Comparative Analysis of Anomaly Based Intrusion Detection Techniques

In the rapidly evolving landscape of cybersecurity, anomaly-based intrusion detection systems (IDS) are critical for identifying zero-day attacks in Internet of Things (IoT) devices. This research presents a comprehensive comparative analysis of various machine learning algorithms applied to three distinct datasets: the NSL-KDD, UNSW-NB15, and a Binary Visualization Image Dataset. A total of six machine learning models were developed and evaluated, including Random Forest (RF), Decision Tree (DT), Neural Networks (NN), Gaussian Naive Bayes (GNB), Logistic Regression (LR), and Support Vector Classifier (SVC). Our findings reveal that both RF and DT achieved outstanding performance metrics on the NSL-KDD dataset, with accuracies of 99.49%, while NN closely followed with an accuracy of 98.88%. Conversely, the performance on the UNSW-NB15 dataset showed a decline across all models, with RF and DT maintaining the highest accuracy at 97.45% and 97.45%, respectively, and NN achieving 93.76% accuracy. The Binary Visualization Image Dataset results indicated a validation accuracy of 94.71% for the ResNet50 model, though it exhibited signs of overfitting. The analysis highlighted the importance of precision in the context of intrusion detection, with GNB demonstrating high precision yet low recall, indicating its tendency to misclassify normal traffic as malicious. Overall, this study underscores the effectiveness of ensemble methods and deep learning architectures in enhancing intrusion detection capabilities, contributing to the ongoing efforts to secure IoT environments against emerging threats.