Comparative Analysis of ML Classifiers for Network Intrusion Detection

With the rapid growth in network-based applications, new risks arise, and different security mechanisms need additional attention to improve speed and accuracy. Although many new security tools have been developed, the fast growth of malicious activities continues to be a severe issue, and the ever-evolving attacks create serious threats to network security. Network administrators rely heavily on intrusion detection systems to detect such network intrusive activities. Machine learning methods are one of the predominant approaches to intrusion detection, where we learn models from data to differentiate between abnormal and normal traffic. Though machine learning approaches are used frequently, a deep analysis of machine learning algorithms in the context of intrusion detection is somewhat lacking. In this work, we present a comprehensive analysis of some existing machine learning classifiers regarding identifying intrusions in network traffic. Specifically, we analyze classifiers along various dimensions, namely feature selection, sensitivity to hyperparameter selection, and class imbalance problems that are inherent to intrusion detection. We evaluate several classifiers using the NSL-KDD dataset and summarize their effectiveness using a detailed experimental evaluation.