Machine Learning-Based Anomaly Detection for Imbalanced Network Traffic

There is a very bleak outlook on cyber security due to the rapid expansion of the Internet and the ever-changing terrain of cyber-attacks. This article delves into the realm of network analysis for intrusion detection, specifically focusing on the implementation of Methods and Machine Learning (ML). An all-encompassing tutorial description is provided for each ML method, accompanied by an examination of relevant research papers. These studies were read, indexed, and summarized according to their thermal or temporal correlations with great care. Given the paramount importance of data in ML method, the article also sheds light on commonly utilized network datasets within this domain. Furthermore, it addresses the challenges associated with employing ML for cyber security and offers valuable suggestions for future research directions. Interestingly, the KDD data set shows up as a reputable industry standard for intrusion detection methods. The quality of data used for testing and refining the detection model is far more important than the intrusion detection approaches now in development. The KDD data collection is thoroughly analyzed in this research, with a special emphasis on four different attribute classes: Basic, Content, Traffic, and Host. We use the Modified Random Forest (MRF) technique to classify these properties. The analysis focuses on two well-known assessment metrics that are essential to an intrusion detection system's (IDS) proper operation: detection rate (DR) and false alarm rate (FAR). Through empirical analysis, the data set's contributions to DR and FAR for each attribute class are identified, making it easier to optimize the data set for maximum DR and minimum FAR.