Analysis of Intrusion Detection Systems in UNSW-NB15 and NSL-KDD Datasets with Machine Learning Algorithms

Abstract

Recently, the need for Network-based systems and smart devices has been increasing rapidly. The use of smart devices in almost every field, the provision of services by private and public institutions over network servers, cloud technologies and database systems are almost completely remotely controlled. Due to these increasing requirements for network systems, malicious software and users, unfortunately, are increasing their interest in these areas. Some organizations are exposed to almost hundreds or even thousands of network attacks daily. Therefore, it is not enough to solve the attacks with a virus program or a firewall. Detection and correct analysis of network attacks is vital for the operation of the entire system. With deep learning and machine learning, attack detection and classification can be done successfully. In this study, a comprehensive attack detection process was performed on UNSW-NB15 and NSL-KDD datasets with existing machine learning algorithms. In the UNSW-NB115 dataset, 98.6% and 98.3% accuracy were obtained for two-class and multi-class, respectively, and 97.8% and 93.4% accuracy in the NSL-KDD dataset. The results prove that machine learning algorithms are lateral to the solution in intrusion detection systems.

Keywords

• UNSW-NB15 dataset
• NSL-KDD dataset
• Instruction Detection Systems
• Machine Learning
• Network Attack

References

1. [1] S. Moualla, K. Khorzom, and A. Jafar, “Improving the Performance of Machine Learning-Based Network Intrusion Detection Systems on the UNSW-NB15 Dataset,” Comput Intell Neurosci, vol. 2021, pp. 5557577, 2021, doi: 10.1155/2021/5557577.
2. [2] S. Choudhary and N. Kesswani, “Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 Datasets using Deep Learning in IoT,” Procedia Comput Sci, vol. 167, pp. 1561–1573, Jan. 2020, doi: 10.1016/J.PROCS.2020.03.367.
3. [3] B. M. Serinelli, A. Collen, and N. A. Nijdam, “Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System,” Procedia Comput Sci, vol. 175, pp. 560–565, Jan. 2020, doi: 10.1016/J.PROCS.2020.07.080.
4. [4] N. v. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, “SMOTE: Synthetic Minority Over-sampling Technique,” Journal of Artificial Intelligence Research, vol. 16, pp. 321–357, Jun. 2002, doi: 10.1613/JAIR.953.
5. [5] P. Geurts, D. Ernst, and L. Wehenkel, “Extremely randomized trees,” Machine Learning 2006 63:1, vol. 63, no. 1, pp. 3–42, Mar. 2006, doi: 10.1007/S10994-006-6226-1.
6. [6] A. Basati and M. M. Faghih, “PDAE: Efficient network intrusion detection in IoT using parallel deep auto-encoders,” Inf Sci (N Y), vol. 598, pp. 57–74, Jun. 2022, doi: 10.1016/J.INS.2022.03.065.
7. [7] A. E. Cil, K. Yildiz, and A. Buldu, “Detection of DDoS attacks with feed forward based deep neural network model,” Expert Syst Appl, vol. 169, p. 114520, May 2021, doi: 10.1016/J.ESWA.2020.114520.
8. [8] G. C. Amaizu, C. I. Nwakanma, S. Bhardwaj, J. M. Lee, and D. S. Kim, “Composite and efficient DDoS attack detection framework for B5G networks,” Computer Networks, vol. 188, p. 107871, Apr. 2021, doi: 10.1016/J.COMNET.2021.107871.

