Evaluating the performance of machine learning algorithms for network intrusion detection systems in the internet of things infrastructure
Keywords:Network Intrusion Detection Systems, Machine Learning Algorithms, Internet-of-Things, Malicious Cyberattacks, Network Traffic.
As numerous Internet-of-Things (IoT) devices are deploying on a daily basis, network intrusion detection systems (NIDS) are among the most critical tools to ensure the protection and security of networks against malicious cyberattacks. This paper employs four machine learning algorithms: XGBoost, random forest, decision tree, and gradient boosting, and evaluates their performance in NIDS, considering the accuracy, precision, recall, and F-score. The comparative analysis conducted using the CICIDS2017 dataset reveals that the XGBoost performs better than the other algorithms reaching the predicted accuracy of 99.6% in detecting cyberattacks. XGBoost-based attack detectors also have the largest weighted metrics of F1-score, precision, and recall. The paper also studies the effect of class imbalance and the size of the normal and attack classes. The small numbers of some attacks in training datasets mislead the classifier to bias towards the majority classes resulting in a bottleneck to improving macro recall and macro F1 score. The results assist the network engineers in choosing the most effective machine learning-based NIDS to ensure network security for todayâ€™s growing IoT network traffic.
 A. Ahmim, N. Ghoualmiâ€“Zine, A new adaptive intrusion detection system based on the intersection of two different classifiers, International Journal of Security and Networks 9(3) (2014) 125-132. https://doi.org/10.1504/IJSN.2014.065710.
 A. Ahmim N.G. Zine, A new hierarchical intrusion detection system based on a binary tree of classifiers, Information & Computer Security 23(1) (2015) 31-57. https://doi.org/10.1108/ICS-04-2013-0031.
 S. Detrow, Obama on Russian Hacking: We Need to Take Action. And We Will, NPR News, 2016. https://www.npr.org/2016/12/15/505775550/obama-on-russian-hacking-we-need-to-take-action-and-we-will, December 15, 2016.
 R. Langner, Stuxnet: Dissecting a cyberwarfare weapon, IEEE Security & Privacy 9(3) (2011) 49-51. https://doi.org/10.1109/MSP.2011.67.
 I. Bouteraa, M. Derdour, A. Ahmim, Intrusion Detection using Data Mining: A contemporary comparative study, 3rd IEEE International Conference on Pattern Analysis and Intelligent Systems (2018) 1-8. https://doi.org/10.1109/PAIS.2018.8598494.
 N. Kshetri, Kaspersky Lab: from Russia with anti-virus, Emerald Emerging Markets Case Studies 1(3) (2011) 1-10. https://doi.org/10.1108/20450621111180954.
 R. Bace, P. Mell, NIST special publication on intrusion detection systems, Booz-Allen and Hamilton Inc McLean (2001). https://www.nist.gov/publications/intrusion-detection-systems. https://doi.org/10.6028/NIST.SP.800-31.
 H.J. Liao, C.H.R. Lin, Y.C. Lin, K.Y. Tung, Intrusion detection system: A comprehensive review, Journal of Network and Computer Applications, 36(1) (2013) 16-24. https://doi.org/10.1016/j.jnca.2012.09.004.
 F. Ertam, L.F. Kilincer, O. Yaman, Intrusion detection in computer networks via machine learning algorithms, IEEE International Artificial Intelligence and Data Processing Symposium (IDAP) (2017) 1-4. https://doi.org/10.1109/IDAP.2017.8090165.
 A. Lazarevic, V. Kumar, J. Srivastava, Intrusion detection: A survey, Managing Cyber Threats: Springer (2005) 19-78. https://doi.org/10.1007/0-387-24230-9_2.
 W. Li, Q. Li, Using naive Bayes with AdaBoost to enhance network anomaly intrusion detection, 3rd International Conference on Intelligent Networks and Intelligent Systems (2010) 486-489. https://doi.org/10.1109/ICINIS.2010.133.
 S.K. Gautam, H. Om, Computational neural network regression model for Host based Intrusion Detection System, Perspectives in Science 8 (2016) 93-95. https://doi.org/10.1016/j.pisc.2016.04.005.
 J. Jha, L. Ragha, Intrusion detection system using support vector machine, International Journal of Applied Information Systems (IJAIS) 3 (2013) 25-30. 10.5120/icwac1342.
