Analysis of NSL-KDD for the Implementation of Machine Learning in Network Intrusion Detection System
Article Sidebar
Main Article Content
Abstract
In the world of network data communication, anomaly detection is a crucial element in identifying abnormal behavior among the flowing data packets. Research in the field of intrusion detection often focuses on the search and analysis of anomalous patterns and the misuse of communication data. The research methodology in this study adopts CRISP-DM (Cross-Industry Standard Process for Data Mining) as the framework. The primary goal of this research is to conduct a comparative analysis of classification techniques to identify normal and anomaly records within network data. For this purpose, a publicly available standard dataset, NSL-KDD, is used. The NSL-KDD dataset consists of 41 attributes with relevance, and the 42nd attribute is used to identify normal class and four attack classes. The results of the analysis using the NSL-KDD dataset, applying the CRISP-DM methodology and machine learning techniques in the Network Intrusion Detection System, reveal that the Decision Tree model has the highest accuracy, achieving 100% on the training data and 80% on the testing data. These findings are compared with the results of using other models such as Random Forest, Logistic Regression, and K-Nearest Neighbor. This discovery has significant implications for enhancing NIDS's ability to recognize network threats and improve network system security.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright Notice
Authors who publish with Journal of Informatics, Information System, Software Engineering and Applications (INISTA) agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
References
[2] R. Rama Devi and M. Abualkibash, “Intrusion Detection System Classification Using Different Machine Learning Algorithms on KDD-99 and NSL-KDD Datasets - A Review Paper,” International Journal of Computer Science and Information Technology, vol. 11, no. 03, pp. 65–80, Jun. 2019, doi: 10.5121/ijcsit.2019.11306.
[3] O. Kayode-Ajala, “Anomaly Detection in Network Intrusion Detection Systems Using Machine Learning and Dimensionality Reduction,” SSRAML SageScience, vol. 4, no. 1, pp. 12–26, Apr. 2021.
[4] M. Esmaeili, S. H. Goki, B. H. K. Masjidi, M. Sameh, H. Gharagozlou, and A. S. Mohammed, “ML-DDoSnet: IoT Intrusion Detection Based on Denial-of-Service Attacks Using Machine Learning Methods and NSL-KDD,” Wirel Commun Mob Comput, vol. 2022, 2022, doi: 10.1155/2022/8481452.
[5] P. Maniriho, L. J. Mahoro, E. Niyigaba, Z. Bizimana, and T. Ahmad, “Detecting intrusions in computer network traffic with machine learning approaches,” International Journal of Intelligent Engineering and Systems, vol. 13, no. 3, pp. 433–445, 2020, doi: 10.22266/IJIES2020.0630.39.
[6] A. Devarakonda, N. Sharma, P. Saha, and S. Ramya, “Network intrusion detection: A comparative study of four classifiers using the NSL-KDD and KDD’99 datasets,” in Journal of Physics: Conference Series, IOP Publishing Ltd, Jan. 2022. doi: 10.1088/1742-6596/2161/1/012043.
[7] F. Masoodi, A. M. Bamhdi, and T. A. Teli, “Machine Learning for Classification analysis of Intrusion Detection on NSL-KDD Dataset,” Turkish Journal of Computer and Mathematics Education, vol. 12, no. 10, pp. 2286–2293, 2021.
[8] F. Ariadi, “Analisa Perbandingan Algoritma DT C.45 dan Naïve Bayes Dalam Prediksi Penerimaan Kredit Motor Article History ABSTRAK,” Jurnal Riset Inovasi Bidang Informatika dan Pendidikan Informatika (KERNEL), vol. 1, no. 1, Jun. 2020.
[9] S. Huber, H. Wiemer, D. Schneider, and S. Ihlenfeldt, “DMME: Data mining methodology for engineering applications - A holistic extension to the CRISP-DM model,” in Procedia CIRP, Elsevier B.V., 2019, pp. 403–408. doi: 10.1016/j.procir.2019.02.106.
[10] “NSL KDD-Dataset.” Accessed: Jan. 20, 2023. [Online]. Available: https://www.unb.ca/cic/datasets/nsl.html
[11] U. Ahmad, S. Naseer, and H. Asim, “Analysis of Classification Techniques for Intrusion Detection,” in International Conference on Innovative Computing (ICIC), Lahore, 2019.
[12] R. N. Wibowo, P. Sukarno, and E. M. Jadied, “Pendeteksian Serangan DoS Menggunakan Multiclassfier Pada NSL-KDD Dataset,” e-Proceeding of Engineering, vol. 5, no. 3, pp. 7885–7893, Dec. 2018.
[13] “KDD CUP 1999 Data.” Accessed: Jan. 19, 2023. [Online]. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[14] A. Agung Riyadi, F. Amsury, I. Saputra, and T. Pattiasina, “Comparative Analysis of The K-Nearest Neighbor Algorithm on Various Intrusion Detection Datasets,” JURNAL RISET INFORMATIKA, vol. 4, no. 1, Dec. 2021, doi: https://doi.org/10.34288/jri.v4i1.341.
[15] R. A. R. Mahmood, A. H. Abdi, and M. Hussin, “Performance evaluation of intrusion detection system using selected features and machine learning classifiers,” Baghdad Science Journal, vol. 18, pp. 884–898, Jun. 2021, doi: 10.21123/bsj.2021.18.2(Suppl.).0884.