SlideShare a Scribd company logo
1
2024/6/6
M.Sc Thesis Title:
Machine Learning Based Model for
Network Intrusion Detection
2
Outlines
• Introduction
• Research Gap
• Methodology of Study
• Attack Types
• Types of Intrusion Detection System and Approaches
• Machine Learning Types
• 10-Fold Cross-validation Training Model
• Applied ML Algorithms
• Performance metrics
• Results
• Conclusion and Future work
• References
3
Introduction
• Demand for cyber security and protection.
• Popularity of the Internet of Things.
• Confidentiality, integrity and availability of network data [1].
• Smart grids are currently using data-driven technology [2].
• Firewalls and encryption.
• For Internet-based cyber-attacks an intrusion detection
system (IDS) is better.
• Global ransom ware damage costs would go beyond $20
billion by 2021 [3].
• Global cybercrime operating costs are expected to reach
$10.5 trillion annually by 2025 [4].
4
5
Research Gaps
1. Traditional methods like firewall and
encryption
2. Usage of old datasets
3. Only one evaluation metric i.e. accuracy
4. Problems arising in traditional techniques
4.1 Low accuracy, high error, high false positive
rate or low precision
5. Feature reduction
6
Proposed Solutions
1. Advancement of modern methods like
Machine Learning
2. Usage of up-to-date datasets
3. Considered multiple evaluation metrics
4. To design ML-based model for intrusion
detection.
5. Optimal model for intrusion detection is most
important without changing networking data.
7
Methodology (Flowchart of the study)
8
Attack Types
1. Probe
Scanning of system
Low level attack
2. Denial of Service
Prevent the authorized users to get access
Continuously engages the system
3. Remote to User
Abuse the privileges of a system
Release vulnerabilities within network
4. User to Root
Attacker or a genuine person with minimal or normal privileges
Attacker looks for system flaws
9
Types of Intrusion Detection System
Intrusion detection system (IDS)
• Analyze and monitor the traffic
• Malicious activity
• Protect the computer network
1. Host Based IDS
• HIDS relies on a single system
• Keep an eye on a host's internal environment
• Resources, file system, and programs
2. Network Based IDS
• Composed of the networks
• Inbound and outbound traffic patterns [12]
10
Types of Intrusion Detection Approaches
1. Misuse/Signature Based
• Attacks have signatures
• File fingerprints
• Comparing the signatures of every activity
2. Anomaly Based
• Looks for unexpected activity
• Differs from the normal operational baseline
• Likelihood of detecting novel (zero-day) threats
• Preferable
3. Hybrid Based
• Detection rate of zero-day assaults rises
• Combination of the signature and anomaly approaches
• Generally deployed as a hybrid arrangement
11
Machine Learning Types
Figure 2. Machine Learning Types
Machine
Learning
Supervised
Learning
Data with
Label
Classification Regression
Unsupervised
Learning
Data without
Label
Clustering Association
Reinforcemen
t Learning
State and
Action
Model-Free Model-Based
12
Datasets
1. NSL-KDD
Binary class dataset either normal or anomaly
Reference for NIDS performance evaluation
Updated version of KDD Cup 99
Absence of redundant records and duplicate records
2. UNSW-NB
Binary class dataset
Contain different types of new attacks
Number of real-time normal activities
Australian Centre for Cyber Security website
3. Kaggle
Multiclass dataset
5 categories: normal, denial of service, r21, probe and u2r [13]
13
10-Fold Cross-Validation Training Model
14
Applied MLAlgorithms
Random Forest
• Supervised Learning technique
• Regression and classification problems
• Combines a number of decision trees
• Lower the chance of over fitting
• No need feature scaling
• Effective on big databases.
• It is an ensemble classification technique
• Based on the DT algorithm and provides individual trees as output.
• This algorithm combines random feature selection with the bagging
concept to generate a set of DTs having controlled variances [14]
15
Random Forest Architecture
16
Performance Metrics and Mathematical Forms
17
RF Technique Results
NSL-KDD Kaggle UNSW NB
Performance Metrics
Accuracy 99.9174 99.8857 99.9053
Precision 0.999 0.999 0.999
TPR 0.999 0.999 0.999
FPR 0.001 0.001 0.001
Error Rate 0.0028 0.0014 0.0108
MCC 0.998 0.998 0.998
ROC Area 1 1 1
18
NSL-KDD Dataset Results
Accuracy TPR FPR Precision Error Rate MCC ROC Area
Random
Forest 99.9174 0.999 0.001 0.999 0.0028 0.998 1
A1DE 99.7952 0.998 0.002 0.998 0.0022 0.996 1
Naïve Bayes 90.3813 0.904 0.101 0.905 0.0965 0.807 0.966
