Network Intrusion Detection System
Using Machine Learning
Christeena
Dublin Business School
Dublin, Ireland
1. ABSTRACT
The rapid advances in the internet and
communication fields have resulted in a massive
increase in the network size and the corresponding
data. As a result, many novel attacks are being
generated and have posed challenges for network
security to detect intrusions accurately. Furthermore,
the presence of intruders with the aim to launch
various attacks within the network cannot be ignored.
An intrusion detection system (IDS) is one tool that
prevents the network from possible intrusions by
inspecting the network traffic, to ensure its
confidentiality, integrity, and availability. Recently,
machine learning (ML) and deep learning
(DL)-based NIDS systems are being deployed as
potential solutions to detect intrusions across the
network in an efficient manner. We are developing a
system that works on a basic machine learning
algorithm. A network intrusion detection system will
monitor a network or system for malicious activity
and protects a computer network from unauthorized
access from users, including perhaps insider. We are
using the NSL-KDD dataset from New Brunswick
University. Machine Learning includes a number of
advanced statistical methods for handling regression
and classification tasks with multiple dependent and
independent variables. We use methods that include
Support Vector Machine (SVM) for better prediction,
Naive Bayes for classification, and k-Nearest
Neighbors (KNN) for regression and classification.
Keywords: Machine learning, Intrusion, NSL-KDD,
Network Intrusion Detection System (NIDS).
2. LITERATURE REVIEW
2.1. INTRODUCTION
After the rapid development of innovation and the
spread of web networks across the world, cyber-
1
crime expanded decisively. As per the Internet
Security Threat Report (ISTR), around 430 million
new kinds of malware were recognized, 362 of which
were Crypto-deliver products in 2015. The estimated
cybercrime rates delivered 1.5 trillion US$ in 2018.
If there's one clear conclusion in 2021, it was that no
organization was protected from a cyber-attack, large
or small. Digital assaults are further developed,
slippery, and focused on than at any time in recent
memory. In this way, security strategies should be
ceaselessly evolved. A network intrusion detection
system (NIDS) plays a significant part in network
security, where it identifies interruptions and speaks
with the appropriate authority.
Intrusion Detection System (IDS) is an important tool
use in cyber security to monitor and determine
intrusion attack. There are three types of IDS;
network IDS, host IDS, and Application IDS.
Network IDS monitors network packet to detect
intrusion attack. While host IDS monitors a single
host (server or computer). Lastly, application IDS
monitors several known high risk applications. To
determine whether an intrusion attack has occurred or
not, IDS depends on few approaches.
ML calculation can be arranged into different
classifications yet we are utilizing orders, choice
trees, and relapse modules. We are utilizing the SVM
model to learn and test individually. The strategy is
powerful to diminish the space thickness of
information. The investigations contrast the
outcomes and the misleading positive rate and
increment the precision. Where Bayesian class
utilizes the Bayes Theorem of likelihood, which
decides the likelihood of explicit result to
materialize. The most famous calculation in this
classification is Naive Bayes. The choice tree has a
tree-like design that beginnings from root hubs,
which is the best indicator. Then advances through its
branches until it arrives at a left hub. This is the
choice result. The most famous calculation in this
classification is the k-Nearest Neighbor (kNN). This
classification of calculation tracks down the most
comparative cases or prepares information, that
matches the new information to make a forecast.
Relapse calculation attempt to assemble a model that
can address the connection between factors. It is
gotten from the measurable investigation.
Figure 1. Passive Installation of Network
Intrusion Detection System
2.2. RESEARCH OVERVIEW
Applying AI strategies for interruption recognition is
to naturally fabricate the model in view of the
preparation informational index. This informational
index contains an assortment of information
examples every one of which can be depicted
utilizing a bunch of traits (highlights). It does exclude
excess records in the train set, so the classifiers won't
be one-sided towards additional continuous records.
