Creating an Advanced Machine Learning-Based Intrusion Detection System with SVM and Neural Networks

Introduction

The purpose of this research was to develop a low-complexity, high-accuracy, machine-learning-based Intrusion Detection System (IDS). Support Vector Machine (SVM) and Neural Network models were used in the proposed approach. The KDD99 intrusion detection dataset was used to measure how well the models performed.

The Neural Network model was trained until the validation error remained unchanged for six iterations. The model's true positive rate (TPR) and true negative rate (TNR) were both 100%, and its validation accuracy was 99.6 (Bushnag, 2021).The ROC curve performed exceptionally well, demonstrating high levels of specificity and sensitivity.

The SVM model compared the performance of the Gaussian, polynomial, and linear kernels. When compared to the other SVM kernels, the linear kernel performed the best (98.75 percent accuracy). While the other SVM models fell short of perfection, the Neural Network model performed flawlessly.

The accuracy of the Neural Network model was 100%, whereas that of the SVM linear kernel model was 98%. When both models were compared, the results showed that the Neural Network model was superior across the board.

IDS uses signature-based and anomaly-based detection. Signature-based detection recognizes cyber threats by their signatures. Machine learning creates an anomaly-based detection model to identify questionable behavior.

Machine learning helps networks detect threats and learn from past data. It adapts security and reduces network engineer dependence (Kaushik et al, 2022). Supervised, unsupervised, semi-supervised, and reinforcement machine learning methods exist.

Virtualization and containerization enable cross-platform application execution. Virtualization splits hardware resources to run various operating systems, while containerization isolates dependencies and source code into platform-independent files. Containers are resource-efficient virtual machine alternatives.

Cloud services offer machine learning, app hosting, virtual machines, and data science. Cloud services process massive amounts of data quickly and flexibly.

IDS models are trained using NSL-KDD. It covers DoS, U2R, R2L, and Probe attacks. Map attack categories, standardize, feature select, and encode the dataset.

Logistic Regression, Decision Tree, K Nearest Neighbours, Random Forest Classifier, and Naive Bayes train the model. Confusion matrix and accuracy measures analyze performance. K-Nearest Neighbours, with 98% accuracy, is chosen.

A cloud-deployed containerized approach gives consumers API access. Cloud deployment and containerization ensure platform independence.

The study used machine learning (ML) and software-defined network (SDN) subsystems.

ML subsystem

Dataset

The KDD99-enhanced NSL-KDD dataset was used. It fixed dataset duplication. The test dataset included 22,543 rows and 43 columns, while the training dataset had 125,972 rows. The dataset focused on DoS and Probe assaults (AlMasri et al, 2022).

Data Preprocessing

Column names were assigned, one-hot encoding transformed categorical data, attack types were represented numerically, and feature scaling standardized the dataset.

Feature Selection

All features, Anova-extracted features, and RFE were tested.

Building the Model

Four models were trained and tested utilizing all features and Anova-extracted features to find the most accurate.

SDN subsystem

SDN Definition

SDN is a network architecture that uses embedded software applications to intelligently operate the network and detect and monitor network security threats.

SDN Architecture Data, control, and application planes make up the OpenFlow-based SDN system. The application plane contains network functions and applications, and the SDN controller controls data flow and network policies.

Results

The Naive Bayes model with the Anova feature selection performed best on the dataset. Probe assaults were 93.5% accurate, whereas Naive Bayes and Anova DoS attacks were 86.9% accurate. Naive Bayes and Anova features presented confusion matrices for DoS and Probe attacks.

Using machine learning and SDN architecture, the suggested solution detected and prevented network intrusions.

Machine Learning Techniques

The survey found many SDN intrusion detection machine learning methods. Decision trees, support vector machines, neural networks, ensemble approaches, and deep learning algorithms. The study examined the pros and cons of each SDN-based IDS method.

Feature Selection

Feature selection improves intrusion detection system accuracy and efficiency, according to researchers. Information gain, chi-square, correlation-based, and genetic algorithms were discussed (Vaid et al, 2021). The survey assessed these methods for SDN environments.

Anomaly Detection

The report stressed the need for anomaly detection for detecting new assaults. It examined unsupervised learning, clustering, and statistical methods for network anomaly detection. These methods were examined for SDN-based IDS.

Evaluation measures

The authors examined SDN IDS performance measures. They discussed detection, false positives, accuracy, recall, and F1-score measures. To assess performance accurately, the survey stressed using proper evaluation indicators.

The study highlights the vulnerability of various datasets to adversarial input attacks, such as CIFAR10, ImageNet, and DREBIN (a malware dataset) (Bhatia et al, 2020). Misclassification and weakened network performance result from these attacks, which use differential evolution or evolutionary computation to target networks.

It is shown that defensive techniques like feature reduction and feature options make networks more vulnerable to attacks from malicious actors. However, defensive distillation, a form of distillation that has been shown to be effective in combat, is being offered as an alternative. Decreasing the gradient and raising the threshold for an input vector to affect the network, makes it more resistant to maliciously constructed inputs.

Results showed how various machine learning models fared at spotting intrusions in computer networks. According to the evaluation measures, the SVM model performed best, with an accuracy of 96%, followed by the neural network, which performed at a 94% success rate (Osa el al, 2022). Accuracy rates of 88% and 90% were reached using decision trees and random forests, respectively.

The SVM model also displayed the optimum balance between accurate detection of intrusions and suppression of false positives. The recall rate was marginally greater in the neural network model, but this came at the expense of more false positives.

Conclusion

SVM emerged as the most successful model among those tested in this study, and the comparison analysis demonstrated the viability of machine learning models for computer network intrusion detection.