IBK/KNN 90.3813 0.904 0.101 0.905 0.0965 0.807 0.966
AdaBoostM1
94.5044 0.945 0.057 0.945 0.079 0.89 0.988
Random Tree
99.7658 0.998 0.002 0.998 0.0023 0.995 0.998
Decision
Stump
92.215 0.922 0.079 0.922 0.1436 0.844 0.92
Hoeffding
Tree
98.849 0.988 0.012 0.989 0.0161 0.977 0.995
19
Kaggle Dataset Results
Accuracy TPR FPR Precision Error Rate MCC ROC Area
Random
Forest 99.8857 0.999 0.001 0.999 0.0014 0.998 1
A1DE
99.792 0.998 0.001 0.998 0.0009 0.997 1
Naïve
Bayes 83.3996 0.834 0.046 0.91 0.0665 0.786 0.966
IBK/KNN
99.665 0.997 0.002 0.997 0.0014 0.994 0.997
AdaBoost
M1 83.1519 0.832 0.12 0.984 0.153 0.9677 0.952
Random
Tree 99.7293 0.997 0.002 0.997 0.0011 0.996 0.998
Decision
Stump 83.1519 0.832 0.12 0.984 0.1104 0.9677 0.882
Hoeffding
Tree 97.2573 0.973 0.018 0.971 0.0152 0.954 0.989
20
UNSW-NB Dataset Results
Accuracy TPR FPR Precision Error Rate MCC ROC Area
Random
Forest 99.9053 0.999 0.001 0.999 0.0108 0.998 1
A1DE 99.4243 0.994 0.005 0.994 0.007 0.988 1
Naïve
Bayes 76.8243 0.768 0.205 0.802 0.2335 0.572 0.864
IBK/KNN 98.721 0.987 0.013 0.987 0.0128 0.974 0.987
AdaBoost
M1 99.3575 0.994 0.008 0.994 0.0373 0.987 0.999
Random
Tree 99.2943 0.993 0.007 0.993 0.007 0.986 0.993
Decision
Stump 76.6324 0.766 0.286 0.835 0.3287 0.579 0.738
Hoeffding
Tree 96.6028 0.966 0.038 0.966 0.0529 0.932 0.981
21
Conclusion
• Random Forest best performance
• 10 Fold Cross Validation
• 3 Datasets: NSL-KDD, UNSW NB15 and Kaggle
• RT, A1DE, NB, KNN, AdaBoostM1, DS and HT
Futuristic Direction
• Deep learning models
• Newer and real-time datasets
22
References
1. K. NandhaKumar and S. Sukumaran, “A hybrid adaptive development algorithm and machine learning based
method for intrusion detection and prevention system,” Turkish J. Comput. Math. Educ., vol. 12, no. 5, pp. 1226–
1236, 2021.
2. S. N. Mohan, G. Ravikumar and M. Govindarasu, "Distributed Intrusion Detection System using Semantic-based
Rules for SCADA in Smart Grid," 2020 IEEE/PES Transmission and Distribution Conference and Exposition
(T&D), 2020, pp. 1-5.
3. “Global ransomware damage costs to exceed $265 billion by 2031 - EIN presswire.”
https://www.einnews.com/pr_news/542950077/global-ransomware-damage-costs-to-exceed-265-billion-by-2031
(accessed Jun. 03, 2022).
4. “Cybercrime to cost the world $10.5 trillion annually by 2025.” https://cybersecurityventures.com/cybercrime-
damages-6-trillion-by-2021/ (accessed Jan. 17, 2022).
5. M. Sarnovsky and J. Paralic, “Hierarchical intrusion detection using machine learning and knowledge model,”
Symmetry (Basel)., vol. 12, no. 2, pp. 1–14, 2020.
6. M. Shahzad Haroon and H. Mansoor Ali, “Adversarial training against adversarial attacks for machine learning-
based intrusion detection systems,” Comput. Mater. Contin., vol. 73, no. 2, pp. 3513–3527, 2022.
7. S. A. Hussein, A. A. Mahmood and E. O. Oraby, “Network intrusion detection system using ensemble learning
approaches,” Webology, vol. 18, no. Special Issue, pp. 962–974, 2021.
23
References
8. S. Razdan, H. Gupta and A. Seth, “Performance analysis of network intrusion detection systems using j48 and
naive bayes algorithms,” 2021 6th Int. Conf. Converg. Technol. I2CT 2021, pp. 1–7, 2021.
9. Z. Ahmad, A. S. Khan, C. W. Shiang, J. Abdullah and F. Ahmad, “Network intrusion detection system: A
systematic study of machine learning and deep learning approaches,” Trans. Emerg. Telecommun. Technol., vol.
32, no. 1, pp. 1–29, 2021.
10. M. Data and M. Aritsugi, “T-DFNN: An incremental learning algorithm for intrusion detection systems,” IEEE
Access, vol. 9, pp. 154156–154171, 2021.
11. R. Panigrahi, S. Borah, A. K. Bhoi, M. F. Ijaz, M. Pramanik et al., “A consolidated decision tree-based intrusion
detection system for binary and multiclass imbalanced datasets,” Mathematics, vol. 9, no. 7, 2021.
12. D. Chou and M. Jiang, “A survey on data-driven network intrusion detection,” ACM Comput. Surv., vol. 54, no. 9,
pp. 1–36, 2022.
13. S. Lee, A. Abdullah, N. Jhanjhi and S. Kok, “Classification of botnet attacks in IoT smart factory using honeypot
combined with machine learning,” PeerJ Comput. Sci., vol. 7, pp. 1–23, 2021.
14. Z. K. Maseer, R. Yusof, N. Bahaman, S. A. Mostafa, and C. F. M. Foozy, “Benchmarking of machine learning for
anomaly based intrusion detection systems in the CICIDS2017 dataset,” IEEE Access, vol. 9, pp. 22351–22370,
2021.
15. P. Dini and S. Saponara, “Analysis, design, and comparison of machine-learning techniques for networking
intrusion detection,” Designs, vol. 5, no. 1, pp. 1–22, 2021.

