Increasing the performance of intrusion detection models developed using machine learning method with preprocessing applied to the dataset

Cyber-attacks developed using artificial intelligence techniques in recent years can be successfully integrated into the system by learning the user behavior of the system they infiltrated, and thus cannot be detected by traditional security software. Such cyber-attacks, of which type and number are increasing rapidly, can be detected by anomaly-based Intrusion Detection Systems (STS). However, since the performance of such STSs is not sufficient, the importance of research on improving the performance of STSs is increasing. In this study, a four-stage methodology is proposed to increase the detection speed and accuracy of anomaly based intrusion detection models. Different datasets were obtained by applying categorical data coding, scaling, and hybrid feature selection preprocesses separately and together, respectively, to the NSL-KDD dataset used within the scope of this methodology. A large number of intrusion detection models were created using the obtained datasets and machine learning algorithms of K-Nearest Neighbor (KNN), Multi-Layer Perceptron (MLP), Random Forest (RF), eXtreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM). Finally, the performance of the models was improved by performing hyper-parameter optimization in the models where the most successful results were obtained. At the end of the study, 96.1% intrusion detection success was achieved in 0.373 s on the training dataset, and 100% intrusion detection success in 0.005 s on the test dataset.