Effectiveness of Machine Learning Models in Intrusion Detection Systems: A Systematic Review

Abstract

While there are several benefits of machine learning (ML) algorithm for intrusion detection, it has been established that there are other issues like time span and classification of data. Thus, this study conducted a systematic review on the effectiveness of machine learning models in intrusion detection systems. Using the meta-synthesis research design, the study adopts a systematic literature review approach. Different databases (Web of Science, Scopus, Google Scholar, IEEE Xplore, and CINAHL) were consulted and the search techniques required the use of Preferred Reporting Items for Systematic Reviews and Meta-analysis (PRISMA). Data were extracted from the nineteen final selected studies, using the data extraction table. Results showed that the commonly used ML models include Random Forest (RF), Support Vector Machine (SVM), Decision Trees (DT), Naïve Bayes (NB), K-Nearest Neighbors (KNN), Logistic Regression (LR), Gradient Boosting, and AdaBoost. Findings showed that the performance metrics used to measure the effectiveness of ML-enhanced intrusion detection systems include accuracy, precision, recall, F1-score, error margin, false positive rate (FPR), false negative rate (FNR), and area under the ROC curve (AUC). It was demonstrated that ML algorithms perform well in detecting various cyber intrusions. The datasets used for training machine learning models include KDD Cup 99, NSL-KDD, UNSW-NB15, Kyoto, CICIDS2017, and Wireless Sensor Network Dataset (WSN-DS). The challenges associated with the application of ML algorithms for intrusion detection systems include data imbalance, high dimensionality, and feature selection complexities. The study concludes that machine learning models have the capacity to detect various cyber  intrusions.