Volume 14 , Issue 1 , PP: 20-33, 2024 | Cite this article as | XML | Html | PDF | Full Length Article
Alsamir Alqahtani 1 * , Hanan AlShaher 2
Doi: https://doi.org/10.54216/JCIM.140102
With the increased use of the Internet, unauthorized access has increased, allowing malicious users to hack networks and carry out malicious activities. One of the essential modern approaches in today's cybersecurity efforts is the limitation of access by suspect users. In this study, the approach toward real-time intrusion detection was to consider behavioral patterns of past users on the network. We classified the users as two categories: intervention and non-intervention, and employed the machine learning techniques Artificial Neural Networks [ANN], Support Vector Machines [SVM], and Decision Trees [DT]. The Decision Trees model was chosen as it had a mature capability concerning complex pattern recognition and an enhancement capability of the intrusion detection systems. The efficiency of these algorithms is examined via the key performance metrics: confusion matrix, F1-score, and Area Under the Curve [AUC]. Decision Tree, which came up as the best model for both the training and testing phases, produced an outstanding F1-score of 99.96% and AUC score of 99.93% in the testing phase. SVM and ANN gave good results; the F1 scores of SVM and ANN in the testing phase were 92.76% and 93.33%, while the AUC was 90.57% and 94.78%, respectively. This research will enlighten us on the influence of machine learning on the scope of intrusion detection, fostering more development efforts toward more responsive and dynamic intrusion detection systems. The comparative evaluation of these models will help in providing vital information for the further enhancement of cybersecurity strategies, ensuring better defenses against these ever-evolving cyber threats.
Machine Learning , Decision Tree , Support Vector Machine , Artificial Neural Networks
[1] Sarker, I.H., et al. (2020). Cybersecurity data science: an overview from machine learning perspective.
[2] Tapiador, J.E., Orfila, A., Ribagorda, A., & Ramos, B. (2013). Key recovery attacks on KIDS, a keyed anomaly detection system. IEEE Transactions on Dependable and Secure Computing, 12(3), 312-325.
[3] Tavallaee, M., Stakhanova, N., & Ghorbani, A.A. (2010). Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Transactions on Systems, Man, and Cybernetics - Part C: Applications and Reviews, 40(5), 516-524.
[4] Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., & Karimipour, H. (2019). Cyber intrusion detection by combined feature selection algorithm. Journal of Information Security and Applications, 44, 80-88.
[5] Maseer, Z.K., Yusof, R., Bahaman, N., Mostafa, S.A., & Foozy, C.F.M. (2021). Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset. IEEE Access, 9, 22351-22370.
[6] Mishra, P., Varadharajan, V., Tupakula, U., & Pilli, E.S. (2018). A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Communications Surveys & Tutorials, 21(1), 686-728.
[7] Ambarwari, A., Adrian, Q.J., & Herdiyeni, Y. (2020). Analysis of the effect of data scaling on the performance of machine learning algorithms for plant identification. Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), 4(1), 117-122.
[8] Liu, H., & Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences, 9(20), 4396.
[9] Dalinina. (2017). Introduction to Forecasting with ARIMA in R. Retrieved from https://www.datascience.com/blog/introduction-to-forecasting-with-arima-in-r-learn-datascience-tutorials
[10] Alqahtani, H., Sarker, I.H., Kalim, A., Hossain, M., Md, S., Ikhlaq, S., & Hossain, S. (2020, March). Cyber intrusion detection using machine learning classification techniques. In International Conference on Computing Science, Communication and Security (pp. 121-131). Springer, Singapore.
[11] Alzahrani, A.O., & Alenazi, M.J. (2021). Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet, 13(5), 111.
[12] Rokade, M.D., & Sharma, Y.K. (2021, March). MLIDS: A Machine Learning Approach for Intrusion Detection for Real Time Network Dataset. In 2021 International Conference on Emerging Smart Computing and Informatics (ESCI) (pp. 533-536). IEEE.
[13] Sangkatsanee, P., Wattanapongsakorn, N., & Charnsripinyo, C. (2021). Practical real-time intrusion detection using machine learning approaches. Computer Communications, 34(18), 2227-2235.
