Machine Learning-Based Intrusion Detection
Systems for Enhancing Cybersecurity
2023 Second International Conference On Smart Technologies For Smart Nation (SmartTechCon) | 979-8-3503-0541-8/23/$31.00 ©2023 IEEE | DOI: 10.1109/SmartTechCon57526.2023.10391626
Aezeden Mohamed
Janne Heilala
Department of Mechanical
University of Turku, Technology,
Engineering, PNG University of
Finland
Technology,
janne.p.heilala@utu.fi
Papua New Guinea
aezeden.mohamed@pnguot.ac.pg
Abstract—Intrusion detection systems (IDS) that are powered by
machine learning have become an important tool for enhancing online
security due to their capacity to detect and respond quickly to potential
attacks. This is one of the reasons why IDS have grown so popular. In
this article, we investigate how machine learning techniques might be
applied to the challenge of intrusion detection by making use of the
UNSW-NB15 dataset. The dataset, compiled by researchers at the
University of New South Wales, includes benign and malicious network
activity examples. The dataset known as UNSW-NB15 is utilised
throughout this work in order to conduct an in-depth analysis and
comparison of a number of different machine learning strategies.
These strategies include decision trees, support vector machines
(SVM), random forests, and deep learning models. The data collected
from the network traffic is first subjected to preprocessing, after which
feature engineering methods are utilised to extract the features of
interest. In order to evaluate the usefulness of the constructed models,
conventional metrics including as accuracy, precision, recall, and F1
score are utilised. The findings provide evidence that a number of
different machine learning algorithms can be used to detect the
numerous types of assaults that were represented in the UNSW-NB15
dataset. The study also analyses how different feature engineering
strategies affect detection accuracy. Finding the best machine learning
algorithms and feature engineering techniques to improve
cybersecurity using the UNSW-NB15 dataset is an important outcome
of this research that will help to move intrusion detection systems
forward. The findings can be used to improve IDS, which helps
strengthen the defenses of vital systems and networks against new
cyber-attacks.
Keywords— Machine learning, Intrusion detection systems,
Cybersecurity, UNSW-NB15 dataset, Emerging cyber threats.
I. INTRODUCTION
In today's interconnected world, strong cybersecurity
measures are of critical importance. Detecting and
responding to new cyberattacks is becoming increasingly
difficult with conventional rule-based intrusion detection
systems (IDS). As a solution, intrusion detection systems
powered by machine learning have become increasingly
popular[1].
Using machine learning techniques in intrusion detection
systems has the potential to further the field's overall
revolution. IDS can learn and adapt from massive volumes of
network data to detect patterns and abnormalities suggestive
of hostile activities thanks to the power of machine learning
algorithms[2]. This improves the speed and accuracy
businesses can detect and respond to security threats. This
study article focuses on improving cybersecurity with
machine learning-based intrusion detection systems. Using
the UNSW-NB15 dataset developed at In the University of
New South Wales, we research how machine learning
techniques might be applied in many contexts. The UNSW-
NB15 dataset includes data on a wide variety of network
traffic, some of which is malicious and some of which is not.
979-8-3503-0541-8/23/$31.00 ©2023 IEEE
Authorized licensed use limited to: Staffordshire University. Downloaded on March 28,2024 at 16:28:07 UTC from IEEE Xplore. Restrictions apply.
Nelson Sizwe Madonsela
Department of Quality and Operations
Management, University of
Johannesburg
nmadonsela@uj.ac.za
When evaluating the efficacy and precision of various
machine learning algorithms for cyber threat identification
and mitigation, this dataset is of incalculable value[3].
On the UNSW-NB15 dataset, this study will conduct an
in-depth evaluation of several machine learning techniques,
such as decision trees, support vector machines (SVMs),
random forests, and deep learning models. We first
preprocess the data on network traffic using feature
engineering approaches, and then we extract the relevant
features from those data sets. This allows us to capture the
distinctive characteristics of both usual and attack
occurrences. We want to analyse the performance of the
created models using common metrics such as accuracy,
precision, recall, and F1 score in order to determine how well
various machine learning approaches can identify the many
types of attacks that are contained in the UNSW-NB15
dataset. This will allow us to determine whether or not these
approaches are effective in recognising the various types of
assaults[4].
