TY - GEN
T1 - Machine Learning Approaches for Effective Intrusion Detection Systems
AU - Hong, Lee Weng
AU - Aslam, Saad
AU - Majeed, Anwar P.P.Abdul
AU - Teh, Sze Hong
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.
PY - 2025
Y1 - 2025
N2 - Intrusion Detection Systems (IDS) are critical for safeguarding network infrastructures against various cyberattacks. While many researchers have shown that Machine Learning (ML)-based IDS can identify malicious traffic in synthetic datasets, few have evaluated their performance against real-world network traffic. This paper explores the impact of preprocessing techniques on model performance and evaluates how well an IDS trained on a synthetic dataset performs in real-world settings. We propose that incorporating a Local Baseline Profile (LBP) during training improves model performance. Our experiments include dataset size reduction, SMOTE oversampling, attack class grouping, dataset scaling, and feature reduction. We created multiple IDS models using the best preprocessing combinations and tested them against locally captured network traffic, containing both benign and attack traffic. Our findings show that adding LBP during training significantly improved detection rates for Decision Tree and Random Forest models in Brute Force attacks. However, our proposed IDS has limitations in detecting a wider range of network attacks, especially more complex and unseen ones. This highlights the need for enhanced training data, advanced feature extraction techniques, and adaptive learning models to improve IDS performance.
AB - Intrusion Detection Systems (IDS) are critical for safeguarding network infrastructures against various cyberattacks. While many researchers have shown that Machine Learning (ML)-based IDS can identify malicious traffic in synthetic datasets, few have evaluated their performance against real-world network traffic. This paper explores the impact of preprocessing techniques on model performance and evaluates how well an IDS trained on a synthetic dataset performs in real-world settings. We propose that incorporating a Local Baseline Profile (LBP) during training improves model performance. Our experiments include dataset size reduction, SMOTE oversampling, attack class grouping, dataset scaling, and feature reduction. We created multiple IDS models using the best preprocessing combinations and tested them against locally captured network traffic, containing both benign and attack traffic. Our findings show that adding LBP during training significantly improved detection rates for Decision Tree and Random Forest models in Brute Force attacks. However, our proposed IDS has limitations in detecting a wider range of network attacks, especially more complex and unseen ones. This highlights the need for enhanced training data, advanced feature extraction techniques, and adaptive learning models to improve IDS performance.
KW - IDS Performance
KW - Intrusion Detection Systems
KW - Machine Learning
KW - Preprocessing
KW - Real-world Cyber Security Threats
UR - http://www.scopus.com/inward/record.url?scp=105002720275&partnerID=8YFLogxK
U2 - 10.1007/978-981-96-3949-6_33
DO - 10.1007/978-981-96-3949-6_33
M3 - Conference Proceeding
AN - SCOPUS:105002720275
SN - 9789819639489
T3 - Lecture Notes in Networks and Systems
SP - 410
EP - 419
BT - Selected Proceedings from the 2nd International Conference on Intelligent Manufacturing and Robotics, ICIMR 2024 - Advances in Intelligent Manufacturing and Robotics
A2 - Chen, Wei
A2 - Ping Tan, Andrew Huey
A2 - Luo, Yang
A2 - Huang, Long
A2 - Zhu, Yuyi
A2 - PP Abdul Majeed, Anwar
A2 - Zhang, Fan
A2 - Yan, Yuyao
A2 - Liu, Chenguang
PB - Springer Science and Business Media Deutschland GmbH
T2 - 2nd International Conference on Intelligent Manufacturing and Robotics, ICIMR 2024
Y2 - 22 August 2024 through 23 August 2024
ER -