There are no copy records in the proposed test sets;
in this way, the exhibition of the students is not
one-sided by the techniques which have better
location rates on the successive records. The quantity
of chosen records from every trouble level gathering
is conversely corresponding to the level of records in
2
the first KDD informational index. Subsequently, the
order paces of unmistakable AI strategies shift into a
more extensive territory, which makes it more
effective to have a precise assessment of various
learning techniques. The number of records in the
train and test sets is sensible, which makes it
reasonable to run the examinations on the total set
without the need to choose a little piece haphazardly.
Therefore, the assessment consequences of various
exploration works will be reliable and equivalent.
2.3. PROPOSED SYSTEM
In the proposed engineering, the information is
gathered from the straightforwardly available dataset
NSL-KDD. Then the absolute elements of the
information are encoded and extracted. Every one of
the highlights/boundaries of the information is not
required for fostering the model in this manner; a few
best elements are chosen to utilize selectors. This
information is then partitioned into preparing and
testing information. Preparing information is then
used to frame a Decision-Tree-Model. A choice tree
is a managed learning strategy that requires preparing
information for building a model and in view of this
preparing model testing information is tried. The
choice tree utilizes a tree-like design where each leaf
connotes the conceivable result; for this situation,
each leaf addresses the sort of assault or typical way
of behaving (harmless). Test information is gone
through the preparation model to decide if it is
harmless or assault and on the off chance that it looks
like any assault, it will return the kind of assault.
Choice trees like calculations work through recursive
parceling of the preparation put together to get
subsets that are essentially as unadulterated as
conceivable to a given objective class. Every hub of
the tree is related to a specific arrangement of
records. Then, at that point, we the assistance of the
relapse model we will recognize the assault and their
sort and show the outcomes in graphical form. We
can likewise obtain the outcomes in CSV design.
3. STATE OF THE ART
DEFINITION OF THE PROBLEM
Design and implement intrusion detection system
using supervised and unsupervised machine learning
methods on cloud computing.
3.1 RESEARCH QUESTION
This systematic review aims to answer the following
research questions.
RQ1:-How to identify attacks and detect the
intrusions on the Networks ?
RQ2:-What are the ML/DL based methods that can
be used to Intrusions?
RQ3:-What are the accuracy, strengths, and
limitations of the proposed models?
4. METHODOLOGY AND RESEARCH
TIMELINE
4.1 METHODOLOGY
4.1.1 Support Vector Machine (SVM): This
method performs regression and classification
tasks by constructing nonlinear decision
boundaries. Because of the nature of the feature
space in which these boundaries are found,
Support Vector Machines can exhibit a large degree
of flexibility in handling classification and regression
tasks of varied complexities. There are several
types of Support Vector models including linear,
polynomial, RBF, and sigmoid.
4.1.2 Naive Bayes: This is a well established
Bayesian method primarily formulated for
performing classification tasks. Given its simplicity,
i.e., the assumption that the independent variables
are statistically independent, Naive Bayes models
are effective classification tools that are easy to
use and interpret. Naive Bayes is particularly
appropriate when the dimensionality of the
independent space (i.e., number of input
variables) is high (a problem known as the curse
of dimensionality). For the reasons given above,
Naive Bayes can often outperform other more
sophisticated classification methods. A variety of
methods exist for modeling the conditional
distributions of the inputs including normal, log
normal, gamma, and Poisson.
4.2. DESIGN AND IMPLEMENTATION
We applied various classification algorithms that are
mentioned in the NSL-KDD dataset and will
compare there results to build a predictive model.
Dataset:
https://www.kaggle.com/datasets/hassan06/nslkdd
1. Dataset: We are utilizing the NSL-KDD
dataset. Firstly, we broke down the dataset, to
distinguish the number of models and elements that
are available in it, and to recognize the number of
absolute highlights versus nonstop highlights.
2. We perform pre-handling on the dataset. We
will extricate the dataset from both the modules train
and test.
3. After information extraction, the
information is prepared and can be utilized to prepare
an AI model. We applied different AI methods, for
example, SVM, Naive Bayes, and KNN to this
pre-handled dataset for preparing the models to
characterize typical and assault network traffic. Then
we utilized these prepared models on a test dataset, to
perform grouping of ordinary and assault network
traffic.