The study tested the suggested SDN-based IDS against a CNN model to determine its efficacy. The experiments were run on a workstation equipped with Python and other libraries. The suggested system's efficiency was measured against that of well-known ML tools such as Logistic Regression, Naive Bayes, Decision Tree Classifier, AdaBoost, Random Forest, and Support Vector Machine. Accuracy, precision, recall, and F1-score were utilized as evaluation criteria.

The outcomes proved that the suggested CNN-based IDS outperformed the other methods. A 99.2% accuracy, 99.2% precision, 98.9% recall, and 99.0% F1 score were all attained using the suggested approach (Hassan et al, 2021). These findings prove that the CNN model is capable of identifying and categorizing suspicious SDN traffic. By outperforming conventional machine learning algorithms, the suggested approach demonstrated its promise for bolstering network security in SDN settings. 

Methodology discusses how the machine learning models for network traffic classification were constructed. Decision Tree, Random Forest, Naive Bayes, K Nearest Neighbour, Support Vector Machines, Neural Networks, and Logistic Regression were only a few of the supervised learning models and techniques used in this investigation. The procedure included gathering data, cleaning it up, training a model, and then testing it.

The DARPA dataset and the CTU-13 dataset were used for this analysis (Williams et al, 2020). Datasets were partitioned, timestamps and packet numbers were normalized, and features were converted as part of the preprocessing pipeline. Each algorithm's performance was measured and compared. Moloch was used to provide a graphical representation of the findings. Finally, the experimental datasets and hyper-parameter settings were presented and discussed.
 

In this section, we'll go over our methodology, which details how we built our machine-learning models to categorize network data. This study employed a variety of supervised learning models and methods, including but not limited to Decision Trees, Random Forests, Naive Bayes, K-Nearest Neighbours, Support Vector Machines, Neural Networks, and Logistic Regression. Data were collected, cleaned, a model was trained, and then the model was tested.

This research made use of data from both the DARPA and CTU-13 sets (Sirish & premamayudu, 2023). As part of the preprocessing procedure, we divided the datasets, normalized the timestamps and packet numbers, and transformed the features. The effectiveness of each algorithm was evaluated. The results were shown graphically with the help of Moloch. The final section showed and discussed experimental data and hyper-parameters.

network intrusion detection system (NIDS) optimized for use in an IoT setting using supervised machine learning. The team's goal was to use machine learning for effective intrusion detection in IoT networks in light of rising security concerns in this area. Effectiveness of IoT network NIDS based on supervised machine learning. In order to find the best machine learning method for intrusion detection in IoT settings, the authors compared their performance.

Based on the results of the study, it is clear that the suggested NIDS is highly effective at detecting network intrusions in terms of accuracy, precision, recall, and F1 score (Rani & Kaushal, 2020). When compared to other machine learning algorithms, the one that was chosen scored better in terms of its capacity to correctly categorize network traffic and spot dangers.

The researchers emphasized the necessity of feature selection and the use of appropriate characteristics to improve the NIDS's performance. The research also stressed the need of keeping the NIDS up-to-date and under constant surveillance.

REFERENCES

Aljohani, A., & Bushnag, A. (2021, September). An Intrusion Detection System Model in a Local Area Network using Different Machine Learning Classifiers. In 2021 11th International Conference on Advanced Computer Information Technologies (ACIT) (pp. 483-488). IEEE.

Kaushik, C., Ram, T., Ritvik, C., & Lakshman, T. (2022, August). Network Security with Network Intrusion Detection System using Machine Learning Deployed in a Cloud Infrastructure. In 2022 3rd International Conference on Electronics and Sustainable Communication Systems (ICESC) (pp. 701-708). IEEE.

AlMasri, T., Snober, M. A., & Al-Haija, Q. A. (2022, August). IDPS-SDN-ML: An Intrusion Detection and Prevention System Using Software-Defined Networks and Machine Learning. In 2022 1st International Conference on Smart Technology, Applied Informatics, and Engineering (APICS) (pp. 133-137). IEEE.

Vaid P., Bhadu S. K. &  Vaid, R. M. (2021)"Intrusion detection system in Software defined Network using machine learning approach - Survey, 6th International Conference on Communication and Electronics Systems (ICCES) (pp. 803-807), doi: 10.1109/ICCES51350.2021.9489141.

Bhatia, V., Choudhary, S., & Ramkumar, K. R. (2020, June). A comparative study on various intrusion detection techniques using machine learning and neural network. In 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions)(ICRITO) (pp. 232-236). IEEE.

Osa, E., & Oghenevbaire, O. E. (2022, April). Comparative Analysis of Machine Learning Models in Computer Network Intrusion Detection. In 2022 IEEE Nigeria 4th International Conference on Disruptive Technologies for Sustainable Development (NIGERCON) (pp. 1-5). IEEE.

Hassan, H. A., Hemdan, E. E., El-Shafai, W., Shokair, M., & Abd El-Samie, F. E. (2021, July). An Efficient Intrusion Detection System for SDN using Convolutional Neural Network. In 2021 International Conference on Electronic Engineering (ICEEM) (pp. 1-5). IEEE.

Williams, B., Dong, X., & Qian, L. (2020, December). Data Driven Network Monitoring and Intrusion Detection using Machine Learning. In 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS) (pp. 1-7). IEEE.

Sirisha, A., & Premamayudu, B. (2023, March). A Brief Analysis on Efficient Machine Learning Techniques for Intrusion Detection Model to Provide Network Security. In 2023 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS) (pp. 105-112). IEEE.

Rani, D., & Kaushal, N. C. (2020, July). Supervised machine learning based network intrusion detection system for Internet of Things. In 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-7). IEEE.