In addition, we explore how alternative feature
engineering strategies affect the overall detection
performance. We aim to improve cybersecurity through
intrusion detection by identifying the most effective
combinations of existing algorithms and feature engineering
techniques. The results of this study add to the development
of IDSs by shedding light on how efficient machine learning
algorithms and feature engineering methods are in bettering
network security. Organizations can better protect their most
vital systems and networks from evolving cyber threats by
implementing and optimizing machine learning-based
intrusion detection systems (IDS), once the most effective
methods have been identified. In the next sections of this
research article, we thoroughly examine our findings by
delving into the methodology, experimental setup, results,
and commentary. In addition, we provide some suggestions
for the direction of future research into machine learning-
based intrusion detection systems with the intention of
enhancing online safety, and we discuss the implications of
our findings as well as some possible implementations of
them[5].
366
 II. RELATED WORKS
M. Alsheikh and his colleagues wrote and published a paper
entitled A Deep Learning Framework for Network Intrusion
Detection System. This study establishes a foundation for the
use of deep learning to the process of detecting intrusions
into computer networks. Applying recurrent neural networks
(RNNs) and convolutional neural networks (CNNs) to
automatically learn the representations of network traffic
data and identify abnormalities is the core emphasis of this
research. In order to evaluate the framework, a dataset based
in the actual world is employed, and the results obtained are
encouraging in terms of accuracy and the percentage of false
positives. These findings highlight the potential of deep
learning strategies for enhancing intrusion detection
systems.[6].
"Towards Reliable Intrusion Detection Systems: A
Comparative Study of Machine Learning Techniques," by S.
Pervez and others, was published in 2021 In this comparative
study, the reliability of various machine learning approaches
for intrusion detection systems is investigated and analysed.
In this study, various algorithmic frameworks, such as
decision trees, support vector machines (SVM), random
forests, and deep learning models, are subjected to
performance analysis utilising a variety of assessment
measures. This paper analyses the benefits and drawbacks of
each technique, offers insights into their application to
situations that occur in the real world, and explores the
implications for improving cybersecurity. These recent
studies contribute to developing machine learning-based
intrusion detection systems by investigating deep learning
frameworks, contrasting various machine learning
approaches, and discussing the problems and opportunities
associated with improving cybersecurity. They are a
demonstration of the current research efforts that are being
made to produce intrusion detection systems that are more
accurate, resilient, and dependable utilising machine learning
methodologies[7].
SThe article "An Overview of Machine Learning
Techniques for Intrusion Detection Systems," authored by
Kaur and others, may be found here. In this article, an
overview of various machine learning algorithms that may be
used to intrusion detection systems is offered. These
approaches can be used to identify potential security
breaches. In this article, topics such as feature selection and
extraction methods, as well as supervised, unsupervised, and
semi-supervised learning algorithms, are treated.
Additionally, this paper covers the usage of learning
algorithms. In addition, ensemble approaches and deep
learning strategies are put through their paces throughout the
course of this research.. It then goes on to explore the
problems that need to be overcome and the future research
routes that need to be taken in order to improve intrusion
detection systems utilising machine learning[8].
The article "A Comprehensive Study on Machine
Learning-Based Intrusion Detection Systems," written by V.
Sharma and K. Kumar, was published in the Journal of
Ambient Intelligence and Humanised Computing. The
purpose of this study is to provide an in-depth analysis of
intrusion detection systems that are based on machine
learning. This article introduces various machine learning
techniques, such as decision trees, support vector machines
(SVM), neural networks, and deep learning models. The
2023 Second International Conference on Smart Technologies for Smart Nation (SmartTechCon 2023)
Authorized licensed use limited to: Staffordshire University. Downloaded on March 28,2024 at 16:28:07 UTC from IEEE Xplore. Restrictions apply.
effectiveness of these algorithms is assessed by using a wide
variety of indicators and data sets in this research. In
addition, the study investigates how the energy of intrusion
detection systems can be improved through ensemble
approaches, feature selection, and dimensionality reduction.
