Supervised Machine

Learning Algorithms
for
Intrusion Detection
prepare: Roaa almadani
 INTRODUCTION
● Intrusion detection systems using supervised machine learning algorithms are
considered one of the most important tools used in the field of information
security. These systems analyze data and detect illegal activities and intrusions
into networks and systems. These systems rely on machine learning techniques to
classify data as either normal activity or a hack. These systems include training
and testing phases, where the algorithms are trained on a set of pre-labeled data to
learn the natural pattern of the data and distinguish between normal activities and
intrusions. Many supervisory machine learning algorithms are available for
intrusion detection systems, such as Gaussian Naive Bayes, Decision Tree,
Random Forest, Support Vector Machine, and Logistic Regression.
problem
&
solve
 The problem of security and cyber
intrusions targeting networks is one of the
biggest issues that organizations face today.

To solve this problem, intrusion detection

systems (IDS) and their tools can be used to
detect and prevent these threats.

Intrusion detection systems are promising as

they monitor the network for malicious or
policy-violating activities
IMPORTANC
E
&
OBJECTIVES
 IMPORTANCE

Improving systems Improve detection

1
security accuracy

4 2

Detect hacks faster 3 Improve forecasting

and analysis
 OBJECTIVES

Detect advanced threats: Improve efficiency and accuracy

Able to analyze huge amounts of data and
It learns from available data and improves itself over
detect patterns and anomalous behaviors that
time, reducing the number of false alarms and increasing
may indicate attacks or hacks.
the system's ability to recognize real attacks.

Immediate response Continuous protection:

Able to analyze data in real time and take It continuously monitors the network and
immediate corrective action to prevent attacks analyzes data, allowing early detection of
from escalating and minimize the damage that breaches and taking the necessary measures to
could occur. prevent their escalation.
APPLICATIO
NS
&
METHODS
 Application in the real world.
Classification of network
Detect coordinated attacks loads
The system can learn from historical data, The system can learn from historical data,
identify suspicious patterns, and warn of identify distinct features of each category, and
potential attacks use them to accurately classify network load

Analysis of abnormal
Detect new intrusions behavior
The system can learn from previous attacks, The system can learn from normal and
identify common features of these attacks, and abnormal patterns and identify and warn against
use them to detect future attacks illegal behavior
 NEWLY IMPLEMENTED MODELS
Support Vector
Decision Tree Model Random Forest Model
Machine Model

● This model is considered a ● This model is used to classify

● This model is used to classify
development of the decision tree data based on creating dividing
data and make decisions based
model, as it uses a set of decision lines between different
on a series of conditional rules.
trees to classify data. categories.
● The model is trained on a data
● The model is trained on a data set ● The model is trained on a data
set containing examples of
containing examples of normal set containing examples of
normal and hacked activities.
and hacked activities. normal and hacked activities.
● The model is used to classify
● The model uses a set of decision ● The model uses thresholds to
new activities and determine
trees to classify new activities and classify new activities and
whether they constitute a breach
determine whether they constitute determine whether they
or not
a breach or not constitute a breach or not
 METHODS USED

01 02 03 04

Enemy
analysis
The enemy is understood The infrastructure used by
by identifying the origin of
the attack, the entities
involved, motives and
sponsors, and the timeline
of activities.
Infrastruct
ure Capacity Victim
analysis analysis analysis
Attackers' ability is Targeted victims are
the attackers is exposed, assessed to gain identified and the
which includes insight into their attackers' ultimate goal
compromised systems, skills and is determined
control servers, data development
management tactics, and
data leakage paths.
 Opportunities to apply in the current
Gini Impurity-based
environment.
Weighted Random
Forest (GIWRF) 01
02

Ensemble-Learning
Framework for 03
Deep Neural
Intrusion Detection Network (DNN) for
Intrusion Detection

Understand the theory
and basic concepts
Before researching supervised machine
learning algorithms for intrusion detection,
you must understand the basic theory and
concepts of machine learning and
supervised learning and how to apply them
in the field of intrusion detection.
CHALLENGE
Collect and analyze
data Technical challenges
The need to collect a large set of There are some technical challenges
intrusion-related data and use it to while carrying out the research, such
train models. as computing power, available
resources, programming, and
dealing with big data.
 References
1. Chenniappanadar, S. K., Gnanamurthy, S., Sakthivelu, V. K., & Kaliappan, V. K. (2023). A Supervised Machine Learning Based
Intrusion Detection Model for Detecting Cyber-Attacks Against Computer System. International Journal of Communication Networks
and Information Security (IJCNIS), 15(1), 1-10.

2. Abrar, I., Ayub, Z., Masoodi, F., & Bamhdi, A. M. (2020). A machine learning approach for intrusion detection system on NSL-KDD
dataset. 2020 International Conference on Smart Electronics and Communication (ICOSEC), 919-924.

3. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., & Ahmad, F. (2021). Network intrusion detection system: A systematic
study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32, e4150.

4. Aziz, Z. A., & Abdulazeez, A. M. (2021). Application of Machine Learning Approaches in Intrusion Detection System. Journal of Soft
Computing and Data Mining, 2, 1-13.

5. Chauhan, A., & Vamsi, P. R. (2019). Anomalous Ozone Measurements Detection Using Unsupervised Machine Learning Methods.
2019 International Conference on Signal Processing and Communication (ICSC), 69-74.

6. L. Shahbandayeva, U. Mammadzada, I. Manafova, S. Jafarli and A. Z. Adamov, "Network Intrusion Detection using Supervised and
Unsupervised Machine Learning," 2022 IEEE 16th International Conference on Application of Information and Communication
Technologies (AICT), Washington DC, DC, USA, 2022, pp. 1-7, doi: 10.1109/AICT55583.2022.10013594..

7. Ding, Y., & Zhai, Y. (2018). Intrusion detection system for NSL-KDD dataset using convolutional neural networks. Proceedings of the
2018 2nd International Conference on Computer Science and Artificial Intelligence, 81-85.