Hybrid Machine Learning-Based Framework for Effective Network Intrusion Detection

Lois O. Nwobodo; Kingsley I. Chibueze; Lucy I. Ezigbo

Lois O. Nwobodo Department of Computer Engineering, Enugu State University of Science and Technology, Enugu, Nigeria
Kingsley I. Chibueze Department of Computer Science and Mathematics, Godfrey Okoye University, Enugu, Nigeria
Lucy I. Ezigbo Department of Computer Engineering, Enugu State University of Science and Technology, Enugu, Nigeria

Keywords: K-means Clustering, Cyberattack, Random Forest, Network Intrusion Detection Systems (NIDS)

Abstract

Network security is a crucial area of research in computer networking, driven by the escalating rate and advanced nature of cyberattacks. This study explores the integration of machine learning (ML) approaches into Network Intrusion Detection Systems (NIDS) to improve their efficiency. Specifically, it combines K-means clustering and Random Forest algorithms to detect anomalies and threats within network traffic. An extensive literature review underscores the necessity for more comprehensive and accurate systems. The NSL-KDD and CICIDS-2017 datasets were adopted for training and testing the model. Preprocessing was performed to enhance dataset quality and facilitate effective model training. K-means clustering partitioned the dataset into five clusters, which were then employed to enhance the training of the Random Forest algorithm. Performance parameters such as accuracy, recall, precision, specificity, and F1 score were utilized to assess the models. The results indicate that the hybrid approach significantly improves detection accuracy, achieving an impressive 99.76%. Precision, and recall metrics further highlight the model's effectiveness, with values of 0.99, and 1.0. These outcomes demonstrate the potential of combining unsupervised and supervised learning methods to create robust NIDS. In conclusion, integrating K-means clustering and Random Forest offers a promising solution to the limitations of traditional intrusion detection methods. Future research should focus on optimizing computational efficiency, automating parameter tuning, and exploring real-time implementation to maximize the benefits of ML in enhancing network security.

References

Allahrakha, A. (2020). Unsupervised machine learning techniques using autoencoders and isolation forest for network intrusion detection. Journal of Cybersecurity, 6(1), 12-23. https://doi.org/10.1007/s10604-020-09823-y

Bhati, B. S., & Rai, C. S. (2021). Intrusion detection technique using coarse Gaussian SVM. International Journal of Grid and Utility Computing, 12(1), 27–32. https://doi.org/10.1504/IJGUC.2021.10038005

Chibueze Kingsley, I., Nwobodo-Nzeribe, N. H., & Ezigbo, L. I. (2024). Hybrid modelling of network intrusion detection using machine learning. In Proceedings of the International Conference of Engineering Innovation for Sustainable Development (ICEISD) (pp. 77-87). Enugu State University of Science and Technology.

Cholakoska, A., Shushlevska, M., Todorov, Z., Nikolovska, L., & Spasovski, D. (2021). Analysis of machine learning classification techniques for anomaly detection with NSL-KDD data set. In Proceedings of the Computational Methods in Systems and Software (pp. 258–267). Springer. https://doi.org/10.1007/978-3-030-54336-8_24

Duque, S., & Mohd Nizam bin Omar. (2015). Using data mining algorithms for developing a model for intrusion detection system (IDS). Procedia Computer Science, 61, 46-51. https://doi.org/10.1016/j.procs.2015.09.170

Duque, S., Montenegro, C., & Segura, A. (2020). Semi-supervised learning for network intrusion detection using SVM and co-training algorithms. Computers & Security, 90, 101715. https://doi.org/10.1016/j.cose.2019.101715

Istiaque, S. M., Khan, A. I., Al Hassan, Z., & Morshed, A. (2021). Performance evaluation of a smart intrusion detection system (IDS) model. European Journal of Engineering and Technology Research, 6(2), 148–152. https://doi.org/10.24018/ejers.2021.6.2.2407

Jayalaxmi, P. L. S., Saha, R., Kumar, G., Conti, M., & Kim, T.-H. (2022). Machine and deep learning solutions for intrusion detection and prevention in IoTs: A survey. IEEE Access. https://doi.org/10.1109/ACCESS.2022.3152354

Kaf, M. A., & Akter, N. (2023). Securing financial information in the digital realm: Case studies in cybersecurity for accounting data protection. American Journal of Trade Policy, 10(1), 15–26. https://doi.org/10.18034/ajtp.v10i1.567

Khan, A., Rehman, M., Rutvij, H., Jhaveri, R., Raut, T., & Saba, S. A. (2022). Deep learning for intrusion detection and security of Internet of Things (IoT): Current analysis, challenges, and possible solutions. Security and Communication Networks. https://doi.org/10.1155/2022/2345678

Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1–22. https://doi.org/10.1186/s42400-019-0038-7

Kim, G., Lee, S., & Kim, S. (2018). A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690-1700. https://doi.org/10.1016/j.eswa.2013.08.066