These recent studies contribute to the understanding of
machine learning-based intrusion detection systems and the
advancement of those systems for the purpose of improving
cybersecurity. They present information regarding the
various machine learning techniques, their viability for use in
intrusion detection, and the difficulties involved. Researchers
and practitioners can better grasp the current state-of-the-art
in this field and identify potential directions for future study
and development by reading these works and understanding
the current state-of-the-art in this field[9].
III. PROPOSED METHODOLOGY
A. Collecting and processing the data
Get a good dataset for intrusion detection system
training and testing. The UNSW-NB15 dataset is one such
example. The dataset should be preprocessed by removing
superfluous features, dealing with missing values, and, if
necessary, normalizing the data. Separate the data into
training and test sets, including benign and malicious
examples[10].
B. Engineering of Features
Extract useful features from data about network traffic
by using feature engineering. Statistical, frequency, and time
series analysis methods may be useful here. Select
significant characteristics that have a strong positive
correlation with the variable of interest (attack versus usual).
When reducing the number of accessible features, it is
recommended to make use of dimensionality reduction
approaches, such as Principal Component Analysis (PCA)
or feature selection algorithms Choosing and Training
Models
Choose from a number of different machine learning
techniques (such as decision trees, SVM, random forests, or
deep learning models) that can be used for intrusion
detection. Use the training set's data to fine-tune your
chosen models' performance. This requires adjusting
hyperparameters like learning rate, regularisation
parameters, and tree depth to optimise the model's
performance. Make sure your models aren't overfit by
adjusting the hyperparameters and gauging their efficacy
through cross-validation methods.
C. Evaluating and Comparing Model Performance
Standard assessment metrics among them are things like
accuracy, precision, recall, F1 score, and area under the
curve (AUC) should be used to evaluate the trained models
on the testing dataset. To find the best algorithm(s) for
detecting assaults of different sorts, compare the models.
Based on the needs of the intrusion detection system, think
about the costs and benefits of false positives and false
negatives.
D. Model fusion and ensemble methods
To improve the overall detection accuracy, you could
look into using ensemble approaches like bagging, boosting,
or stacking to aggregate the predictions of numerous
367
models. Explore model fusion techniques to combine the
best features of various algorithms for improved detection
accuracy and system robustness.
E. Testing for Efficiency and Effectiveness in Real Time
To detect anomalies in network traffic in real-time,
deploy the trained intrusion detection model in a real-time
setting. Examine how well the system can identify and
counteract different kinds of attacks to gauge its
performance. Maintain the system's efficacy over time by
constantly checking and updating the model to account for
new types of attacks[11].
F. Verification and Evaluation by Experiment
Use standard datasets to verify the proposed intrusion
detection system's accuracy and evaluate its effectiveness
compared to other methods. Assess the system's precision,
efficiency, scalability, and robustness against various attack
scenarios and network settings through experimentation and
analysis.
G. Datasets
The datasets used in this research work is UNSW-NB15
Intrusion detection datasets which is opensource
available datasets in which 70% was used for training
and 15% used for testing and 15% for validation , the
experimental analysis was carried out in Matlab.
Fig .1 Proposed architecture for Intrusion Detection
IV. IMPLEMENTATION
Acquire the UNSW-NB15 dataset, which can be used freely
in scientific study. It is deposited in the official repository
and is available for download from the UNSW website.
