the network traffic and predict the behavior (normal or abnormal activity) based on these patterns. This research work first presents the concepts of IDS, followed by a comprehensive review of the recent ML and DL-based schemes. Later, a performance analysis of various ML algorithms is presented on a publicly available dataset to weigh their strengths and weaknesses in terms of accuracy and training time among others. We mainly evaluate the most commonly used supervised learning algorithms including Decision Trees (DT), Random Forest (RF), Gradient Booster (GB) and Neural Networks (NNs).