Exploiting Machine Learning Technique for Attack Detection in Intrusion Detection System (IDS) Based on Protocol

An intrusion detection system (IDS) can be either software or hardware that computerizes the process of keeping track of and evaluating network or computer system activity for indications of security issues. IDS is a crucial component of the security infrastructure of many organizations due to an increase in the frequency and intensity of attackers over the past decades. The study proposes machine learning techniques for the classification and detection of normal and attack traffics using protocol types records of the NSL-KDD dataset. Three sets of datasets were extracted from NSL-KDD datasets based on ICMP, UDP, and TCP. The experiment was conducted on WEKA 3.8.5 using KNN, KStar, LWL, BayesNet, Naive Bayes, and PART algorithms. The results indicated that the PART algorithm has the highest performance rating while NaiveBayes has the lowest performance rating utilizing the Correlation-based feature selection (CFS) using the Ranking Filter approach. It is concluded that the PART algorithm performs well across the dataset while NaiveBayes does not perform well across the dataset.