A Framework of Machine Learning Based Intrusion Detection System using Classification and Feature Selection

Abstract

In a network environment, it is imperative to classify the network traffic as normal or anomaly so as to be able to ensure network and data security. The access to various resources is controlled using access control mechanisms, one such being the role-based access control (RBAC). The analysis and classification of the network traffic is time-consuming and error-prone when done by humans. Recently, machine learning techniques have been used extensively in such scenarios. In this paper, role-based access control data in conjunction with Network Socket Layer-Knowledge Discovery and Data Mining (NSL-KDD) dataset has been analyzed using machine learning techniques. In our work, we propose a two-level framework that uses a custom dataset consisting of some features selected with a feature selection method from NSL-KDD dataset to which another feature called ‘Role’ is added. Supervised machine learning algorithms have been employed to build classification models to classify the network traffic records as normal or anomaly. The second part of the framework further classifies the anomalies into four attack categories that can then be used to specifically find the particular role which performed the attack, and accordingly the network administrator can take corrective measures. Such a framework can be used in effective analysis of network accesses where security is a major concern.