Anomaly-Based Intrusion Detection Systems Using Machine Learning

Abstract

With the increased use of the Internet, unauthorized access has increased, allowing malicious users to hack networks and carry out malicious activities. One of the essential modern approaches in today's cybersecurity efforts is the limitation of access by suspect users. In this study, the approach toward real-time intrusion detection was to consider behavioral patterns of past users on the network. We classified the users as two categories: intervention and non-intervention, and employed the machine learning techniques Artificial Neural Networks [ANN], Support Vector Machines [SVM], and Decision Trees [DT]. The Decision Trees model was chosen as it had a mature capability concerning complex pattern recognition and an enhancement capability of the intrusion detection systems. The efficiency of these algorithms is examined via the key performance metrics: confusion matrix, F1-score, and Area Under the Curve [AUC]. Decision Tree, which came up as the best model for both the training and testing phases, produced an outstanding F1-score of 99.96% and AUC score of 99.93% in the testing phase. SVM and ANN gave good results; the F1 scores of SVM and ANN in the testing phase were 92.76% and 93.33%, while the AUC was 90.57% and 94.78%, respectively. This research will enlighten us on the influence of machine learning on the scope of intrusion detection, fostering more development efforts toward more responsive and dynamic intrusion detection systems. The comparative evaluation of these models will help in providing vital information for the further enhancement of cybersecurity strategies, ensuring better defenses against these ever-evolving cyber threats.