Background: Network intrusion detection systems (NIDS) are a
critical line of defence against cyberattacks, and machine learning approaches
have increasingly replaced signature-based methods due to their ability to
detect previously unseen attack patterns, though performance varies
substantially across algorithms and is strongly affected by class imbalance in
benchmark datasets.
Objective: This study evaluates and compares the performance
of five machine learning classifiers, Naive Bayes, Logistic Regression, Random
Forest, XGBoost, and a Deep Neural Network (DNN), for binary network intrusion
detection (normal vs. attack traffic), with the Synthetic Minority Oversampling
Technique (SMOTE) applied to address class imbalance.
Method: A simulated dataset, modelled on patterns reported
in published research using the NSL-KDD and CICIDS2017 benchmark datasets, was
used to evaluate accuracy, precision, recall, F1-score, and area under the ROC
curve (AUC) across thirty simulated train-test runs (six replicates per
classifier). Data were analysed using descriptive statistics and one-way
analysis of variance (ANOVA) in Python (scikit-learn, XGBoost) and SPSS
(version 27).
Key Results: XGBoost achieved the highest overall performance
(accuracy = 98.6%, F1-score = 98.4%, AUC = 0.994), followed closely by the Deep
Neural Network (accuracy = 98.2%) and Random Forest (accuracy = 97.8%). Naive
Bayes recorded the weakest performance (accuracy = 89.4%, F1-score = 85.2%),
consistent with its known sensitivity to feature independence assumptions.
SMOTE-based class balancing improved minority-class (attack) recall across all
classifiers, with the largest relative gain observed for Logistic Regression.
Please enter the email address corresponding to this article submission to download your certificate.