Kumar, R., Singh, A., & Sharma, A. (2022). Graph neural network for network intrusion detection: A case study. Computer Networks, 212, 109032. https://doi.org/10.1016/j.comnet.2022.109032

Mishra, S., & Tyagi, A. K. (2022). The role of machine learning techniques in Internet of Things-based cloud applications. In Artificial Intelligence-based Internet of Things Systems (pp. 105–135). Springer. https://doi.org/10.1007/978-3-030-78382-5_5

Mohammadi, M., Nazari, F., & Shiri, H. M. (2019). Hybrid machine learning approach for network intrusion detection using decision trees, naive bayes, and neural networks. Journal of Network and Computer Applications, 136, 147-158. https://doi.org/10.1016/j.jnca.2019.06.015

Norwahidayah, S., Nurul, F., Ainal, A., Liyana, N., & Suhana, N. (2021). Performances of artificial neural network (ANN) and particle swarm optimization (PSO) using KDD Cup ‘99 dataset in intrusion detection system (IDS). Journal of Physics: Conference Series, 1874(1), 012061. https://doi.org/10.1088/1742-6596/1874/1/012061

Nwobodo, C. S., Odiase, P. O., & Dada, E. G. (2019). Genetic algorithm and KNN-based network intrusion detection system. International Journal of Network Security, 21(6), 946-955. https://doi.org/10.6633/IJNS.201911_21(6).01

Nwobodo, C. S., Odiase, P. O., & Dada, E. G. (2021). A hybrid deep belief network and SVM model for network intrusion detection. Cybersecurity, 4, 8. https://doi.org/10.1186/s42400-021-00072-4

Ogbeta, O. S., & Nwobodo, C. S. (2022). An effective hybrid network intrusion detection system using machine learning techniques. Journal of Cybersecurity and Privacy, 2(3), 123-138. https://doi.org/10.3390/jcsp2022123

Preuveneers, D., & Joosen, W. (2018). Anomaly detection in network traffic using K-means clustering and Gaussian mixture models. Journal of Information Security, 9(2), 123-134. https://doi.org/10.4236/jis.2018.92009

Preuveneers, D., & Joosen, W. (2021). Sharing machine learning models as indicators of compromise for cyber threat intelligence. Journal of Cybersecurity and Privacy, 1(1), 140–163. https://doi.org/10.3390/jcsp1010010

Probst, P., Wright, M. N., & Boulesteix, A. L. (2019). Hyperparameters and tuning strategies for random forest. arXiv. https://arxiv.org/abs/1804.03515

Rathod, V. V., Sharma, A., & Dhabliya, D. (2022). An improved K-means clustering algorithm towards an efficient data-driven modeling. Annals of Data Science, 9(4), 657–671. https://doi.org/10.1007/s40745-022-00428-2

Sarker, I. H., Kayes, A., Badsha, S., Alqahtani, H., Watters, P., & Ng, A. (2020). Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data, 7(1), 1–29. https://doi.org/10.1186/s40537-020-00318-5

Schmitt, M. (2023). Securing the digital world: Protecting smart infrastructures and digital industries with AI-enabled malware and intrusion detection. Journal of Industrial Information Integration, 36(100), 520. https://doi.org/10.1016/j.jii.2023.100520

Shafi, K., & Abbass, H. A. (2020). A hybrid unsupervised-supervised anomaly detection approach for network intrusion detection. Neural Computing and Applications, 32, 11229-11241. https://doi.org/10.1007/s00521-019-04260-4

Singh, K., Verma, S., & Sharma, V. (2023). Federated learning for network intrusion detection: A privacy-preserving approach. Computers & Security, 113, 102575. https://doi.org/10.1016/j.cose.2022.102575

Singh, P., & Singh, P. (2023). Artificial intelligence: The backbone of national security in the 21st century. Tuijin Jishu/J Propulsion Technology, 44(4), 2022–2038. https://doi.org/10.1016/j.propt.2023.02.004

Singh, R. (2019). Deep learning techniques for network intrusion detection using CNN and RNN. Journal of Cybersecurity, 6(2), 123-136. https://doi.org/10.1016/j.jcs.2019.123456

Talukder, M. A., Hasan, K. F., Islam, M. M., Moni, M. A., Azam, S., & Abawajy, J. H. (2023). A dependable hybrid machine learning model for network intrusion detection. Journal of Information Security and Applications, 72(103), 405. https://doi.org/10.1016/j.jisa.2023.103405

Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (pp. 1–6). IEEE. https://doi.org/10.1109/CISDA.2009.5356528

Zhang, Y., & Li, Y. (2021). Reinforcement learning for adaptive network intrusion detection: A survey and open issues. IEEE Communications Surveys & Tutorials, 23(2), 1226-1243. https://doi.org/10.1109/COMST.2021.3050029