Performance Evaluation of Intrusion Detection System

Using Machine Learning and Deep Learning Algorithms

2

Team Members:
Name: Dipayan Ghose
ID: 2018-1-60-197
Name: All Masror Partho
ID: 2018-1-62-035
Name: Minhaz Ahmed
ID:2018-1-60-200
3

Table of content
 Introduction
 Problem Statement
 Machine Learning
 Supervised Learning Algorithms
 Unsupervised Learning Algorithms
 Deep Learning
 Research Methodology
 Dataset Overview
 Normalization
 Machine learning model performance
 Deep learning model performance
 Comparison Between ML & DL Algorithms Results
 Future scope
4

INTRODUCTION

An intrusion detection system (IDS) is a

system that monitors network traffic for
suspicious activity and alerts when such
activity is discovered. While anomaly
detection and reporting are the primary
functions of an IDS, some intrusion
detection systems are capable of taking
actions when malicious activity or
anomalous traffic is detected, including
blocking traffic sent from suspicious Internet
Protocol (IP) addresses.
5

PROBLEM STATEMENT

An Intrusion Detection System should

be able to identify all abnormal patterns
and traffic using monitoring, detecting
and responding to unauthorized
activities within the system. However,
regarding its huge and unbalanced
datasets, Intrusion Detection system
encounters total data processing
problem.
6

MACHINE LEARNING

A machine learning model is a program that can find

patterns or make decisions from a previously unseen
dataset. Machine learning is divided into two
categories: supervised and unsupervised learning.
7

SUPERVISED MACHINE LEARNING

In supervised machine
learning, the algorithm is
provided an input dataset, and
is rewarded or optimized to
meet a set of specific outputs.
8

UNSUPERVISED MACHINE LEARNING

In unsupervised machine
learning, the algorithm is
provided an input dataset, but
not rewarded or optimized to
specific outputs, and instead
trained to group objects by
common characteristics.
9
Deep Learning

Deep learning is a subset of machine

learning, which is essentially a neural
network with three or more layers.
Deep learning uses artificial neural
networks, which are supposed to
mimic how humans think and learn, as
opposed to machine learning, which
uses simpler principles.
10
Research Methodology

The chosen methodologies for

justification or analysis of a given
data or desired case are discussed in
this part of the thesis. The efficient
model gathers a dataset, analyzes it,
and applies machine learning and
deep learning algorithms to it in
order to anticipate outcomes.
11
Dataset Overview

In this project, we took DoS attack to measure the performances of all algorithms. NSL-KDD is
an updated version of KDD cup99 data set which is suggested to solve some problems of the
previous version. This data set is an effective benchmark for researchers to compare different types
of Intrusion detection system (IDS) methods, build an Intrusion detection system ( Host-based or
Network-based), doing for some experiments in Cyber security areas likewise there are so many
advantages.
12

Normalization 𝑥𝑚𝑎𝑥− 𝑥𝑚𝑖𝑛

Normalization is the process of converting the values of numeric columns in a dataset to a

similar scale without distorting the ranges of values. Every dataset does not require
normalization for machine learning. Only when features have various ranges is it essential.
Outliers can affect Min-max normalization in a biased dataset.
13
Machine learning model performance
(Normalization)

98

97

97
96
89.6
88.2

87.6

92

92
90
89

88
87

87

87

87
85
75.9

69
53
Measures

Accuracy score precision Recall F1 score

NB 75.9 98 53 69
DT 88.2 97 87 92
KNN 87 96 85 90
RF 89.6 97 87 92
SVM 87.6 87 89 88
14
Machine learning model performance (Without
Normalization)

Measures in %

97

97

96
89.2
88.6

88.4

92

91
90

89

88

88

88
86
80.3

80
73.5

73

72
58
Accuracy score precision Recall F1 score
NB 80.3 97 58 72
DT 88.6 97 88 92
KNN 73.5 90 73 80
RF 89.2 96 86 91
SVM 88.4 89 88 88
15

Deep learning 𝑥 −𝑥 𝑚𝑎𝑥 𝑚𝑖𝑛

µ = ∑ model performance

LSTM MPM

98.62

97.92
97.77
Measuring Percentage

97.23

97.22
97.06
96.91
96.89

Accuracy Recall Score F1 Score Precision Score

LSTM 97.77 98.62 97.92 97.23
MPM 96.89 96.91 97.06 97.22

Axis Title
16
Comparison Between ML & DL Algorithms
𝑥 −𝑥 𝑚𝑎𝑥 𝑚𝑖𝑛
Results µ=∑

LSTM MPM NB DT KNN RF SVM

97.92
97.77

97.06
96.89

89.2
88.6

88.4
80.3

92

91

88
73.5
Measuring Percentage

80
72
Accuracy F1 Score
LSTM 97.77 97.92
MPM 96.89 97.06
NB 80.3 72
DT 88.6 92
KNN 73.5 80
RF 89.2 91
SVM 88.4 88
17

FUTURE SCOPE 𝑥𝑚𝑎𝑥− 𝑥𝑚𝑖𝑛

µ=∑

 The solution to complex models

 Use of DL algorithms
 Prevention Mechanism
18

THANKS!
Any questions?