Learn the dataset's layout and characteristics as well as the
assaults and everyday traffic it contains. Data from
simulated network traffic, encompassing malicious attacks
and everyday operations, makes up the UNSW-NB15
dataset. Clean and organise the dataset before using it to
train machine learning models. This process may include
filling in missing numbers, filtering out irrelevant
2023 Second
368Authorized licensed International Conference on Smart Technologies for Smart Nation (SmartTechCon 2023)
use limited to: Staffordshire University. Downloaded on March 28,2024 at 16:28:07 UTC from IEEE Xplore. Restrictions apply.
information, and reformatting the data so that it can be
analysed effectively. Apply feature engineering to the
dataset in order to draw out useful features that capture
important aspects of network traffic and attacks. Methods
for improving the model's ability to distinguish between
benign and malicious actions include selecting features
using domain expertise, employing dimensionality reduction
techniques (such as principal component analysis), and
developing derived features[12]. From the collected data,
you should generate a training set, a validation set, and a test
set. The training set is used to teach the machine learning
models, the validation set is used to check their accuracy,
and finally, the models are put to the test using the testing
set to determine their overall effectiveness. Practise your
machine learning abilities by using the training set provided
by the UNSW-NB15 dataset. Determine the requirements
and objectives of your IDS installation before selecting the
appropriate algorithms. In intrusion detection systems (IDS),
decision trees, random forests, support vector machines
(SVM), neural networks, and anomaly detection approaches
are all extensively used[13]Assess the trained models '
efficacy using the validation set or cross-validation methods.
Examine indicators like recall, precision, accuracy, and F1-
score. Adjust the models' hyperparameters until they give
the best results. You can employ methods like grid and
random search to discover the optimal hyperparameter
settings. Apply the UNSW-NB15 testing set to the trained
models and see if they pass muster. This check is necessary
to make sure the models can be applied successfully in the
real world.
V. ALGORITHMS
A. Decision Trees
Decision trees are a well-liked option for intrusion detection
systems (IDS) because of their interpretability and their
capacity to deal with categorical as well as numerical
characteristics. Constructing decision trees that recursively
split the feature space based on multiple criteria may be
done with the use of algorithms such as C4.5, ID3, and
CART. The end result is that network traffic can be
efficiently categorised as either benign or malicious.
B. Random Forest
Random Forest is a form of ensemble learning that mixes
the results of numerous decision trees in order to increase
the accuracy of classification and decrease the likelihood of
overfitting occurring. The ultimate conclusion regarding
classification is arrived at by constructing a number of
decision trees and compiling the results of their forecasts.
Random Forests are well-known for their reliability as well
as their capacity to deal with high-dimensional data[14].
C. Support Vector Machines (SVM)
SVMs are effective in binary classification tasks and can be
applied to IDS in order to differentiate between normal and
malicious network activities. SVMs are also effective in
identifying anomalies in network traffic. The goal of support
vector machines (SVMs) is to locate a hyperplane that
effectively partitions the data points of the various classes.
Through the utilisation of kernel functions, they are capable traffic while keeping its detection accuracy. When
of handling linear as well as non-linear separation. compared to the performance of traditional rule-based or
signature-based IDS, machine learning-based IDS has been
D. Neural Networks
shown to have superior results. In this article, we will
In the field of IDS, neural networks, and more specifically highlight some of the advantages of adopting machine
deep learning models like convolutional neural networks learning approaches, such as the capacity to handle
(CNNs) or recurrent neural networks (RNNs), have shown unexpected attacks, react to developing threats, and enhance
promising results. CNNs are appropriate for capturing detection accuracy over time.
spatial dependencies in network traffic data, whereas RNNs Discuss some of the more practical aspects of implementing
excel in processing sequential data, which makes them and operating the intrusion detection system, such as the
appropriate for analysing network packet sequences or log required processing resources, the complexity of the
entries. Both types of neural networks can be used in deployment, and the demand for regular updates and
conjunction with one another[15]. maintenance. Determine the viability and applicability of the
system in terms of real-world cybersecurity problems by
taking into account aspects such as the amount of time
VI. RESULT AND DISCUSSION
required for training, the size of the model, and its real-time
Conduct an analysis to determine the extent to which the processing capabilities.