9. [9] G. A. MM, J. N. K. S, U. M. R, and M. R. TF, “An efficient SVM based DEHO classifier to detect DDoS attack in cloud computing environment,” Computer Networks, vol. 215, p. 109138, Oct. 2022, doi: 10.1016/J.COMNET.2022.109138.
10. [10] E. Mushtaq, A. Zameer, M. Umer, and A. A. Abbasi, “A two-stage intrusion detection system with auto-encoder and LSTMs,” Appl Soft Comput, vol. 121, p. 108768, May 2022, doi: 10.1016/J.ASOC.2022.108768.
11. [11] S. Choudhary and N. Kesswani, “Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 Datasets using Deep Learning in IoT,” Procedia Comput Sci, vol. 167, pp. 1561–1573, 2020, doi: 10.1016/J.PROCS.2020.03.367.
12. [12] S. Moualla, K. Khorzom, and A. Jafar, “Improving the Performance of Machine Learning-Based Network Intrusion Detection Systems on the UNSW-NB15 Dataset,” Computational Intelligence and Neuroscience, vol. 2021, 2021, doi: 10.1155/2021/5557577.
13. [13] L. Mohammadpour, T. C. Ling, C. S. Liew, and C. Y. Chong, “A convolutional neural network for network intrusion detection system,” Proceedings of the Asia-Pacific Advanced Network, vol. 46, no. 0, pp. 50–55, 2018.
14. [14] A. Doğru, S. Buyrukoğlu, and M. Arı, “A hybrid super ensemble learning model for the early-stage prediction of diabetes risk,” Medical & Biological Engineering & Computing, vol. 61, no. 3, pp. 785-797, 2023.
15. [15] S. Buyrukoğlu. “New hybrid data mining model for prediction of Salmonella presence in agricultural waters based on ensemble feature selection and machine learning algorithms,” Journal of Food Safety, vol. 41, no. 4, 2021.
16. [16] S. Buyrukoğlu. “Promising cryptocurrency analysis using deep learning.” In 2021 5th International symposium on multidisciplinary studies and innovative technologies (ISMSIT),” pp. 372-376, 2021.
17. [17] “The UNSW-NB15 Dataset | UNSW Research.” https://research.unsw.edu.au/projects/unsw-nb15-dataset (accessed Sep. 08, 2022).
18. [18] N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” 2015 Military Communications and Information Systems Conference, MilCIS 2015 - Proceedings, Dec. 2015, doi: 10.1109/MILCIS.2015.7348942.
19. [19] S. Bagui, E. Kalaimannan, S. Bagui, D. Nandi, and A. Pinto, “Using machine learning techniques to identify rare cyber-attacks on the UNSW-NB15 dataset,” Security and Privacy, vol. 2, no. 6, p. e91, Nov. 2019, doi: 10.1002/SPY2.91.
20. [20] P. TS and P. Shrinivasacharya, “Evaluating neural networks using Bi-Directional LSTM for network IDS (intrusion detection systems) in cyber security,” Global Transitions Proceedings, vol. 2, no. 2, pp. 448–454, Nov. 2021, doi: 10.1016/J.GLTP.2021.08.017.
21. [21] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, Dec. 2009, doi: 10.1109/CISDA.2009.5356528.
22. [22] J. Mchugh, “Testing Intrusion detection systems,” ACM Transactions on Information and System Security (TISSEC), vol. 3, no. 4, pp. 262–294, Nov. 2000, doi: 10.1145/382912.382923.
23. [23] R. D. Ravipati and M. Abualkibash, “Intrusion Detection System Classification Using Different Machine Learning Algorithms on KDD-99 and NSL-KDD Datasets - A Review Paper,” SSRN Electronic Journal, Jun. 2019, doi: 10.2139/SSRN.3428211.
24. [24] A. Karcioğlu and T. Aydin, "Sentiment Analysis of Turkish and English Twitter Feeds Using Word2Vec Model," 2019 27th Signal Processing and Communications Applications Conference (SIU), Sivas, Turkey, 2019, pp. 1-4, doi: 10.1109/SIU.2019.8806295.
25. [25] A. Moldagulova and R. B. Sulaiman, “Using KNN algorithm for classification of textual documents,” ICIT 2017 - 8th International Conference on Information Technology, Proceedings, pp. 665–671, Oct. 2017, doi: 10.1109/ICITECH.2017.8079924.
26. [26] A. A. Akinyelu and A. O. Adewumi, “Classification of Phishing Email Using Random Forest Machine Learning Technique,” J. Appl. Math, vol. 41, pp. 1-6, 2014, doi: 10.1155/2014/425731.
27. [27] H. Patel, P. Prajapati, and H. H. Patel, “Study and Analysis of Decision Tree Based Classification Algorithms Extreme Multi-label Classification Problem View project Significance of the Transition to Outcome Based Education: Explore the Future View project Study and Analysis of Decision Tree Based Classification Algorithms,” International Journal of Computer Sciences and Engineering Open Access Research Paper, no. 6, 2018, doi: 10.26438/ijcse/v6i10.7478.
28. [28] W. H. Delashmit, “Recent Developments in Multilayer Perceptron Neural Networks”.
29. [29] S. Hochreiter and J. Schmidhuber, “Long Short-Term Memory,” Neural Comput, vol. 9, no. 8, pp. 1735–1780, Nov. 1997, doi: 10.1162/NECO.1997.9.8.1735.
30. [30] K. K. A. Ghany, H. M. Zawbaa, and H. M. Sabri, “COVID-19 prediction using LSTM algorithm: GCC case study,” Inform Med Unlocked, vol. 23, Jan. 2021, doi: 10.1016/J.IMU.2021.100566.
31. [31] S. Tanışman, A.A. Karcıoğlu, U. Aybars and H. Bulut, “LSTM Sinir Ağı ve ARIMA Zaman Serisi Modelleri Kullanılarak Bitcoin Fiyatının Tahminlenmesi ve Yöntemlerin Karşılaştırılması,” Avrupa Bilim ve Teknoloji Dergisi, vol. 32, pp. 514-520, 2021.
32. [32] S. Tanışman, A.A. Karcıoğlu, U. Aybars and H. Bulut, “Türkiye'de COVID-19 Bulaşısının ARIMA Modeli ve LSTM Ağı Kullanılarak Zaman Serisi Tahmini,” Avrupa Bilim ve Teknoloji Dergisi, vol. 32, pp. 288-297, 2021.
33. [33] K.A., Taher, B.M.Y., Jisan, and M.M. Rahman, “Network intrusion detection using supervised machine learning technique with feature selection,” In 2019 International conference on robotics, electrical and signal processing techniques, pp. 643-646, 2019.
34. [34] M. Injadat, A. Moubayed, A.B. Nassif, A. Shami, “Multi-stage optimized machine learning framework for network intrusion detection,” IEEE Trans. Netw. Serv. Manag, 2020. Doi:10.1109/TNSM.2020.3014929
35. [35] R., Magán-Carrión, D., Urda, I., Díaz-Cano, and B., Dorronsoro, “Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches,” Applied Sciences, vol. 10, no. 5, p. 1775, 2020.
36. [36] R., Abdulhammed, H., Musafer, A., Alessa, M., Faezipour, and A., Abuzneid, “Features dimensionality reduction approaches for machine learning based network intrusion detection,” Electronics, vol. 8, no. 3, p. 322, 2019.