More Related Content

Similar to ML Based Model for NIDS MSc Updated Presentation.v2.pptx

ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
IJCNCJournal
 
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsActor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
IJCNCJournal
 
Deep learning algorithms for intrusion detection systems in internet of thin...
Deep learning algorithms for intrusion detection systems in  internet of thin...Deep learning algorithms for intrusion detection systems in  internet of thin...
Deep learning algorithms for intrusion detection systems in internet of thin...
IJECEIAES
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
voversbyobersby
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETCLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
IJNSA Journal
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETCLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
IJNSA Journal
 
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIER
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIER
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIER
CSEIJJournal
 
Attack Detection Availing Feature Discretion using Random Forest Classifier
Attack Detection Availing Feature Discretion using Random Forest ClassifierAttack Detection Availing Feature Discretion using Random Forest Classifier
Attack Detection Availing Feature Discretion using Random Forest Classifier
CSEIJJournal
 
LSTM deep learning method for network intrusion detection system
LSTM deep learning method for network intrusion  detection system LSTM deep learning method for network intrusion  detection system
LSTM deep learning method for network intrusion detection system
IJECEIAES
 
Intrusion Detection System Using Machine Learning: An Overview
Intrusion Detection System Using Machine Learning: An OverviewIntrusion Detection System Using Machine Learning: An Overview
Intrusion Detection System Using Machine Learning: An Overview
IRJET Journal
 
