Machine Learning vs Deep Learning for Anomaly Detection and Categorization in Multi-cloud Environments

Detecting intrusions is a critical issue in cybersecurity. One way to overcome this issue is to build efficient and robust Network Intrusion Detection Systems (NIDS) using existing Machine Learning (ML) algorithms. Such an approach has been proposed in the literature and has been shown to perform well. However, a comparative analysis of the performance of ML and Deep Learning (DL) based NIDS for both detection and categorization of intrusions is still needed. This paper investigates the performance of ML and DL models for both intrusion detection and categorization. We use the publicly available Canadian Institute of Cybersecurity Intrusion Detection System 2017 (CICIDS-2017) dataset to train and test ML and DL models. We apply three traditional ML models, namely, Logistic Regression (LR), Random Forest (RF), K-Nearest Neighbor (KNN), and three DL models - 1-D Convolutional Neural Network (Conv1D), Recurrent Neural Network (RNN), and a two-staged model that combines an unsupervised Dense Autoencoders (DAE) for pre-training and an Artificial Neural Network (ANN) for classification. Our results demonstrate that RF is the best performing ML model with a detection accuracy of 99.5% and DAE-ANN is the best performing DL model with a detection accuracy of 98.7%. We also show the advantages of using a stepwise multi-classification over a classical single-stage multi-classification. Finally, we observe that RF outperforms DAE-ANN in categorization with detection rates of 91.35% and 84.66%, respectively.