An Improved Intrusion Detection System Based on KNN Hyperparameter Tuning and Cross-Validation
- PDF / 1,814,814 Bytes
- 15 Pages / 595.276 x 790.866 pts Page_size
- 66 Downloads / 284 Views
RESEARCH ARTICLE-COMPUTER ENGINEERING AND COMPUTER SCIENCE
An Improved Intrusion Detection System Based on KNN Hyperparameter Tuning and Cross-Validation Raniyah Wazirali1 Received: 12 May 2020 / Accepted: 19 August 2020 © King Fahd University of Petroleum & Minerals 2020
Abstract As security violations increase, cybersecurity is a critical issue for any area of cyberspace. A large number of zero-day attacks are taking place on a continuous basis due to the inclusion of several protocols. Most of these attacks are minor variations of cyberattacks that have been carried out previously. This shows that problems are faced by even the most sophisticated methods, such as conventional machine learning systems, when identifying these minor variations in attacks over time. By considering a few challenges in the existing intrusion detection methods, an effective semisupervised technique is presented in this paper to decrease the false alarm rate and enhance the detection rate for intrusion detection systems (IDSs). The proposed approach proposes an IDS utilizing k-nearest neighbor hyperparameter tuning with fivefold cross-validation on semisupervised learning. For each unlabeled data point, its k-nearest neighbors in the training set are first identified. After that, based on statistical information gained from hyperparameter tuning of these neighboring data, namely the number of neighboring data points belonging to each possible class, distance metric, and distance weight, the new data are classified as normal or attack class. A widely used dataset NSL-KDD is employed to determine the robustness of the model. In comparison with IDS-based KNN algorithms, the simulation findings demonstrate that the proposed approach performs better. Keywords Intrusion detection · Hyperparameter tuning · Cross-validation
1 Introduction The Internet affects the safety and stability of different systems. Static defense mechanisms such as software updates and firewalls are a few of the solutions that can be used to offer some security. Intrusion detection systems (IDSs) are a dynamic solution that has been employed [1,2]. IDS is a system that observes network traffic for frightened action and warnings when such action is exposed [3]. It is a process of supervising, identifying, and evaluating the events that take place in a computer system or in a local domain to recognize malicious events. It includes different options for handling risk from threats and vulnerabilities [4]. Network traffic is monitored and assessed by network-based IDSs (NIDSs) that are used for the most important servers to ensure that the critical system files and records remain secure [5].
B 1
Raniyah Wazirali [email protected] College of Computing and Informatics, Saudi Electronic University, Riyadh, Saudi Arabia
In the past few years, risks to network security have become more complex, systematized, and difficult to identify [2,6]. Furthermore, there are also increasing events of failure in blocking attacks, which is in violation of the network security principl
Data Loading...