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...
IRJET Journal
 
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...
IJCNCJournal
 
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
IJCNCJournal
 
Machine learning-based intrusion detection system for detecting web attacks
Machine learning-based intrusion detection system for detecting web attacksMachine learning-based intrusion detection system for detecting web attacks
Machine learning-based intrusion detection system for detecting web attacks
IAESIJAI
 
Intrusion Detection System using K-Means Clustering and SMOTE
Intrusion Detection System using K-Means Clustering and SMOTEIntrusion Detection System using K-Means Clustering and SMOTE
Intrusion Detection System using K-Means Clustering and SMOTE
IRJET Journal
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION  DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION  DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
IJNSA Journal
 
Feature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDSFeature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDS
IJCNCJournal
 
Feature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDSFeature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDS
IJCNCJournal
 
Botnet detection using Wgans for security
Botnet detection using Wgans for securityBotnet detection using Wgans for security
Botnet detection using Wgans for security
ssuser3f5a831
 
Intrusion detection with Parameterized Methods for Wireless Sensor Networks
Intrusion detection with Parameterized Methods for Wireless Sensor NetworksIntrusion detection with Parameterized Methods for Wireless Sensor Networks
Intrusion detection with Parameterized Methods for Wireless Sensor Networks
rahulmonikasharma
 

Similar to ML Based Model for NIDS MSc Updated Presentation.v2.pptx (20)

ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTSACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
ACTOR CRITIC APPROACH BASED ANOMALY DETECTION FOR EDGE COMPUTING ENVIRONMENTS
 
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing EnvironmentsActor Critic Approach based Anomaly Detection for Edge Computing Environments
Actor Critic Approach based Anomaly Detection for Edge Computing Environments
 
Deep learning algorithms for intrusion detection systems in internet of thin...
Deep learning algorithms for intrusion detection systems in  internet of thin...Deep learning algorithms for intrusion detection systems in  internet of thin...
Deep learning algorithms for intrusion detection systems in internet of thin...
 
COPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docxCOPYRIGHTThis thesis is copyright materials protected under the .docx
COPYRIGHTThis thesis is copyright materials protected under the .docx
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETCLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
 
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETCLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SET
 
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIER
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIERATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIER
ATTACK DETECTION AVAILING FEATURE DISCRETION USING RANDOM FOREST CLASSIFIER
 
Attack Detection Availing Feature Discretion using Random Forest Classifier
Attack Detection Availing Feature Discretion using Random Forest ClassifierAttack Detection Availing Feature Discretion using Random Forest Classifier
Attack Detection Availing Feature Discretion using Random Forest Classifier
 
LSTM deep learning method for network intrusion detection system
LSTM deep learning method for network intrusion  detection system LSTM deep learning method for network intrusion  detection system
LSTM deep learning method for network intrusion detection system
 
Intrusion Detection System Using Machine Learning: An Overview
Intrusion Detection System Using Machine Learning: An OverviewIntrusion Detection System Using Machine Learning: An Overview
Intrusion Detection System Using Machine Learning: An Overview
 
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...
A Comparative Study of Deep Learning Approaches for Network Intrusion Detecti...
 
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...
An Efficient Intrusion Detection System with Custom Features using FPA-Gradie...
 
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
AN EFFICIENT INTRUSION DETECTION SYSTEM WITH CUSTOM FEATURES USING FPA-GRADIE...
 
Machine learning-based intrusion detection system for detecting web attacks
Machine learning-based intrusion detection system for detecting web attacksMachine learning-based intrusion detection system for detecting web attacks
Machine learning-based intrusion detection system for detecting web attacks
 
Intrusion Detection System using K-Means Clustering and SMOTE
Intrusion Detection System using K-Means Clustering and SMOTEIntrusion Detection System using K-Means Clustering and SMOTE
Intrusion Detection System using K-Means Clustering and SMOTE
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION  DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION  DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
 
Feature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDSFeature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDS
 
Feature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDSFeature Selection using the Concept of Peafowl Mating in IDS
Feature Selection using the Concept of Peafowl Mating in IDS
 
Botnet detection using Wgans for security
Botnet detection using Wgans for securityBotnet detection using Wgans for security
Botnet detection using Wgans for security
 
