Developing Anomaly-based Network Intrusion Detection Model Using Machine Learning Techniques

Abstract

Abstracts The rapid growth of information technology in recent years has brought countless benefits, but
it has also led to a significant rise in cyberattacks and other malicious activities. As software
and hardware technologies continue to advance, the volume and complexity of these threats
are escalating at an alarming pace. With more users depending on the internet for daily
activities, accurate network traffic classification has become a critical component of
cybersecurity. Every day, new attack methods are developed by individuals and organizations
seeking to exploit vulnerabilities and steal sensitive information. While numerous studies have
been conducted in this field, many rely on outdated datasets, which can limit their
effectiveness. Using outdated data often results in higher false alarm rates and lower detection
accuracy, making it harder to keep up with today’s evolving threat landscape. This thesis
presents a frame work on network intrusion detection model using four ensemble classifiers
including Random Forest, XGBoost, AdaBoost, and a Voting Classifier. To train and test our
models we use the CICIDS2017 dataset, which captures realistic network traffic and a wide
range of cyberattack types. The data underwent thorough deep preprocessing, including data
cleaning, normalization, and feature selection, to ensure optimal model performance. The
preprocessed data has 40 attribute and 250798 records. We have applied experimental
approach in our work and the experiment was done on using python programming language,
which have libraries like pundas,numpy,matplotlib,seaborn and skti-learn that make it suitable
to implement our models on using anaconda environment. The experiment was done for multi
class and binary class with 70/30% train test ratio, among the four models on both multi class
and binary class the Voting classifier significantly improves detection accuracy and result in
superior performance with 99.92% accuracy, 99.67% precision, 99.80% recall, and 99.73%
F1-scores compared to individual models. Lastly, the research findings indicate that ensemble
learning demonstrates superior performance in anomaly-based NIDS systems which provide
an effective tool for proactive network security against evolving threats.