Comprehensive Model Comparison for Intrusion Detection in UNR-IDD Dataset: Evaluating Naïve Bayes, Decision Tree, Random Forest, K-Neighbors, and LSTM
DOI:
https://doi.org/10.21015/vtcs.v12i2.1929Abstract
This paper compares the efficiency of five supervised learning algorithms, Namely Naïve Bayes, Decision Tree, Random Forest, K-Neighbors (KNN), and Long Short-Term Memory (LSTM) on intrusion detection using the UNR-IDD dataset. We analysed the results of the models considering the accuracy, precision, and F1-score. The Decision Tree, Random Forest, and LSTM models were also shown to be the best performers with scores of 1 for accuracy, F1-score, and area under the curve on the testing set. The Naïve Bayes yielded low standard error of 0.038165 but the precise values of precision at 0.773218 and F1-score at 0.872107 depict how the model contributed slightly fewer true positives but more false positives. From such outcomes obtained above, it is evident that Decision Tree, Random Forest and LSTM have high accuracy and appropriateness for this intrusion detection problem, although the accuracies of 100\% are questionable because of the possibilities of over fitting. In terms of classification too, K-Neighbors has very good results and rarely misclassifies patterns. Despite this, Naïve Bayes is not the most suitable method in the present case for this particular dataset. This analysis also demonstrates the specific advantages and disadvantages of each model and gives the understanding of real-world usability of intrusion detection systems.
References
M. S., "DDoS botnet attack on IoT devices," Kaggle, 2020. Available at: https://www.kaggle.com/datasets/siddharthm1698/ddos-botnet-attack-on-iot-devices.
T. Das, "UNR-IDD Intrusion Detection Dataset," Kaggle. Available at: https://www.kaggle.com/datasets/tapadhirdas/unridd-intrusion-detection-dataset.
"Attacks and targeted layers in IoT," ResearchGate, 2021. Available at: https://www.researchgate.net/figure/Attacks-and-Targeted-Layers-in-IoT_fig3_350595140.
R. Vishwakarma and A. K. Jain, "A survey of DDoS attacking techniques and defence mechanisms in the IoT network," Telecommunication Systems, Springer US, 2019. Available at: https://link.springer.com/article/10.1007/s11235-019-00599-z.
N. Tripathi, et al., "Application layer denial-of-service attacks and Defense Mechanisms: A Survey," ACM Computing Surveys, vol. 54, no. 4, 2022. Available at: https://dl.acm.org/doi/abs/10.1145/3448291.
B. Gupta, P. Chaudhary, X. Xiaojun, and N. Nedjah, "Smart defense against distributed denial of service attack in IoT networks using supervised learning classifiers," Computers & Electrical Engineering, vol. 2022. Available at: https://www.sciencedirect.com/science/article/abs/pii/S0045790622000404.
C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, "DDoS in the IoT: Mirai and other botnets," Computer, vol. 50, no. 7, pp. 80-84, 2017. https://doi.org/10.1109/MC.2017.201.
O. Osanaiye, K. K. R. Choo, and M. Dlodlo, "Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework," Journal of Network and Computer Applications, vol. 67, pp. 147-165, 2016. https://doi.org/10.1016/j.jnca.2016.01.001.
K. B. Adedeji, A. M. Abu-Mahfouz, and A. M. Kurien, "DDoS attack and detection methods in internet-enabled networks: Concept, research perspectives, and challenges," Journal of Sensors and Actuator Networks, vol. 12, no. 4, pp. 51, 2024.
R. Bensaid, N. Labraoui, A. A. Abba Ari, L. Maglaras, H. Saidi, A. M. Abdu Lwahhab, and S. Benfriha, "Toward a real-time TCP SYN Flood DDoS mitigation using adaptive neuro-fuzzy classifier and SDN assistance in fog computing," Security and Communication Networks, vol. 2024, pp. 1–20, 2024. https://doi.org/10.1155/2024/6651584.
S. Khozam, G. Blanc, S. Tixeuil, and E. Totel, "DDoS mitigation while preserving QoS: A deep reinforcement learning-based approach," in 2024 IEEE 10th International Conference on Network Softwarization (NetSoft), pp. 369–374, 2024.
T. Wang, X. Xie, L. Zhang, C. Wang, L. Zhang, and Y. Cui, "ShieldGPT: An LLM-based Framework for DDoS Mitigation," in Proceedings of the 8th Asia-Pacific Workshop on Networking, pp. 108–114, 2024.
X. Xia, F. Chen, Q. He, R. Luo, B. Liu, C. Chua, R. Buyya, and Y. Yang, "EdgeShield: Enabling collaborative DDoS mitigation at the edge," IEEE Transactions on Mobile Computing, vol. PP(99), pp. 1–12, 2024. https://doi.org/10.1109/tmc.2024.3443260.
Z. Zhao, Z. Liu, H. Chen, F. Zhang, Z. Song, and Z. Li, "Effective DDoS mitigation via ML-driven in-network traffic shaping," IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 4, pp. 4271–4289, July-August 2024. https://doi.org/10.1109/tdsc.2023.3349180.
Y. Zhou, G. Cheng, Z. Ouyang, and Z. Chen, "Resource-efficient low-rate DDoS mitigation with moving target defense in edge clouds," IEEE Transactions on Network and Service Management, vol. PP(99), pp. 1–1, 2024. https://doi.org/10.1109/tnsm.2024.3413685.
M. Banoula, "Naive Bayes classifier - machine learning [updated]," Simplilearn, 2023. Available at: https://www.simplilearn.com/tutorials/machine-learning-tutorial/naive-bayes-classifier.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-By) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This work is licensed under a Creative Commons Attribution License CC BY
