Network Intrusion Detection and Attack Type Classification using Machine Learning

Abstract

In handling vulnerabilities in computer networks, Network Intrusion Detection System (NIDs) plays a vital role. Complex and time-varying network packets are flowing between connected networks and a large portion of the network data may remain normal whereas there is small portion of attack data that can be mixed. There are many kinds of network attacks. To detect and classify various kinds of attack data in network packets, machine learning algorithms are very popular and inevitable to be applied. We intend to use the NSL-KDD Dataset which was published in 2001 as an improvement to the KDD Cup'99 dataset where there are 24 different attack types mixed with normal data in the training set. There are 41 features for each of the data in the network dataset. In this work, we use machine learning algorithms to classify both normal and attack data. While there are many classification techniques, our goal is to increase the typical accuracy in detection and classification of network intrusions. To demonstrate the effectiveness of our approach, we present the confusion matrix that demonstrates accuracy, and include a graphical representation of the clusters in order to better visualize the classification of different types of attacks.