Comparative research on network intrusion detection methods based on machine learning

Network intrusion detection system is an essential part of network security research. It detects intrusion behaviors through active defense technology and takes emergency measures such as alerting and terminating intrusions. With the rapid development of machine learning technology, more and more researchers apply machine learning algorithms to network intrusion detection to improve detection efficiency and accuracy. Due to the different principles of various algorithms, they also have their advantages and disadvantages. To construct the dominant algorithm model in the field of network intrusion detection and provide the accuracy value, this paper systematically combs the application literature of machine learning algorithms in intrusion detection in the past ten years. A review is made from three categories: traditional machine learning, ensemble learning, and deep learning. Then, this paper selects the KDD CUP99 and NSL-KDD datasets to conduct comparative experiments on decision trees, Naive Bayes, support vector machines, random forests, XGBoost, convolutional neural networks, and recurrent neural networks. The detection accuracy, F1, AUC, and other indicators of these algorithms on different data sets are compared. The experimental results show that the effect of the ensemble learning algorithm is generally better. The Naive Bayes algorithm has low accuracy in recognizing the learned data, but it has obvious advantages when facing new types of attacks, and the training speed is faster. The deep learning algorithm is not particularly prominent in this experiment, but its optimal results are affected by the structure, hyperparameters, and the number of training iterations, which need further in-depth study. Finally, the main challenges facing the current network intrusion detection field are summarized, and the future research directions have been prospected. (C) 2022 Elsevier Ltd. All rights reserved.