PERFORMANCE EVALUATION OF MACHINE LEARNING-BASED INTRUSION DETECTION USING NSL-KDD, UNSW-NB15 AND CICIDS2017 DATASETS

Smart devices are now common in almost every field, and many private and public organizations manage their services remotely through web servers and cloud platforms.  Sadly, as network demand rises, both systems and users become more at risk.  Every day, thousands of cyberattacks happen to many businesses.  Traditional intrusion detection systems (IDS) have a hard time keeping up with the number of attacks on networks that are growing.  So, it's very important to look at new ways to stop and find intrusions.  An IDS can tell the difference between good and bad behavior, and machine learning (ML) can be used to make good IDS models for safe communication.  In machine learning, classification algorithms can automatically find patterns in data and sort user activities into normal and intrusive categories.  This paper provides a comparative analysis and performance assessment of various ML-based IDS methodologies.  The experiments employ established datasets such as NSL-KDD, UNSW-NB15, and CICIDS2017 to train and evaluate various machine learning algorithms, including Support Vector Machines (SVM), Decision Trees, Naïve Bayes, Random Forests, K-Nearest Neighbors (KNN), Logistic Regression, Quadratic Discriminant Analysis (QDA), AdaBoost, CatBoost, Gradient Boosting, LightGBM (LGBM), Linear Discriminant Analysis (LDA), and XGBoost (XGB).  Standard metrics like accuracy, precision, recall, and F1-score are used to measure how well these methods work.  The results show that the algorithms have very different detection abilities, which shows how important it is to choose the right ML models for intrusion detection.