Comparing Machine Learning Algorithms for Intrusion Detection Systems

With the advancement of distributed computing systems, cyberattacks are continually evolving, making cybersecurity research crucial for protecting organizations and individuals from network breaches. An Intrusion Detection System (IDS) is designed to monitor software and hardware activities for potential threats. In this study, machine learning (ML) techniques, including both shallow models and deep learning models, are employed to detect a comprehensive set of attack type, including probe, user-to-root (U2R), remote-to-local (R2L), denial of service (DoS), fuzzer, analysis, backdoor, exploit, generic, reconnaissance, shellcode, and worm attacks. Experiments are conducted on three benchmark datasets: KDD99, NSL-KDD, and UNSW-NB15. Among the models tested, Random Forest demonstrated the best performance in terms of accuracy and processing time. Although the deep learning models–Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU)–achieved very high accuracy, their training and prediction times were significantly longer than those of Random Forest. A notable finding was the variation in model performance across the datasets. High accuracy was observed with KDD99 and NSL-KDD, whereas UNSW-NB15 proved more challenging, particularly for multiclass models. This highlights the need for further advancements in IDS models to better address these complex cyber threats.