Machine learning techniques for intrusion detection in network security

Authors Radoslava Svihrova
Title Machine learning techniques for intrusion detection in network security
Type master thesis
Institution Master's Program Statistics
School Johannes Kepler University Linz
Month April
Year 2020
SCCH ID# 20032

Network security is a crucial topic nowadays as huge amount of data is communicated via computer on a daily basis. Leakage of secret data, software damage or modified information are only some examples of potential threats which cost millions of dollars every year. Development of quality intrusion detection systems can save a lot of unnecessary expenses. The aim of this master thesis is to evaluate and compare various machine learning based models for binary classification of observations produced by computer network. For evaluation of the methods, the NSL-KDD’99 data set was used, i.e. KDDTrain+ set and KDDTest+ set for training and testing, respectively. By comparing the accuracy of the tested models, the results showed that the best approach is a semi-supervised approach, which outperformed all the tested supervised methods by at least 7%. The idea of the proposed semi-supervised model is to distinguish benign and malign samples by training an undercomplete autoencoder model on benign samples only, from which the deviations of the future observations are assumed to follow a mixture distribution with one component representing benign and the other malign observations. The advantage of this method is not only the better performance, but also the fact that, in contrast to other approaches, it does not require malign samples for training, which are in many real world applications either not available at all, or very expensive to collect.