Comprehensive Performance Evaluation of Network Intrusion System Using Machine Learning Approach

  • Shahzad Haroon Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology, Karachi
  • Dr Syed Sajjad Hussain Hamdard University, Karachi


Over the last three decades, network devices are increasing due to technology like the Internet of Things (IoT) and Bring Your Own Device (BYOD). These rapidly increasing devices open many venues for network attacks whereas modern attacks are more sophisticated and complex to detect. To detect these attacks efficiently, we have used recently available dataset UNSW-NB15. UNSW-NB15 is developed according to the modern flow of network traffic with 49 features including 9 types of network attacks. To analyze the traffic pattern for the intrusion detection system(IDS), we have used multiple classifiers to test the accuracy. From the dataset UNSWNB15, we have used medium and strong correlated features. All the results from different classifiers are compared. Prominent results are achieved by ensemble bagged tree which classifies normal and individual attacks with an accuracy of 79%.


[1] L. Cui, S. Yang, F. Chen, Z. Ming, N. Lu, and J. Qin, “A survey on application of machine learning for Internet of Things,” Int. J. Mach. Learn. Cybern., vol. 9, no. 8, pp. 1399–1417, Aug. 2018.
[2] Q. Liu, P. Li, W. Zhao, W. Cai, S. Yu, and V. C. M. Leung, “A survey on security threats and defensive techniques of machine learning: A data driven view,” IEEE Access, vol. 6, pp. 12103–12117, 2018.
[3] C. Applications, “Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling ☆,” vol. 87, no. November 2016, pp. 185–192, 2017.
[4] P. Ravi Kiran Varma, V. Valli Kumari, and S.Srinivas Kumar, “A Survey of Feature Selection Techniques in Intrusion Detection System: A Soft Computing Perspective,” 2018, pp. 785–793.
[5] UCI Machine Learning Repository, “KDD Cup 1999 Data,” 2015. [Online]. Available: [Accessed: 04-Dec-2018].
[6] N. Moustafa, J. Slay, and I. Technology, “Intrusion Detection systems,” 2015.
[7] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” no. Cisda, pp. 1–6, 2009.
[8] K. Afdel, “DoS Detection Method based on Artificial Neural Networks,” no. May, 2017.
[9] M. AL-Hawawreh, N. Moustafa, and E. Sitnikova, “Identification of malicious activities in industrial internet of things based on deep learning models,” J. Inf. Secur. Appl., vol. 41, pp. 1–11, 2018.
[10] M. H. Kamarudin, C. Maple, T. Watson, and N. S. Safa, “A LogitBoost-Based Algorithm for Detecting Known and Unknown Web Attacks,” IEEE Access, vol. 5, pp. 26190–26200, 2017.
[11] M. Belouch, S. El Hadaj, and M. Idlianmiad, “Performance evaluation of intrusion detection based on machine learning using apache spark,” Procedia Comput. Sci., vol. 127, pp. 1–6, 2018.
[12] T. Janarthanan and S. Zargari, “Feature selection in UNSW-NB15 and KDDCUP’99 datasets,” IEEE Int. Symp. Ind. Electron., pp. 1881–1886, 2017.
[13] N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems : Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set The evaluation of Network Anomaly Detection Systems : Statistical analysis of,” vol. 3555, no. January, pp. 0–14, 2016.
[14] A. F. M. Agarap, “A Neural Network Architecture Combining Gated Recurrent Unit (GRU) and Support Vector Machine (SVM) for Intrusion Detection in Network Traffic Data,” in Proceedings of the 2018 10th International Conference on Machine Learning and Computing - ICMLC 2018, 2018, pp. 26–30.
[15] M.-Y. Su, “Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification,” J. Netw. Comput. Appl., vol. 34, no. 2, pp. 722–730, Mar. 2011.
[16] A. Lakhina, K. Papagiannaki, M. Crovella, C. Diot, E. D. Kolaczyk, and N. Taft, “Structural analysis of network traffic flows,” ACM SIGMETRICS Perform. Eval. Rev., vol. 32, no. 1, p. 61, Jun. 2004.
[17] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” no. Cisda, pp. 1–6, 2009.