Intrusion detection with Parameterized Methods for Wireless Sensor Networks
Intrusion detection with Parameterized Methods for Wireless Sensor NetworksIntrusion detection with Parameterized Methods for Wireless Sensor Networks
Intrusion detection with Parameterized Methods for Wireless Sensor Networks
 

Recently uploaded

The Control of Relative Humidity & Moisture Content in The Air
The Control of Relative Humidity & Moisture Content in The AirThe Control of Relative Humidity & Moisture Content in The Air
The Control of Relative Humidity & Moisture Content in The Air
Ashraf Ismail
 
Chartered Cost Engineer ChCE certification.pdf
Chartered Cost Engineer ChCE certification.pdfChartered Cost Engineer ChCE certification.pdf
Chartered Cost Engineer ChCE certification.pdf
GAFM ACADEMY
 
Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in City
sunnuchadda
 
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
rawankhanlove256
 
IE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptx
IE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptxIE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptx
IE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptx
BehairyAhmed2
 
Disaster Management and Mitigation presentation
Disaster Management and Mitigation presentationDisaster Management and Mitigation presentation
Disaster Management and Mitigation presentation
RajaRamannaTarigoppu
 
Presentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptx
Presentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptxPresentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptx
Presentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptx
Er. Kushal Ghimire
 
Distillation-1.vapour liquid equilibrium
Distillation-1.vapour liquid equilibriumDistillation-1.vapour liquid equilibrium
Distillation-1.vapour liquid equilibrium
RjKing12
 
Technical Seminar of Mca computer vision .ppt
Technical Seminar of Mca computer vision .pptTechnical Seminar of Mca computer vision .ppt
Technical Seminar of Mca computer vision .ppt
AnkitaVerma776806
 
Top EPC companies in India - Best EPC Contractor
Top EPC companies in India - Best EPC  ContractorTop EPC companies in India - Best EPC  Contractor
Top EPC companies in India - Best EPC Contractor
MangeshK6
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
huseindihon
 
杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<
杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<
杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<
amzhoxvzidbke
 
How to Formulate A Good Research Question
How to Formulate A  Good Research QuestionHow to Formulate A  Good Research Question
How to Formulate A Good Research Question
rkpv2002
 
Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...
RohitGhulanavar2
 
Buy a fake University of Washington diploma
Buy a fake University of Washington diplomaBuy a fake University of Washington diploma
Buy a fake University of Washington diploma
College diploma
 
EAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagne
EAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagneEAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagne
EAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagne
idelewebmestre
 
Security Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey
Security Attacks and Solutions in Vehicular Ad Hoc Networks: A SurveySecurity Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey
Security Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey
pijans
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
huseindihon
 
readers writers Problem in operating system
readers writers Problem in operating systemreaders writers Problem in operating system
readers writers Problem in operating system
VADAPALLYPRAVEENKUMA1
 
API-1150WB-Cooling Towers.pdf with details
API-1150WB-Cooling Towers.pdf with detailsAPI-1150WB-Cooling Towers.pdf with details
API-1150WB-Cooling Towers.pdf with details
MuhammadUsmanAsghar4
 

Recently uploaded (20)

The Control of Relative Humidity & Moisture Content in The Air
The Control of Relative Humidity & Moisture Content in The AirThe Control of Relative Humidity & Moisture Content in The Air
The Control of Relative Humidity & Moisture Content in The Air
 
Chartered Cost Engineer ChCE certification.pdf
Chartered Cost Engineer ChCE certification.pdfChartered Cost Engineer ChCE certification.pdf
Chartered Cost Engineer ChCE certification.pdf
 
Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 in City
 
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
 
IE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptx
IE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptxIE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptx
IE-469-Lecture-Notes-3IE-469-Lecture-Notes-3.pptx
 
Disaster Management and Mitigation presentation
Disaster Management and Mitigation presentationDisaster Management and Mitigation presentation
Disaster Management and Mitigation presentation
 
Presentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptx
Presentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptxPresentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptx
Presentation slide on DESIGN AND FABRICATION OF MOBILE CONTROLLED DRAINAGE.pptx
 