 G. Liu, Z. Yi, S. Yang, A hierarchical intrusion detection model based on the PCA neural networks, Neurocomputing 70(7) (2007) 1561-1568. https://doi.org/10.1016/j.neucom.2006.10.146.
 J. Zhang, M. Zulkernine, A. Haque, Random-forests-based network intrusion detection systems, IEEE Transactions on Systems, Man, and Cybernetics, Part C 38(5) (2008) 649-659. https://doi.org/10.1109/TSMCC.2008.923876.
 C.F. Tsai, Y.F. Hsu, C.Y. Lin, W.Y. Lin, Intrusion detection by machine learning: A review, Expert systems with applications, 36(10) (2009) 11994-12000. https://doi.org/10.1016/j.eswa.2009.05.029.
 D. Alexander, 5.6 million fingerprints stolen in US personnel data hack: government, ed: Reuters (2015). Online: https://www.reuters.com/article/us-usa-cybersecurity-fingerprints-idUSKCN0RN1V820150923.
 J. Peng, K.-K. R. Choo, and H. Ashman, User profiling in intrusion detection: A review, Journal of Network and Computer Applications 72 (2016) 14-27. https://doi.org/10.1016/j.jnca.2016.06.012.
 D. M. Farid, M. Z. Rahman, Anomaly network intrusion detection based on improved self adaptive bayesian algorithm, Journal of Computers, 5(1) (2010) 23-31. https://doi.org/10.4304/jcp.5.1.23-31.
 A. D. Lopez, A. P. Mohan, S. Nair, Network traffic behavioral analytics for detection of DDoS attacks, SMU data science review 2(1) (2019) 14. https://scholar.smu.edu/datasciencereview/vol2/iss1/14?utm_source=scholar.smu.edu%2Fdatasciencereview%2Fvol2%2Fiss1%2F14&utm_medium=PDF&utm_campaign=PDFCoverPages. I. Sharafaldin, A. H. Lashkari, A. A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSP, (2018) 108-116. https://doi.org/10.5220/0006639801080116.
 S. X. Wu, W. Banzhaf, The use of computational intelligence in intrusion detection systems: A review, Applied soft computing 10(1) (2010) 1-35. https://doi.org/10.5220/0006639801080116.
 H. Chauhan, V. Kumar, S. Pundir, E. S. Pilli, A comparative study of classification techniques for intrusion detection, IEEE International Symposium on Computational and Business Intelligence (2013) 40-43. https://doi.org/10.1016/j.asoc.2009.06.019.
 R. E. Hoyt, D. H. Snider, C. J. Thompson, S. Mantravadi, IBM Watson analytics: automating visualization, descriptive, and predictive statistics," JMIR public health and surveillance 2(2) (2016) e157. https://doi.org/10.1109/ISCBI.2013.16.
 G. Regkas, Empowering Citizen Data Scientists with IBM Watson AutoAI, Online: https://towardsdatascience.com/empowering-citizen-data-scientists-with-watson-autoai-49a087df99e5, (2020). https://doi.org/10.2196/publichealth.5810.
 S. S. Dhaliwal, A.-A. Nahid, R. Abbas, Effective intrusion detection system using XGBoost, Information, 9(7) (2018) 149. https://doi.org/10.3390/info9070149.
 N. Farnaaz, M. Jabbar, Random forest modeling for network intrusion detection system, Procedia Computer Science 89(1) (2016) 213-217. https://doi.org/10.1016/j.procs.2016.06.047.
 X. Li, N. Ye, Decision tree classifiers for computer intrusion detection, Journal of Parallel and Distributed Computing Practices 4(2) (2001) 179-190. https://doi.org/10.1145/1167253.1167288.
 P. Verma, S. Anwar, S. Khan, S. B. Mane, Network intrusion detection using clustering and gradient boosting, 9th IEEE International Conference on Computing, Communication and Networking Technologies (ICCCNT) (2018) 1-7. https://doi.org/10.1109/ICCCNT.2018.8494186.
 A. H. Lashkari, A. Seo, G. D. Gil, A. Ghorbani, CIC-AB: Online ad blocker for browsers, International Carnahan Conference on Security Technology (ICCST) (2017) 1-7. https://doi.org/10.1109/CCST.2017.8167846.