Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems
Computer users face a constant influx of internet packets, ranging from legitimate ones to those sent by malicious entities. With the exponential growth in user numbers and evolving attack types, traditional countermeasure methods are becoming ineffective. Artificial intelligence (AI) techniques off...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Croatian Communications and Information Society (CCIS)
2025-06-01
|
| Series: | Journal of Communications Software and Systems |
| Subjects: | |
| Online Access: | https://jcoms.fesb.unist.hr/10.24138/jcomss-2024-0064/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850276855703142400 |
|---|---|
| author | Abeer Abd Alhameed Mahmood Azhar A. Hadi Wasan Hashim Al-Masoody |
| author_facet | Abeer Abd Alhameed Mahmood Azhar A. Hadi Wasan Hashim Al-Masoody |
| author_sort | Abeer Abd Alhameed Mahmood |
| collection | DOAJ |
| description | Computer users face a constant influx of internet packets, ranging from legitimate ones to those sent by malicious entities. With the exponential growth in user numbers and evolving attack types, traditional countermeasure methods are becoming ineffective. Artificial intelligence (AI) techniques offer a promising solution to address these challenges. This study leverages AI methods to develop nine classification models using supervised machine learning classifiers. The author has implemented several machine learning models, including bagging, multi-layer perceptron, logistic regression, extreme gradient boosting, and random forest. The authors utilize three datasets (Knowledge Discovery in Databases 1999 dataset, used for network intrusion detection research), UNSW-NB15 (a dataset capturing contemporary network attack patterns generated at the University of New South Wales), and CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System dataset, containing modern attack scenarios)(KDD99, UNSW NB15, and CICIDS2017) with varying train-test ratios to train the classifiers. The author employs accuracy and F1 score metrics to evaluate the model’s performance. The Extreme Gradient Boosting classifier exhibits the highest performance across all three datasets, especially with an 80% feature reduction. Various oversampling and undersampling techniques balance the dataset to improve falsenegative rates. Performance metrics show improvements across all dataset types, with extreme gradients boosting accuracy. The meta-ensemble learning model does better at sub-multiclass classification than decision trees, random forests, and extreme gradient boosting. It also does better than logistic regression and multi-layer perceptron in multiclass classification. Two hidden layers achieved the highest accuracy for binary classification on the KDD99 dataset. Multiclass classification presents challenges with identifying minor classes, but performance improves with additional hidden layers. Random Forest outperforms other classifiers in accuracy, which is consistent with simulation results. |
| format | Article |
| id | doaj-art-3ce4b85cfd3c4360bebded327d1238cf |
| institution | OA Journals |
| issn | 1845-6421 1846-6079 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | Croatian Communications and Information Society (CCIS) |
| record_format | Article |
| series | Journal of Communications Software and Systems |
| spelling | doaj-art-3ce4b85cfd3c4360bebded327d1238cf2025-08-20T01:50:06ZengCroatian Communications and Information Society (CCIS)Journal of Communications Software and Systems1845-64211846-60792025-06-0121215616510.24138/jcomss-2024-0064Enhancing Network Security: A Study on Classification Models for Intrusion Detection SystemsAbeer Abd Alhameed MahmoodAzhar A. HadiWasan Hashim Al-MasoodyComputer users face a constant influx of internet packets, ranging from legitimate ones to those sent by malicious entities. With the exponential growth in user numbers and evolving attack types, traditional countermeasure methods are becoming ineffective. Artificial intelligence (AI) techniques offer a promising solution to address these challenges. This study leverages AI methods to develop nine classification models using supervised machine learning classifiers. The author has implemented several machine learning models, including bagging, multi-layer perceptron, logistic regression, extreme gradient boosting, and random forest. The authors utilize three datasets (Knowledge Discovery in Databases 1999 dataset, used for network intrusion detection research), UNSW-NB15 (a dataset capturing contemporary network attack patterns generated at the University of New South Wales), and CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System dataset, containing modern attack scenarios)(KDD99, UNSW NB15, and CICIDS2017) with varying train-test ratios to train the classifiers. The author employs accuracy and F1 score metrics to evaluate the model’s performance. The Extreme Gradient Boosting classifier exhibits the highest performance across all three datasets, especially with an 80% feature reduction. Various oversampling and undersampling techniques balance the dataset to improve falsenegative rates. Performance metrics show improvements across all dataset types, with extreme gradients boosting accuracy. The meta-ensemble learning model does better at sub-multiclass classification than decision trees, random forests, and extreme gradient boosting. It also does better than logistic regression and multi-layer perceptron in multiclass classification. Two hidden layers achieved the highest accuracy for binary classification on the KDD99 dataset. Multiclass classification presents challenges with identifying minor classes, but performance improves with additional hidden layers. Random Forest outperforms other classifiers in accuracy, which is consistent with simulation results.https://jcoms.fesb.unist.hr/10.24138/jcomss-2024-0064/intrusion detection systems (ids)machine learningbalanced datasetnetwork security |
| spellingShingle | Abeer Abd Alhameed Mahmood Azhar A. Hadi Wasan Hashim Al-Masoody Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems Journal of Communications Software and Systems intrusion detection systems (ids) machine learning balanced dataset network security |
| title | Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems |
| title_full | Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems |
| title_fullStr | Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems |
| title_full_unstemmed | Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems |
| title_short | Enhancing Network Security: A Study on Classification Models for Intrusion Detection Systems |
| title_sort | enhancing network security a study on classification models for intrusion detection systems |
| topic | intrusion detection systems (ids) machine learning balanced dataset network security |
| url | https://jcoms.fesb.unist.hr/10.24138/jcomss-2024-0064/ |
| work_keys_str_mv | AT abeerabdalhameedmahmood enhancingnetworksecurityastudyonclassificationmodelsforintrusiondetectionsystems AT azharahadi enhancingnetworksecurityastudyonclassificationmodelsforintrusiondetectionsystems AT wasanhashimalmasoody enhancingnetworksecurityastudyonclassificationmodelsforintrusiondetectionsystems |