Distillation-1.vapour liquid equilibrium
Distillation-1.vapour liquid equilibriumDistillation-1.vapour liquid equilibrium
Distillation-1.vapour liquid equilibrium
 
Technical Seminar of Mca computer vision .ppt
Technical Seminar of Mca computer vision .pptTechnical Seminar of Mca computer vision .ppt
Technical Seminar of Mca computer vision .ppt
 
Top EPC companies in India - Best EPC Contractor
Top EPC companies in India - Best EPC  ContractorTop EPC companies in India - Best EPC  Contractor
Top EPC companies in India - Best EPC Contractor
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
 
杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<
杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<
杨洋李一桐做爱视频流出【网芷:ht28.co】国产国产午夜精华>>>[网趾:ht28.co】]<<<
 
How to Formulate A Good Research Question
How to Formulate A  Good Research QuestionHow to Formulate A  Good Research Question
How to Formulate A Good Research Question
 
Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...Sustainable construction is the use of renewable and recyclable materials in ...
Sustainable construction is the use of renewable and recyclable materials in ...
 
Buy a fake University of Washington diploma
Buy a fake University of Washington diplomaBuy a fake University of Washington diploma
Buy a fake University of Washington diploma
 
EAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagne
EAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagneEAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagne
EAAP2023 : Durabilité et services écosystémiques de l'élevage ovin de montagne
 
Security Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey
Security Attacks and Solutions in Vehicular Ad Hoc Networks: A SurveySecurity Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey
Security Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
 
readers writers Problem in operating system
readers writers Problem in operating systemreaders writers Problem in operating system
readers writers Problem in operating system
 
API-1150WB-Cooling Towers.pdf with details
API-1150WB-Cooling Towers.pdf with detailsAPI-1150WB-Cooling Towers.pdf with details
API-1150WB-Cooling Towers.pdf with details
 

