Performance Evaluation of Machine Learning Algorithms in Detecting Network Intrusion Attacks
DOI:
https://doi.org/10.59743/jbs.v39i1.348Keywords:
Intrusion Detection Systems, Machine Learning, Classification Algorithms, Network SecurityAbstract
This paper discusses how Machine Learning (ML) techniques are employed in IDSs for sorting network traffic and for automatically detecting intrusion attacks. Four supervised learning algorithms, namely Decision Tree (DT), Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Logistic Regression (LR), are evaluated and compared using the CICIDS2017 benchmark dataset. The dataset includes realistic network traffic that includes both legitimate user activities and various types of cyber-attacks. Many preprocessing steps are implemented on the dataset, including data cleaning, correlation analysis of features, dimensionality reduction, handling class imbalance using a hybrid approach that includes down sampling and Synthetic Minority Over-sampling Technique (SMOTE). The performance of the classifier is measured using various performance parameters like Accuracy, Precision, Recall, F1 score, Confusion Matrix, and Execution Time. From the results, it can be inferred that the DT algorithm provides better results with an accuracy of 99.94%, indicating its suitability for IDSs.
Downloads
References
1] S. Kannadhasan and R. Nagarajan, “Intrusion detection in machine learning based E-shaped structure with algorithms, strategies and applications in wireless sensor networks,” Heliyon, vol. 10, no. 9, p. e30675, May 2024, doi: 10.1016/j.heliyon.2024.e30675.
[2] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” J. Inf. Secur. Appl., vol. 50, p. 102419, Feb. 2020, doi: 10.1016/j.jisa.2019.102419.
[3] R. O. Ogundokun, J. B. Awotunde, P. Sadiku, E. A. Adeniyi, M. Abiodun, and O. I. Dauda, “An Enhanced Intrusion Detection System using Particle Swarm Optimization Feature Extraction Technique,” Procedia Comput. Sci., vol. 193, pp. 504–512, 2021, doi: 10.1016/j.procs.2021.10.052.
[4] V. Ganesh, M. Sharma, and S. K. Henge, “Particle Swarm Optimization Feature Extraction Technique for Intrusion Detection System,” Jan. 04, 2023, In Review. doi: 10.21203/rs.3.rs-2412032/v1.
[5] N. Ben Henda, A. Msolli, I. Haggui, A. Helali, and H. Maaref, “Attack Detection in IoT Network Using Support Vector Machine and Improved Feature Selection Technique,” J. Netw. Syst. Manag., vol. 32, no. 4, p. 92, Oct. 2024, doi: 10.1007/s10922-024-09871-3.
[6] E. A. Al-Qarni and G. A. Al-Asmari, “Addressing Imbalanced Data in Network Intrusion Detection: A Review and Survey,” Int. J. Adv. Comput. Sci. Appl., vol. 15, no. 2, 2024, doi: 10.14569/IJACSA.2024.0150215.
[7] A. Verma and V. Ranga, “Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning,” Procedia Comput. Sci., vol. 125, pp. 709–716, 2018, doi: 10.1016/j.procs.2017.12.091.
[8] B. Cetin, “Wireless Network Intrusion Detection and Analysis using Federated Learning.,” Master’s Thesis, Youngstown State University, 2020.
[9] E. Alalade, D. ,., “Intrusion Detection System in Smart Home Network Using AIS/ELM Hybrid Approach,” University of Cincinnati, 2020.
[10] M. Baich, T. Hamim, N. Sael, and Y. Chemlal, “Machine Learning for IoT based networks intrusion detection: a comparative study,” Procedia Comput. Sci., vol. 215, pp. 742–751, 2022, doi: 10.1016/j.procs.2022.12.076.
[11] A. S. Jaradat, M. M. Barhoush, and R. S. B. Easa, “Network intrusion detection system: machine learning approach,” Indones. J. Electr. Eng. Comput. Sci., vol. 25, no. 2, p. 1151, Feb. 2022, doi: 10.11591/ijeecs.v25.i2.pp1151-1158.
[12] R. Saini, D. Halder, and A. M. Baswade, “RIDS : Real-time Intrusion Detection System for WPA3 enabled Enterprise Networks,” Jul. 06, 2022, arXiv: arXiv:2207.02489. doi: 10.48550/arXiv.2207.02489.
[13] Z. Chen, M. Simsek, B. Kantarci, M. Bagheri, and P. Djukic, “Machine learning-enabled hybrid intrusion detection system with host data transformation and an advanced two-stage classifier,” Comput. Netw., vol. 250, p. 110576, Aug. 2024, doi: 10.1016/j.comnet.2024.110576.