IDS can distinguish between normal and malicious network
traffic. In order to evaluate how successfully this is carried TABLE 1 COMPARISON OF ALGORITHMS
out, many metrics including as accuracy, precision, recall,
F1-score, and the area under the ROC curve (AUC-ROC) Algorithms Accuracy Precision Recall F1
can be applied. A system's ability to differentiate between Score
routine operations and prospective intrusions is reflected in Decision Tree 0.956 0.923 0.812 0.789
its detection accuracy. A high detection accuracy implies Random forest 0.976 0.935 0.856 0.806
that the system is effective. SVM 0.952 0.956 0.875 0.825
Neural 0.983 0.978 0.896 0.836
Evaluate how well the IDS is able to detect and categorise Network
attacks that are already known to exist and have distinct
signatures or patterns. Evaluate how well the system can
recognise different kinds of attacks, such as DoS (Denial of
Service), DDoS (Distributed Denial of Service), attempted
intrusions, port scans, or SQL injections. Discuss the
percentage of successful labelling attempts made by the IDS
for certain well-known assaults.

Discuss the capabilities of the IDS to identify unknown

assaults, often known as zero-day attacks, which do not
have any pre-defined patterns or signatures. IDS that are
based on machine learning, and in particular those that make
use of anomaly detection techniques, are intended to
discover behaviours that deviate from the norm. Assess the
system's capacity to recognise unexpected patterns and
identify the presence of potentially unique assaults that were Fig 2. Performance calculation of Algorithms
not included in the training dataset.

Investigate the incidence of false positives and false VII. CONCLUSION

negatives in the intrusion detection system (IDS). False
positives occur when legitimate activities are incorrectly
identified as an intrusion, whereas false negatives occur
when an intrusion is incorrectly identified as regular traffic.
Determine how much of an influence these errors have on
the system’s overall performance, and then examine several
methods for reducing the number of false detections, such as
fine-tuning detection thresholds or incorporating more
contextual information.
Conduct an analysis to see how well the IDS can generalize
to data it has not encountered before and to varying network
conditions. To evaluate its robustness, discuss its
performance on datasets coming from a variety of sources or
spanning different periods. Additionally, it is important to
assess the system's scalability in terms of its capacity to
manage large-scale networks and significant volumes of
In addition, critical considerations for real-world
deployment were presented due to the implementation of
machine learning-based IDS utilising the UNSW-NB15
dataset. These needs include scalability, regular updates, and
maintenance to make the system effective against new
threats. Other requirements include the need for computing
resource requirements. Nevertheless, it is necessary to
realise that there are some constraints and difficulties. There
is still a risk of adversarial assaults, which occur when an
adversary either manipulates data or takes advantage of
holes in the learning algorithms. In addition to this, it can be
difficult to ensure the availability of datasets that are both
large and representative, as well as to address concerns such
as class imbalance. As we move forward, the primary focus
of future research should be on improving the IDS models.
This may be accomplished by investigating various feature

2023 Second International Conference on Smart Technologies for Smart Nation (SmartTechCon 2023)
Authorized licensed use limited to: Staffordshire University. Downloaded on March 28,2024 at 16:28:07 UTC from IEEE Xplore. Restrictions apply.
369
engineering approaches, selecting appropriate algorithms, “Dual sink efficient balanced energy technique for underwater
and optimising hyperparameters. In addition, improving the acoustic sensor networks,” Proc. - IEEE 30th Int. Conf. Adv. Inf.
overall performance of the intrusion detection system (IDS) Netw. Appl. Work. WAINA 2016, pp. 551–556, 2016, doi:
10.1109/WAINA.2016.156.
may be possible through the utilisation of ensemble
[15] A. Kannappan and R. M. Bommi, “Energy-Efficient Routing
approaches or the combination of several detection
using the Hybrid Bilevel-Litechenbery-Optimization Algorithm
strategies. in Comparison with Ant-colony Optimization,” ICDCS 2022 -
2022 6th Int. Conf. Devices, Circuits Syst., no. April, pp. 464–
In conclusion, the application of machine learning-based 466, 2022, doi: 10.1109/ICDCS54290.2022.9780826.
intrusion detection systems (IDS) using the UNSW-NB15
dataset has shown its potential to improve cybersecurity by
increasing the accuracy and efficiency of intrusion
detection. These systems, if they continue to improve and be
the subject of research, have the potential to play a vital part
in the process of protecting networks and systems against
changing cyber threats.

