Comparative Analysis of Deep Learning and Machine Learning models for Network Intrusion Detection

The increasing prevalence of security breaches and malicious software attacks is a major concern in the digital landscape, sparking continued interest in malware detection. Malware attacks have a significant impact on computer users, networks, businesses, organizations, and governments. Despite the development of multiple intrusion detection systems aimed at protecting data and resources from attacks, the frequent emergence of new threats and attacks poses a challenge for these systems to detect and prevent them from penetrating the network. One such attack is Advanced Persistent Threats (APTs) which can cause significant damage to computer network and organizations. To handle these attacks, the study has developed an APT detection system that uses various Machine learning (ML) and Deep Learning (DL) based classifiers, which can more effectively extract data features from huge amounts of complex data and understand patterns to detect anomalies and potential threats. This study compares and evaluate their performance and efficiency on NSL-KDD dataset. By evaluating using various evaluation metrics, it was found that Extreme Gradient Boosting (XGBoost) is the most effective model among all models, followed by Multi-Layer Perceptron (MLP) and Convolutional Neural Networks (CNN).