Practical Performance of a Distributed Processing Framework for Machine-Learning-based NIDS
This work addresses performance evaluation for network security practitioners, but it is incremental as it builds on an existing framework without introducing new methods.
The study implemented five machine learning classifiers within a distributed processing framework for network intrusion detection systems and evaluated their throughput and latency, identifying performance differences and bottlenecks.
Network Intrusion Detection Systems (NIDSs) detect intrusion attacks in network traffic. In particular, machine-learning-based NIDSs have attracted attention because of their high detection rates of unknown attacks. A distributed processing framework for machine-learning-based NIDSs employing a scalable distributed stream processing system has been proposed in the literature. However, its performance, when machine-learning-based classifiers are implemented has not been comprehensively evaluated. In this study, we implement five representative classifiers (Decision Tree, Random Forest, Naive Bayes, SVM, and kNN) based on this framework and evaluate their throughput and latency. By conducting the experimental measurements, we investigate the difference in the processing performance among these classifiers and the bottlenecks in the processing performance of the framework.