Intrusion detection systems using classical machine learning techniques versus integrated unsupervised feature learning and deep neural network
This addresses the challenge of detecting unforeseen network intrusions for security analysts, but it is incremental as it builds on existing methods with a comparative study.
The paper compared classical machine learning methods, which require extensive feature engineering, with an integrated approach using unsupervised feature learning and deep neural networks for intrusion detection on the NSL-KDD dataset, finding that a DNN with 15 PCA-extracted features was most effective and also performed well with Software Defined Networking features.
Security analysts and administrators face a lot of challenges to detect and prevent network intrusions in their organizations, and to prevent network breaches, detecting the breach on time is crucial. Challenges arise while detecting unforeseen attacks. This work includes a performance comparison of classical machine learning approaches that require vast feature engineering, versus integrated unsupervised feature learning and deep neural networks on the NSL-KDD dataset. Various trials of experiments were run to identify suitable hyper-parameters and network configurations of machine learning models. The DNN using 15 features extracted using Principal Component analysis was the most effective modeling method. The further analysis using the Software Defined Networking features also presented a good accuracy using Deep Neural network.