Improved Framework for Detecting and Predicting Various Cyber Attacks Using the NSL-KDD Dataset

Abstract

The cybersecurity environment continues to change rapidly, with continuous growth in the number and level of sophistication of cyberattacks. The attacks become increasingly sophisticated and pervasive, thereby emphasizing the imperative for new-age defense mechanisms. The increasing necessity for effective cybersecurity solutions is due to the evolution of numerous threats such as unauthorized access, DoS attacks, botnets, malware, and worms. These threats have resulted in large-scale computer network damage, creating heavy financial losses. Protection from security attacks is now a crucial issue for traditional cyber systems and the Internet of Things (IoT) framework. This work emphasizes the NSL-KDD dataset analysis and examines the application of different machine learning algorithms in the detection and classification of network intrusions. The NSL-KDD dataset consists of four major categories of cyberattacks: DoS, Probe, User to Root (U2R), and Remote to Local (R2L). For the purpose of implementation, the dataset was obtained from Kaggle. A number of machine learning algorithms like Logistic Regression, Gaussian Naive Bayes, Support Vector Machines (SVM), Decision Trees, Random Forest, and K-Nearest Neighbors (KNN) were used to detect and classify these cyberattacks. Comparison based on the performance measures was performed among these algorithms using cross-validation score, recall, F1-score, precision, and accuracy. Comparison from this assessment provides evidence for the algorithm with the best accuracy and reliability of results in intrusion network detection.