Balanced Multi-Class Network Intrusion Detection Using Machine Learning

Cybersecurity is gaining a high position in the IT sector. Connecting more devices to the internet smooths the way for hackers. It is hard for signature-based security tools to detect new attacks that emerge and evolve with slight changes. Researchers are trying to build a Network Intrusion Detection System (NIDS) that can accurately detect the zero-day attacks evolved through minor changes. An anomaly-based NIDS has attracted researchers to develop a system to detect malign traffic in a network using Machine Learning (ML) models. Therefore, in recent years, the designs of modern NIDS for higher detection rates and lower false alarms have been refined by utilizing advanced ML and Deep Learning (DL) approaches. However, it is still a problem for the supervised and unsupervised algorithms to achieve high performance, absolute accuracy, and minimal false alarm rate. This work aims to design an effective NIDS that addresses the current limitation using machine learning models trained on reliable flow-based data (CICIDS-2017). The system will improve the detection accuracy and reduce false alarms in high-speed network environments. To achieve results, the dataset has been balanced using the SMOTE-Tomek Links technique. After cleaning and organizing the dataset, the trained algorithms are Decision Tree, Random Forest, XGBoost, K-Nearest Neighbor, Naive Bayes, Logistic Regression, and AdaBoost algorithm. These algorithms are pulled from literature studies because of their exceptional performance on old datasets. This work has achieved a Decision Tree model with 96.37% accuracy and 96.33% F1-score and the AdaBoost model with 96.37% accuracy and 96.33% F1-score for multiclass classification. For binary classification, the Decision Tree (DT) model has exhibited the highest test accuracy of 99.96%, followed by Random Forest (99.84%), Adaboost (99.77%), and Xgboost (99.57), with the highest average precision of 100% and ROC-AUC of 99.96%. We have also found that binary classification performs better when it takes more time to train each classifier than multiclass classification. This research study incorporates proper validation of the models and achieves high accuracy and exact results compared to the literature. The results show that a balanced CICIDS-2017 dataset improves the performance of decision trees and AdaBoost classifiers. The emplacement of NIDS in networks and their underlying technology are equally significant for detecting real-time attacks.