Design and Development of an Efficient Network Intrusion Detection System Using Machine Learning Techniques
Table 12
R2L attack evaluated with hybrid NID-Shield NIDS approach.
(a)
Total instances
13,658
Correctly classified instances
13,648
Incorrectly classified instances
10
Execution time
1.92 seconds
Kappa measures
0.9758
MAE
0.0005
RMSE
0.0118
RAE
7.3124%
RRSE
20.4253%
(b)
Accuracy
TP rate
FP rate
Precision
Recall
-measure
MCC
ROC area
PRC area
Class
100%
1.000
0.019
1.000
1.000
1.000
0.978
1.000
1.000
normal
100%
1.000
0.000
1.000
1.000
1.000
1.000
1.000
1.000
ftp_write
100%
1.000
0.000
0.875
1.000
0.933
0.935
1.000
0.982
imap
100%
1.000
0.000
0.900
1.000
0.947
0.949
1.000
1.000
phf
100%
1.000
0.000
1.000
1.000
1.000
1.000
1.000
1.000
multihop
100%
1.000
0.000
1.000
1.000
1.000
1.000
1.000
1.000
warezmaster
97.4%
0.974
0.000
0.974
0.974
0.974
0.974
1.000
0.999
warezclient
91.7%
0.917
0.000
1.000
0.917
0.957
0.957
1.000
0.969
spy
100%
1.000
0.000
1.000
1.000
1.000
1.000
1.000
1.000
gess_passwd
Weighted Avg.
99.99%
0.999
0.019
0.999
0.999
0.999
0.978
1.000
1.000
(c)
Confusion matrix
13444
0
0
0
0
0
0
0
0
0
5
0
0
0
0
0
0
0
0
0
7
0
0
0
0
0
0
0
0
0
9
0
0
0
0
0
0
0
0
0
6
0
0
0
0
0
0
0
0
0
12
0
0
0
0
0
0
0
0
0
150
0
0
0
0
1
0
2
0
0
11
0
0
0
0
1
0
2
4
0
4
—classified as normal, —classified as ftp_write, —classified as imap, —classified as phf, —classified as multihop, —classified as warezmaster, —classified as warezclient, —classified as spy, —classified as guess_passwd.