Abstract:
The continual release of new network attack patterns, and the increasing complexities of these
attacks have craved for a secured network. In recent times, machine learning-based intrusion
detection systems (ML-IDS) have been successful in detecting network intrusions. However, there
are still reported issues of low detection rate and high false positives. Hence, a more reliable and
effective ML-IDS is required. This research proposed an intrusion detection model using support
vector machine and decision tree. This requires obtaining publicly available UNSW-NB15
intrusion detection dataset. The training and test set of the dataset were pre-processed using feature
conversion method to transform categorical features to numeric feature and Min-normalization
method to scale the dataset to fit into a range between 0 and 1. Thereafter, important network
features were selected using a filter method (information gain) and feature extraction method
(principal component analysis). Ten (10) features apiece were selected using information gain and
principal component analysis. The selected features from the training set were fed into the two
classifiers (decision tree and support vector machine) to learn network traffic patterns and detect
normal traffics from attack traffics. The developed IDS models were tested using the test set.
Thereafter, the models were evaluated as support vector machine slightly outperformed decision
tree with an accuracy of 90.41% and recall rate of 96.27% against decision trees’ 90.2%, 87.9%
respectively.
