A Data-Driven Comparison of Machine Learning Models in Intrusion Detection Systems

Intrusion detection systems (IDS) are an important defense mechanism for computer networks against malicious action and unauthorized accesses. The effectiveness of such systems largely depends on how efficiently and accurately the constituent detection algorithms perform. In this research, a comparative analysis between two popular machine learning algorithms Support Vector Machine (SVM) and Artificial Neural Network (ANN) for use in intrusion detection is performed through secondary network traffic data with several connection and traffic attributes. Both machines are trained and tested with normalized data, and their effectiveness is measured through their accuracies, precision, recalls, F1 score, and Area Under the Receiver Operating Characteristics Curve (AUC). Experimental observations give evidence that although both approaches effectively classify normal and intrusive connections, their detectability depends on evaluation measures. The outcomes and visual inspection prove useful in choosing an appropriate algorithm in practical intrusion detection applications, especially where precision recall tradeoffs are essential.

Ҳали таржима қилинмаган