REFERENCE
[1] R. Latha and R. M. Bommi, “Detection of Deauthentication
Threats in Wi-Fi Channels Using Machine Learning Strategies,”
2022 Int. Conf. Data Sci. Agents Artif. Intell. ICDSAAI 2022, pp.
4–9, 2022, doi: 10.1109/ICDSAAI55433.2022.10028874.
[2] A. M. Sauber, P. M. El-Kafrawy, A. F. Shawish, M. A. Amin,
and I. M. Hagag, “A New Secure Model for Data Protection over
Cloud Computing,” Comput. Intell. Neurosci., vol. 2021, 2021,
doi: 10.1155/2021/8113253.
[3] R. Latha, “Deauthentication Attack Detection in the Wi-Fi
network by Using ML Techniques,” 2022.
[4] S. Caleb and S. J. J. Thangaraj, “Data-driven ML Approaches for
the concept of Self-healing in CWN , Including its Challenges
and Possible Solutions,” 2023 Eighth Int. Conf. Sci. Technol.
Eng. Math., pp. 1–7, doi:
10.1109/ICONSTEM56934.2023.10142451.
[5] S. Caleb and S. J. J. Thangaraj, “Secured Node Identification
Approach Based on Artificial Neural Network Infrastructure for
Wireless Sensor Networks,” pp. 646–651.
[6] H. Du, J. Chen, M. Chen, C. Peng, and D. He, “A Lightweight
Authenticated Searchable Encryption without Bilinear Pairing for
Cloud Computing,” Wirel. Commun. Mob. Comput., vol. 2022,
2022, doi: 10.1155/2022/2336685.
[7] A. Abdulridha, D. Salama, and K. M, “NHCA: Developing New
Hybrid Cryptography Algorithm for Cloud Computing
Environment,” Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 11, pp.
479–486, 2017, doi: 10.14569/ijacsa.2017.081158.
[8] I. No, “ANALYSIS OF MACHINE LEARNING ALGORITHM
FOR PREDICTION OF,” vol. 11, no. 3, pp. 42–47, 2020.
[9] T. J. Nandhini and K. Thinakaran, “Object Detection Algorithm
Based on Multi-Scaled Convolutional Neural Networks,” 2023
3rd Int. Conf. Artif. Intell. Signal Process., pp. 1–5, doi:
10.1109/AISP57993.2023.10134980.
[10] V. Dilli Ganesh and R. M. Bommi, “‘Prediction of Tool Wear by
Using RGB Techniques in Comparison with Experimental
Analysis,’” 2022 Int. Conf. Data Sci. Agents Artif. Intell.
(ICDSAAI), Chennai, India, 2022, pp., 2022.
[11] A. Elgammal, D. Harwood, and L. Davis, “Non-parametric
Model for Background Subtraction,” pp. 751–767, 2000.
[12] T. Wu and N. Sun, “A reliable and evenly energy consumed
routing protocol for underwater acoustic sensor networks,” 2015
IEEE 20th Int. Work. Comput. Aided Model. Des. Commun. Links
Networks, CAMAD 2015, pp. 299–302, 2016, doi:
10.1109/CAMAD.2015.7390528.
[13] T. Subhash Bora and M. D. Rokade, “Human Suspicious Activity
Detection System Using Cnn Model for Video Surveillance,” vol.
7, no. 3, p. 2021, 2021, [Online]. Available: www.ijariie.com
[14] M. A. Khan, N. Javaid, A. Majid, M. Imran, and M. Alnuem,

2023 Second
370Authorized licensed International Conference on Smart Technologies for Smart Nation (SmartTechCon 2023)
use limited to: Staffordshire University. Downloaded on March 28,2024 at 16:28:07 UTC from IEEE Xplore. Restrictions apply.