Table 1 Previous state-of-the-art ML based intrusion detection systems and the proposed method
Models | UNSW (in %) | KDD (in %) | Binary classification | Detecting single type of attack | Multi-class classification |
|---|---|---|---|---|---|
NvCloudIDS [7] | 94.54 | - | ✓ | - | - |
ADDM [9] | 97.1 | 99.2 | ✓ | - | - |
GF+SVM [8] | Normal 97.45 | ||||
Generic 91.51 | Normal 99.05 | ||||
Exploits 79.19 | DoS 99.95 | ||||
DoS 91.24 | Probe 99.06 | - | ✓ | - | |
Fuzzers 96.39 | R2L 98.25 | ||||
Reconnaissance 91.51 | U2R 100 | ||||
Shellcode 99.45 | |||||
RepTree [10] | 88.95(Binary) | 89.85(Binary) | ✓ | - | ✓ |
81.28 (Multi-class) | 83.59(Multi-class) | ||||
Simulated annealing+SVM [11] | 98.76 | - | ✓ | - | - |
Step-wise RF [12] | Normal 99.50 | ||||
Exploits 99.50 | |||||
DoS 20.00 | |||||
Analysis 2.00 | - | ✓ | - | ||
Backdoor 5.00 | |||||
Reconnaissance 86.00 | |||||
Shellcode 80.00 | |||||
Worm 70.00 | |||||
ANN+GF [13] | 91.98 | 95.46 | ✓ | - | - |
Multi-scale Hebbian [14] | 93.56 | ✓ | - | - | |
Unsupervised FE+classification [15] | 89.00 | - | ✓ | - | - |
Semi-supervised ML [16] | 93.74 | 98.23 | ✓ | - | - |
MLP [17] | 93.29 | - | ✓ | - | - |
ICVAE-DNN [18] | 89.08 | 85.97 | - | - | ✓ |
BMM+outlier detection [19] | Normal 93.40 | ||||
Generic 80.50 | |||||
Exploits 79.40 | |||||
DoS 89.60 | |||||
Analysis 83.40 | |||||
Backdoor 63.80 | - | - | ✓ | ✓ | |
Reconnaissance 55.60 | |||||
Shellcode 48.70 | |||||
Worm 47.80 | |||||
Overall 92.70 | |||||
GRU-RNN [20] | - | 89.00 | - | - | ✓ |
Proposed method: ExtraTrees+ELM ensemble+softmax | 98.24 | 99.76 | - | ✓ | ✓ |
Proposed method: ExtraTrees+WELM ensemble+softmax | 98.69 | 99.83 | - | ✓ | ✓ |