[14] M. Sarhan, S. Layeghy, N. Moustafa, M. Gallagher, and M. Portmann, “Feature extraction for machine learning-based intrusion detection in IoT networks,” Digit. Commun. Netw., vol. 10, no. 1, pp. 205–216, Feb. 2024, doi: 10.1016/j.dcan.2022.08.012.
[15] “https://www.unb.ca/cic/datasets/ids-2017.html.” [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html
[16] M. Tahir, A. Abdullah, N. I. Udzir, and K. A. Kasmiran, “A novel approach for handling missing data to enhance network intrusion detection system,” Cyber Secur. Appl., vol. 3, p. 100063, Dec. 2025, doi: 10.1016/j.csa.2024.100063.
[17] P. Verma et al., “A Novel Intrusion Detection Approach Using Machine Learning Ensemble for IoT Environments,” Appl. Sci., vol. 11, no. 21, p. 10268, Nov. 2021, doi: 10.3390/app112110268.
[18] B. Jijo T, and A. Abdulazeez M, “Classification Based on Decision Tree Algorithm for Machine Learning,” J. Appl. Sci. Technol. Trends, vol. 2(1), pp. 20–28, 2021.
[19] C. Savas and F. Dovis, “The Impact of Different Kernel Functions on the Performance of Scintillation Detection Based on Support Vector Machines,” Sensors, vol. 19, no. 23, p. 5219, Nov. 2019, doi: 10.3390/s19235219.
[20] F. Nie, Z. Hao, and R. Wang, “Multi-Class Support Vector Machine with Maximizing Minimum Margin,” Proc. AAAI Conf. Artif. Intell., vol. 38, no. 13, pp. 14466–14473, Mar. 2024, doi: 10.1609/aaai.v38i13.29361.
[21] Z. K. Maseer, Q. K. Kadhim, B. Al‐Bander, R. Yusof, and A. Saif, “Meta‐analysis and systematic review for anomaly network intrusion detection systems: Detection methods, dataset, validation methodology, and challenges,” IET Netw., vol. 13, no. 5–6, pp. 339–376, Sep. 2024, doi: 10.1049/ntw2.12128.
[22] ChitkaraUniversity and D. Kaur, “A Comparative Study of Various Distance Measures for Software fault prediction,” Int. J. Comput. Trends Technol., vol. 17, no. 3, pp. 117–120, Nov. 2014, doi: 10.14445/22312803/IJCTT-V17P122.
[23] K. Taha, “Big Data Analytics in IoT, social media, NLP, and information security: trends, challenges, and applications,” J. Big Data, vol. 12(1), p. 150, Jun. 2025, doi: 10.1186/s40537-025-01192-9.
[24] D. Jurafsky and J. Martin, Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition with language models, 3rd edn draft. Stanford University, 2025. [Online]. Available: https://web.stanford.edu/~jurafsky/slp3/?utm_source=chatgpt.com
[25] V. Vandana and R. Verma, “Evaluating Effectiveness: A Critical Review of Performance Metrics in Intrusion Detection System,” J. Eng. Sci. Technol. Rev., vol. 18, no. 1, pp. 199–209, 2025, doi: 10.25103/jestr.181.20.
[26] J. Liedgren, “Comparison of machine-learning algorithms for intrusion detection systems,” Master’s Thesis, Stockholm University, https://su.diva-portal.org/smash/get/diva2:1971980/FULLTEXT01, 2025.
[27] S. Singhal, “Comparative analysis of traditional machine learning models for network intrusion detection,” 2025.
[28] I. Acheme, D. and A. Wasiu, A., “A Comparative Study of Machine Learning Algorithms Used for Network Intrusion Detection,” vol. 8(1), pp. 494–500, 2024.
[29] M. Grandini, E. Bagli, and G. Visani, “Metrics for Multi-Class Classification: an Overview,” Aug. 13, 2020, arXiv: arXiv:2008.05756. doi: 10.48550/arXiv.2008.05756.
[30] G. Zeng, “Invariance Properties and Evaluation Metrics Derived from the Confusion Matrix in Multiclass Classification,” Mathematics, vol. 13, no. 16, p. 2609, Aug. 2025, doi: 10.3390/math13162609.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Journal of Basic Sciences
This work is licensed under a Creative Commons Attribution 4.0 International License.
