Evaluation of CICIDS2017 with Qualitative Comparison of Machine Learning Algorithm

摘要

Anomaly Intrusion Detection Systems (AIDS) are crucial for the network security of any organization due to the evolution of novel malware attacks that are capable of deceiving the traditional detection methods. In this paper, we develop three AIDS models using machine learning K Nearest Neighbors (KNN), enhanced KNN and Local Outlier Factor (LOF) techniques. The three approaches were applied on the CICIDS2017 dataset for training, testing and evaluation. A comparison between the three approaches was provided and our model produced promising results with average accuracy of 90.5% for the LOF approach. Contrary to the previous work, our models were tested with no prior training on abnormal samples demonstrating an encouraging average detection rate of 92.74 % for zero day attacks.