Abstract

Intruders have become more and more sophisticated thus a deterrence mechanism such as an intrusion detection systems (IDS) is pivotal in information security management. An IDS aims at capturing and repealing any malignant activities in the network before they can cause harmful destruction. An IDS relies on a well-trained classification model so the model is able to identify the presence of attacks effectively. This paper compares the performance of IDS by exerting random forest classifier with respect to two performance measures, i.e. accuracy and false alarm rate. Three public intrusion data sets, i.e NSL-KDD, UNSW-NB15, and GPRS are employed in the experiment. Furthermore, different tree-size ensembles are considered whilst other best learning parameters are obtained using a grid search. Our experimental results prove the superiority of random forest model for IDS as it significantly outperforms the similar ensemble, i.e. ensemble of random tree + naive bayes tree and other single classifier, i.e. naive bayes and neural network in terms of k-cross validation method.