An Analysis of AI-based Supervised Classifiers for Intrusion Detection in Big Data

In the recent years, the researchers have investigated Artificial Intelligence (AI) based classifiers for intrusion detection to deal with the weaknesses of traditional intrusion detection systems (IDSs). Research focuses on network flows, logs, and system events during their analysis for detecting the intrusions. Network flows, logs, and system events, etc. generate big data. Big Data analytics using AI based techniques can correlate multiple information sources into a coherent view, identify intrusive activities, and finally achieve effective and efficient intrusion detection.

A single generalized performance metric (GPM) has been proposed, based upon standard performance metrics and performance a comprehensive set of experiments to compare and evaluate performance of the AI based supervised classifiers. The performance of various classifiers has been analyzed using a subset of benchmark KDD cup 1999 dataset as training and Test dataset. The KDD dataset represents a heterogeneous collection of data values from multiple sources containing data from network flows, logs, computed values, etc. This work has a significant aspect of using a variety of performance metrics to evaluate the AI based supervised classifiers. The empirical results indicate that bagged tree-J48 classifier is the best and the stable classifier in this set of experiments. Further, it has been observed that rule based JRip & Bagged Tree-J48 for probe, Bagged tree-J48 for DoS, JRip for U2R and Naïve Bayes, bagged tree-J48 and neural network based MLP for R2L attack class are perform better results for detecting individual attack classes. The results help to identify the base classifiers for designing a heterogeneous ensemble for effective intrusion detection. This empirical analysis is not only a comparison of various classifiers to identify the best classifier and best classifiers for individual attack classes, but also reveals guidelines for researchers to apply AI based classifiers to field of intrusion detection and directions for further research in this field.