[14] Raghuvanshi, A., Singh, U.K., Sajja, G.S., Pallathadka, H., Asenso, E., Kamal, M., & Phasinam, K. (2022). Intrusion detection using machine learning for risk mitigation in IoT-enabled smart irrigation in smart farming. Journal of Food Quality, 2022.
[15] Faker, O., & Dogdu, E. (2019, April). Intrusion detection using big data and deep learning techniques. In Proceedings of the 2019 ACM Southeast Conference (pp. 86-93).
[16] Shin, Y., & Kim, K. (2020). Comparison of anomaly detection accuracy of host-based intrusion detection systems based on different machine learning algorithms. International Journal of Advanced Computer Science and Applications, 11(2). http://dx.doi.org/10.14569/IJACSA.2020.0110233
[17] Wester, P., Heiding, F., & Lagerström, R. (2021). Anomaly-based intrusion detection using tree augmented naive Bayes. In Proceedings of the 2021 IEEE 25th International Enterprise Distributed Object Computing Workshop (EDOCW). IEEE. https://doi.org/10.1109/EDOCW52865.2021.00040
[18] Barbhuiya, S., Kilpatrick, P., & Nikolopoulos, D. S. (2020). DroidLight: Lightweight Anomaly-based Intrusion Detection System for Smartphone Devices. In Proceedings of the 21st International Conference on Distributed Computing and Networking (ICDCN 2020), January 4–7, Kolkata, India. ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/3369740.3369796
[19] Alamiedy, T.A., Anbar, M., Alqattan, Z.N.M. et al. Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm. J Ambient Intell Human Comput 11, 3735–3756 (2020). https://doi.org/10.1007/s12652-019-01569-8
[20] Yihunie, F., Abdelfattah, E., & Regmi, A. (2019). Applying Machine Learning to Anomaly-Based Intrusion Detection Systems. 2019 IEEE Long Island Systems, Applications and Technology Conference (LISAT), Farmingdale, NY, USA, 2019, pp. 1-5. https://doi.org/10.1109/LISAT.2019.8817340
[21] Bhavsar, M., Roy, K., Kelly, J., & Olusola, O. (2023). Anomaly-based intrusion detection system for IoT applications. Discover Internet of Things, 3(5). https://doi.org/10.1007/s43926-023-00034-5
[22] Siganos, M., Radoglou-Grammatikis, P., Kotsiuba, I., Markakis, E., Moscholios, I., Goudos, S., & Sarigiannidis, P. (2023). Explainable AI-based intrusion detection in the Internet of Things. In The 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29–September 01, 2023, Benevento, Italy. ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/3600160.3605162
[23] Safavian, S.R., & Landgrebe, D. (1991). A survey of decision tree classifier methodology. IEEE Transactions on Systems, Man, and Cybernetics, 21(3), 660-674.
[24] González, L.A., Bishop-Hurley, G.J., Handcock, R.N., & Crossman, C. (2015). Behavioral classification of data from collars containing motion sensors in grazing cattle. Computers and Electronics in Agriculture, 110, 91-102.
[25] Charbuty, B., & Abdulazeez, A. (2021). Classification based on decision tree algorithm for machine learning. Journal of Applied Science and Technology Trends, 2(01), 20-28.
[26] Nashif, S., Raihan, M.R., Islam, M.R., & Imam, M.H. (2018). Heart disease detection by using machine learning algorithms and a real-time cardiovascular health monitoring system. World Journal of Engineering and Technology, 6(4), 854-873.
[27] Mohammadi, M., Rashid, T.A., Karim, S.H.T., Aldalwie, A.H.M., Tho, Q.T., Bidaki, M., & Hosseinzadeh, M. (2021). A comprehensive survey and taxonomy of the SVM-based intrusion detection systems. Journal of Network and Computer Applications, 178, 102983.
[28] Sheykhmousa, M., Mahdianpari, M., Ghanbari, H., Mohammadimanesh, F., Ghamisi, P., & Homayouni, S. (2020). Support vector machine versus random forest for remote sensing image classification: A meta-analysis and systematic review. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, 13, 6308-6325.
[29] Gujral, K., Scott, J.Y., Ambady, L., Dismuke-Greer, C.E., Jacobs, J., Chow, A., & Yoon, J. (2022). A Primary Care Telehealth Pilot Program to Improve Access: Associations with Patients' Health Care Utilization and Costs. Telemedicine and e-Health, 28(5), 643-653.
