Machine Learning-Driven Intrusion Detection Systems: Reducing False Alarms and Enhancing Accuracy

Safwan Mawlood Hussein; Abubakar Muhammad Ashir

doi:10.23918/eajse.v10i3p9

Authors

Safwan Mawlood Hussein Computer Engineering Department, Faculty of Engineering, Tishk International University, Erbil, Iraq https://orcid.org/0000-0001-6535-5580
Abubakar Muhammad Ashir Computer Engineering Department, Faculty of Engineering, Tishk International University, Erbil, Iraq https://orcid.org/0000-0003-4009-8463

DOI:

https://doi.org/10.23918/eajse.v10i3p9

Keywords:

Intrusion Detection System, Machine Learning, KDD Cup 1999, Hybrid IDS, Anomaly-Based Detection, Signature-Based Detection

Abstract

The increasing sophistication of cyber threats presents ongoing challenges for securing modern networks, particularly in addressing the limitations of Intrusion Detection Systems (IDS). Traditional IDS solutions often suffer from high false-positive rates and limited accuracy in detecting novel or unknown attacks, leading to inefficiencies in security management. This paper explores the use of multiple Machine Learning (ML) algorithms to improve IDS performance, focusing on models such as Artificial Neural Networks (ANN), K-Nearest Neighbors (KNN), Decision Trees (DT), Naive Bayes (NB), Logistic Regression (LR), and Support Vector Machines (SVM). The research employs the KDD Cup 1999 dataset, a well-known benchmark for intrusion detection, to evaluate the effectiveness of these models. The study also investigates the role of Principal Component Analysis (PCA) improves model efficiency by reducing the dimensionality of the feature set. Experimental results demonstrate that the integration of ML algorithms significantly improves IDS accuracy while reducing false alarms. This research offers valuable insights into addressing key IDS limitations and provides a comprehensive performance comparison to identify the most suitable model for real-world application.

References

[1] D. E. Denning, "An Intrusion-Detection Model," IEEE Transactions on Software Engineering, vol. SE-13, no. 2, pp. 222-232, 1987, https://doi.org/10.1109/TSE.1987.232894

[2] Snort. "The Open Source Network Intrusion Detection System." https://www.snort.org (accessed 27/0, 2024).

[3] R. Bace and P. Mell, "NIST special publication on intrusion detection systems," National Institute of Standards and Technology, vol. 16, 2001.

[4] V. Jyothsna, R. Prasad, and K. M. Prasad, "A review of anomaly based intrusion detection systems," International Journal of Computer Applications, vol. 28, no. 7, pp. 26-35, 2011.

[5] S. M. Hussein, "Performance Evaluation of Intrusion Detection System Using Anomaly and Signature Based Algorithms to Reduction False Alarm Rate and Detect Unknown Attacks," in 2016 International Conference on Computational Science and Computational Intelligence (CSCI), 15-17 Dec. 2016 2016, pp. 1064-1069, https://doi.org/10.1109/CSCI.2016.0203.

[6] S. M. Hussein, F. H. M. Ali, and Z. Kasiran, "Evaluation effectiveness of hybrid IDS using Snort with Naïve Bayes to detect attacks," in 2012 Second International Conference on Digital Information and Communication Technology and it's Applications (DICTAP), 16-18 May 2012 2012, pp. 256-260, https://doi.org/10.1109/DICTAP.2012.6215386.

[7] I. Goodfellow, "Deep learning," ed: MIT press, 2016.

[8] K. P. Murphy, Machine learning: a probabilistic perspective. MIT press, 2012.

[9] A. Agarwal, N. Jiang, S. M. Kakade, and W. Sun, "Reinforcement learning: Theory and algorithms," CS Dept., UW Seattle, Seattle, WA, USA, Tech. Rep, vol. 32, p. 96, 2019.

[10] X. Zhu and A. B. Goldberg, Introduction to semi-supervised learning. Springer Nature, 2022.

[11] K. C. 1999. "KDD Cup 1999 Dataset." https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (accessed September 28, 2024).

[12] A. Géron, Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow. " O'Reilly Media, Inc.", 2022.

[13] C. Cortes, "Support-Vector Networks," Machine Learning, 1995.

[14] F. Farahnakian and J. Heikkonen, "A deep auto-encoder based approach for intrusion detection system," in 2018 20th International Conference on Advanced Communication Technology (ICACT), 2018: IEEE, pp. 178-183.

[15] I. T. Jolliffe and J. Cadima, "Principal component analysis: a review and recent developments," Philosophical transactions of the royal society A: Mathematical, Physical and Engineering Sciences, vol. 374, no. 2065, p. 20150202, 2016.

Machine Learning-Driven Intrusion Detection Systems: Reducing False Alarms and Enhancing Accuracy

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Data Availability Statement

Issue

Section

Categories

License

How to Cite

Most read articles by the same author(s)

Similar Articles

Information

Latest publications

Browse

Similar Articles

A Real-Time Automatic Kurdistan Numberplate Recognition System

Deep-Learning-Based Control of Sensorless Drives for Robotics and Automation

A Transfer-Learning-Based Approach for Emergency Vehicle Detection

Erbil Public Transportation Tracking: An IoT-based Solution for Urban Mobility Enhancement

Machine Learning Techniques for Landslide Susceptibility Mapping in Choman District, Iraq

Smart Learning Environment for Engineering Faculty: TIU as a Case Study

Investigating the Efficiency of Machine Learning Methods in Authorship Detection for Low-Resourced Languages: The Case of Kurdish Authors

Edge Detection Using Ant Colony Optimization: A Bio-Inspired Approach For Enhanced Image Segmentation

How To Minimize Transportation Noise Pollutions And Transportation Noise-Related Diseases Using Artificial Intelligence

A Deep Learning-Based Approach to Garbage Detection in urban centers