Arnav Nath
Independent Researcher
India
Abstract
This manuscript presents a performance evaluation of intrusion detection systems (IDS) using the KDD Cup 1999 dataset, strictly employing techniques and technologies available up to 2018. We compare five classical machine learning classifiers—Decision Tree, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Naive Bayes, and Random Forest—on metrics including detection accuracy, false alarm rate, and processing time. Data preprocessing involved normalization and feature selection based on information gain. Simulation experiments were conducted in MATLAB R2017b to emulate network traffic flows and classifier deployment. Statistical analysis demonstrates that Random Forest achieved the highest detection accuracy (97.4 %), while Naive Bayes yielded the lowest false alarm rate (2.8 %). The study concludes with recommendations for selecting IDS classifiers in resource-constrained environments.
Keywords
intrusion detection system, KDD Cup 1999 dataset, machine learning, performance evaluation, false alarm rate
REFERENCES
Lee, W., Stolfo, S. J., & Mok, K. W. (1999). A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (pp. 120–132).
Mukkamala, S., Janoski, G., & Sung, A. (2002). Intrusion detection using neural networks and support vector machines. In Proceedings of the 2002 International Joint Conference on Neural Networks (IJCNN) (Vol. 2, pp. 1702–1707).
Sung, A. H., & Mukkamala, S. (2003). Identifying important features for intrusion detection using support vector machines and neural networks. In Proceedings of the IEEE Symposium on Applications and the Internet (pp. 209–216). scientific.net
Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (pp. 1–6). ee.torontomu.ca
Dewan, M. F., Harbi, N., & Rahman, M. Z. (2010). Combining naive Bayes and decision tree for adaptive intrusion detection. arXiv preprint arXiv:1005.4496. arxiv.org
Hoque, M. S., Mukit, M. A., & Bikas, M. A. N. (2012). An implementation of intrusion detection system using genetic algorithm. arXiv preprint arXiv:1204.1336. arxiv.org
Juvonen, A., & Sipola, T. (2014). An anomaly detection framework using rule extraction for efficient intrusion detection. arXiv preprint arXiv:1410.7709. arxiv.org
Chandrashekhar, A. M., & Raghuveer, K. (2012). Performance evaluation of data clustering techniques using KDD Cup-99 intrusion detection data set. International Journal of Intelligent Networks, 1(2), 80–88. ijins.iaescore.com
Chakraborty, S., Nagwani, N. K., & Dey, L. (2014). Performance comparison of incremental K-means and incremental DBSCAN algorithms. arXiv preprint arXiv:1406.4751. arxiv.org
Nodirjonovich, O. T. (2020). A statistical analysis on KDD Cup’99 dataset for network intrusion detection systems. Eurasian Research Bulletin, 6(3), 291–300. researchgate.net