ML Based Model for NIDS MSc Updated Presentation.v2.pptx

  • 1. 1 2024/6/6 M.Sc Thesis Title: Machine Learning Based Model for Network Intrusion Detection
  • 2. 2 Outlines • Introduction • Research Gap • Methodology of Study • Attack Types • Types of Intrusion Detection System and Approaches • Machine Learning Types • 10-Fold Cross-validation Training Model • Applied ML Algorithms • Performance metrics • Results • Conclusion and Future work • References
  • 3. 3 Introduction • Demand for cyber security and protection. • Popularity of the Internet of Things. • Confidentiality, integrity and availability of network data [1]. • Smart grids are currently using data-driven technology [2]. • Firewalls and encryption. • For Internet-based cyber-attacks an intrusion detection system (IDS) is better. • Global ransom ware damage costs would go beyond $20 billion by 2021 [3]. • Global cybercrime operating costs are expected to reach $10.5 trillion annually by 2025 [4].
  • 4. 4
  • 5. 5 Research Gaps 1. Traditional methods like firewall and encryption 2. Usage of old datasets 3. Only one evaluation metric i.e. accuracy 4. Problems arising in traditional techniques 4.1 Low accuracy, high error, high false positive rate or low precision 5. Feature reduction
  • 6. 6 Proposed Solutions 1. Advancement of modern methods like Machine Learning 2. Usage of up-to-date datasets 3. Considered multiple evaluation metrics 4. To design ML-based model for intrusion detection. 5. Optimal model for intrusion detection is most important without changing networking data.
  • 8. 8 Attack Types 1. Probe Scanning of system Low level attack 2. Denial of Service Prevent the authorized users to get access Continuously engages the system 3. Remote to User Abuse the privileges of a system Release vulnerabilities within network 4. User to Root Attacker or a genuine person with minimal or normal privileges Attacker looks for system flaws
  • 9. 9 Types of Intrusion Detection System Intrusion detection system (IDS) • Analyze and monitor the traffic • Malicious activity • Protect the computer network 1. Host Based IDS • HIDS relies on a single system • Keep an eye on a host's internal environment • Resources, file system, and programs 2. Network Based IDS • Composed of the networks • Inbound and outbound traffic patterns [12]
  • 10. 10 Types of Intrusion Detection Approaches 1. Misuse/Signature Based • Attacks have signatures • File fingerprints • Comparing the signatures of every activity 2. Anomaly Based • Looks for unexpected activity • Differs from the normal operational baseline • Likelihood of detecting novel (zero-day) threats • Preferable 3. Hybrid Based • Detection rate of zero-day assaults rises • Combination of the signature and anomaly approaches • Generally deployed as a hybrid arrangement
  • 11. 11 Machine Learning Types Figure 2. Machine Learning Types Machine Learning Supervised Learning Data with Label Classification Regression Unsupervised Learning Data without Label Clustering Association Reinforcemen t Learning State and Action Model-Free Model-Based
  • 12. 12 Datasets 1. NSL-KDD Binary class dataset either normal or anomaly Reference for NIDS performance evaluation Updated version of KDD Cup 99 Absence of redundant records and duplicate records 2. UNSW-NB Binary class dataset Contain different types of new attacks Number of real-time normal activities Australian Centre for Cyber Security website 3. Kaggle Multiclass dataset 5 categories: normal, denial of service, r21, probe and u2r [13]
  • 14. 14 Applied MLAlgorithms Random Forest • Supervised Learning technique • Regression and classification problems • Combines a number of decision trees • Lower the chance of over fitting • No need feature scaling • Effective on big databases. • It is an ensemble classification technique • Based on the DT algorithm and provides individual trees as output. • This algorithm combines random feature selection with the bagging concept to generate a set of DTs having controlled variances [14]
  • 16. 16 Performance Metrics and Mathematical Forms
  • 17. 17 RF Technique Results NSL-KDD Kaggle UNSW NB Performance Metrics Accuracy 99.9174 99.8857 99.9053 Precision 0.999 0.999 0.999 TPR 0.999 0.999 0.999 FPR 0.001 0.001 0.001 Error Rate 0.0028 0.0014 0.0108 MCC 0.998 0.998 0.998 ROC Area 1 1 1
