Intrusion Detection System using Feature Selection With Clustering and Classification Machine Learning Algorithms on the UNSW-NB15 dataset
Mohamed Hammad, Wael Elmedany, Yasser Ismail
Abstract
The identification of malicious network traffic through intrusion detection systems (IDS) becomes very challenging. This malicious network appears as a network protocols or normal access. In this paper, for the classification of cyberattacks, four different algorithms are used on UNSW-NB15 dataset, these methods are naive bays (NB), Random Forest (RF), J48, and ZeroR. Also, K-MEANS and Expectation Maximization (EM) clustering algorithms are used to cluster the UNSW-NB15 dataset into two clusters depending on the target attribute attack, or normal network traffic. To develop an optimal subset of features, Correlation-based Feature Selection (CFS) is used, then the mentioned classification and clustering techniques are used. The used methods gives an efficient tool for studying and analyzing intrusion detection in large networks. The result show that RF and J48 algorithms performed best results with 97.59%, and 93.78%, respectively.