Implementation of Six Single Classifiers and Feature Selection for Performance Enhancement in Anomaly-Based Intrusion Detection

Attacks against information systems have been sharply increasing recently. Cyberattacks are becoming less detectable by the normal antiviruses and firewalls. Various security systems have been deployed to protect information systems; Network Intrusion Detection Systems (NIDS) are among the most widely used security systems in the networking industry. IDS can be an anomaly-based or signature-based system. Signature-based NIDSs are effective against known attacks but futile against zero-day attacks. To detect novel attack techniques, anomaly-based IDS has proven to be more useful than signature-based IDS. This study used six Machine Learning algorithms to detect network intrusion incidents. The CSE-CIC-IDS2018 dataset is employed to train and test the algorithms. The dataset is cleared of defects, and important features are selected using the Random Forest Regressor algorithm. A sample of the dataset with selected key features is applied to six machine learning algorithms (Gradient Boosting, AdaBoost, ID3, KNN, MLP, and Random Forest). Within a short period of time, the algorithms achieved the following F1-Scores: Gradient Boosting (0.95), AdaBoost (0.94), K-Nearest Neighbors (0.93), ID3 (0.93), Random Forest (0.93), and MLP (0.78).