Intelligent Intrusion Detection System Using RF, SVM, and DT: A Comparison-Based KDD Data Set

Abstract

The rapid growth of technology has brought about many advantages, but has also made networks more susceptible to security threats. Intrusion Detection Systems (IDS) play a vital role in protecting computer networks against malicious activities. Given the dynamic and constantly evolving nature of cyber threats, these systems must continuously adapt to maintain their effectiveness. Machine Learning (ML) methods have gained prominence as effective tools for constructing IDS that offer both high accuracy and efficiency. This study conducts a performance assessment of several machine learning classifiers, including Random Forests (RF), Decision Trees (DT), and Support Vector Machines (SVM), in addressing multiclass intrusion detection as a means to counter cybersecurity threats. The NSL-KDD dataset, which includes various network attacks, served as the basis for our experimental evaluation. The research explores two classification scenarios: a five-class and a three-class model, analyzing their impact on detection performance. The results demonstrate that RF consistently achieves the highest accuracy (85.42%) on the three-class scenario testing set, highlighting its effectiveness in handling patterns and non-linear relationships within the intrusion data. Furthermore, reducing the classification complexity (three classes vs. five classes) significantly improves model generalization, as evidenced by the reduced performance gap between training and testing data. Friedman's rank test and Holm's post-hoc analysis were applied to ensure statistical rigor, confirming that RF outperforms DT and SVM in all evaluation metrics. These findings establish RF as the most robust classifier for intrusion detection and underscore the importance of simplifying classification tasks for improved IDS performance.