  • 18. 18 NSL-KDD Dataset Results Accuracy TPR FPR Precision Error Rate MCC ROC Area Random Forest 99.9174 0.999 0.001 0.999 0.0028 0.998 1 A1DE 99.7952 0.998 0.002 0.998 0.0022 0.996 1 Naïve Bayes 90.3813 0.904 0.101 0.905 0.0965 0.807 0.966 IBK/KNN 90.3813 0.904 0.101 0.905 0.0965 0.807 0.966 AdaBoostM1 94.5044 0.945 0.057 0.945 0.079 0.89 0.988 Random Tree 99.7658 0.998 0.002 0.998 0.0023 0.995 0.998 Decision Stump 92.215 0.922 0.079 0.922 0.1436 0.844 0.92 Hoeffding Tree 98.849 0.988 0.012 0.989 0.0161 0.977 0.995
  • 19. 19 Kaggle Dataset Results Accuracy TPR FPR Precision Error Rate MCC ROC Area Random Forest 99.8857 0.999 0.001 0.999 0.0014 0.998 1 A1DE 99.792 0.998 0.001 0.998 0.0009 0.997 1 Naïve Bayes 83.3996 0.834 0.046 0.91 0.0665 0.786 0.966 IBK/KNN 99.665 0.997 0.002 0.997 0.0014 0.994 0.997 AdaBoost M1 83.1519 0.832 0.12 0.984 0.153 0.9677 0.952 Random Tree 99.7293 0.997 0.002 0.997 0.0011 0.996 0.998 Decision Stump 83.1519 0.832 0.12 0.984 0.1104 0.9677 0.882 Hoeffding Tree 97.2573 0.973 0.018 0.971 0.0152 0.954 0.989
  • 20. 20 UNSW-NB Dataset Results Accuracy TPR FPR Precision Error Rate MCC ROC Area Random Forest 99.9053 0.999 0.001 0.999 0.0108 0.998 1 A1DE 99.4243 0.994 0.005 0.994 0.007 0.988 1 Naïve Bayes 76.8243 0.768 0.205 0.802 0.2335 0.572 0.864 IBK/KNN 98.721 0.987 0.013 0.987 0.0128 0.974 0.987 AdaBoost M1 99.3575 0.994 0.008 0.994 0.0373 0.987 0.999 Random Tree 99.2943 0.993 0.007 0.993 0.007 0.986 0.993 Decision Stump 76.6324 0.766 0.286 0.835 0.3287 0.579 0.738 Hoeffding Tree 96.6028 0.966 0.038 0.966 0.0529 0.932 0.981
  • 21. 21 Conclusion • Random Forest best performance • 10 Fold Cross Validation • 3 Datasets: NSL-KDD, UNSW NB15 and Kaggle • RT, A1DE, NB, KNN, AdaBoostM1, DS and HT Futuristic Direction • Deep learning models • Newer and real-time datasets
  • 22. 22 References 1. K. NandhaKumar and S. Sukumaran, “A hybrid adaptive development algorithm and machine learning based method for intrusion detection and prevention system,” Turkish J. Comput. Math. Educ., vol. 12, no. 5, pp. 1226– 1236, 2021. 2. S. N. Mohan, G. Ravikumar and M. Govindarasu, "Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid," 2020 IEEE/PES Transmission and Distribution Conference and Exposition (T&D), 2020, pp. 1-5. 3. “Global ransomware damage costs to exceed $265 billion by 2031 - EIN presswire.” https://www.einnews.com/pr_news/542950077/global-ransomware-damage-costs-to-exceed-265-billion-by-2031 (accessed Jun. 03, 2022). 4. “Cybercrime to cost the world $10.5 trillion annually by 2025.” https://cybersecurityventures.com/cybercrime- damages-6-trillion-by-2021/ (accessed Jan. 17, 2022). 5. M. Sarnovsky and J. Paralic, “Hierarchical intrusion detection using machine learning and knowledge model,” Symmetry (Basel)., vol. 12, no. 2, pp. 1–14, 2020. 6. M. Shahzad Haroon and H. Mansoor Ali, “Adversarial training against adversarial attacks for machine learning- based intrusion detection systems,” Comput. Mater. Contin., vol. 73, no. 2, pp. 3513–3527, 2022. 7. S. A. Hussein, A. A. Mahmood and E. O. Oraby, “Network intrusion detection system using ensemble learning approaches,” Webology, vol. 18, no. Special Issue, pp. 962–974, 2021.
  • 23. 23 References 8. S. Razdan, H. Gupta and A. Seth, “Performance analysis of network intrusion detection systems using j48 and naive bayes algorithms,” 2021 6th Int. Conf. Converg. Technol. I2CT 2021, pp. 1–7, 2021. 9. Z. Ahmad, A. S. Khan, C. W. Shiang, J. Abdullah and F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 1, pp. 1–29, 2021. 10. M. Data and M. Aritsugi, “T-DFNN: An incremental learning algorithm for intrusion detection systems,” IEEE Access, vol. 9, pp. 154156–154171, 2021. 11. R. Panigrahi, S. Borah, A. K. Bhoi, M. F. Ijaz, M. Pramanik et al., “A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets,” Mathematics, vol. 9, no. 7, 2021. 12. D. Chou and M. Jiang, “A survey on data-driven network intrusion detection,” ACM Comput. Surv., vol. 54, no. 9, pp. 1–36, 2022. 13. S. Lee, A. Abdullah, N. Jhanjhi and S. Kok, “Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning,” PeerJ Comput. Sci., vol. 7, pp. 1–23, 2021. 14. Z. K. Maseer, R. Yusof, N. Bahaman, S. A. Mostafa, and C. F. M. Foozy, “Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset,” IEEE Access, vol. 9, pp. 22351–22370, 2021. 15. P. Dini and S. Saponara, “Analysis, design, and comparison of machine-learning techniques for networking intrusion detection,” Designs, vol. 5, no. 1, pp. 1–22, 2021.

Editor's Notes

  1. In smart grid, SCADA system receives different data from different sources like homes, industries, vehicles etc Smart grid receive and send data signals between the producers and consumers that makes the power networks expose to cyber threats.