4. Then we analyzed the exactness
accomplished by every one of these AI models, to
recognize the best AI model and look at their results.
5. Model Deployment: This step is the last phase of
the venture and it includes the mechanization of the
information extraction and information pre-handling,
re-preparing of the model on the new dataset and
finally creating the location for the impending
matching data of interest.

4.1.3 k-Nearest Neighbour Algorithm: k-Nearest

Neighbors is a memory-based method that, in
contrast to other statistical methods, requires no
training (i.e., no model to fit). It falls into the
category of Prototype Methods. It functions on the
intuitive idea that close objects are more likely
to be in the same category. Thus, in KNN,
predictions are based on a set of prototype examples
that are used to predict new (i.e., unseen) data
based on the majority vote (for classification
tasks) and averaging (for regression) over a set of
k-nearest prototypes (hence the name k-nearest
neighbors).

3
 Figure.2. System Architecture
4.2.1. Hardware requirements
● Processor: Any Update Processor
● Ram: Min 8 GB
● Hard Disk: Min 100 GB
4.1.3. Software requirements
● Operating System: Windows family
● Technology: Python 3.8
● IDE: Jupyter Notebook
4.1.4. Server Deployment
● Python anywhere
RESEARCH TIMELINE
Expected to be completed in 1 months with the help
of available dataset and research documents as
available.
1. CONCLUSION
Soft computing techniques are standing out from
analysts in IDS. This is on the grounds that this
method is not difficult to apply and frequently
produce improved outcome contrasted with a single
calculation. The proper combination of multiple
algorithms is the way forward. Most specialists are
zeroing in on the order of IDS, which is gainful in
deciding realized interruption crime.
Notwithstanding, it might represent an issue in
identifying irregular interruption, which might
incorporate new or changed interruption assaults.
Through this trial examination of multi-access
arrangement, which had been found in the NSL-KDD
dataset, we have shown that managed learning
models are fit for recognizing close to 100%
precision. Despite the fact that DL plans have a lot of
prevalent exhibition than the ML-based strategies as
far as their capacity to learn highlights without help
from anyone else and more grounded model abilities
to fit. In any case, these plans are very perplexing
and require broad figuring assets concerning
handling power and capacity abilities. These
provokes should be addressed to satisfy constant
necessities for NIDS and consequently further
develops NIDS execution.
REFERENCES
[1] Vipin, Das & Vijaya, Pathak & Sattvik,
Sharma & Sreevathsan, & MVVNS.Srikanth, & T,
Gireesh. (2010). Network Intrusion Detection System
Based On Machine Learning Algorithms.
International Journal of Computer Science &
Information Technology. 2. 10.5121/ijcsit.2010.2613.
[2] M. E. KarsligЕl, A. G. Yavuz, M. A.
Güvensan, K. Hanifi and H. Bank, "Network
intrusion detection using machine learning anomaly
detection algorithms," 2017 25th Signal Processing
and Communications Applications Conference (SIU),
2017, pp. 1-4, doi: 10.1109/SIU.2017.7960616.
[3] Ahmad, Z, Shahid Khan, A, Wai Shiang, C,
Abdullah, J, Ahmad, F. Network intrusion detection
system: A systematic study of machine learning and
deep learning approaches. Trans Emerging Tel Tech.
2021; 32:e4150. https://doi.org/10.1002/ett.4150
[4] L. Ashiku and C. Dagli, "Network Intrusion
Detection System using Deep Learning", Procedia
Comput. Sci., vol. 185, no. June, pp. 239-247, 2021.
[5] P. Parkar, "A Network Intrusion Detection
System Based on Ensemble Machine Learning
Techniques," 2021 IEEE 2nd International
Conference on Applied Electromagnetics, Signal
Processing, & Communication (AESPC), 2021, pp.
1-6, doi: 10.1109/AESPC52704.2021.9708502.
[6] KishorWagh, Sharmila & Pachghare, Vinod
& Kolhe, Satish. (2013). Survey on Intrusion
Detection System using Machine Learning
Techniques. International Journal of Computer
Applications. 78. 30-37. 10.5120/13608-1412.