Comparative Analysis of Ensemble Machine Learning and Hybrid Deep Learning Models for Intrusion Detection

Abstract

The emergence of cloud computing and corporate data centers has increased traffic on the Internet, making them more vulnerable to cyberattacks. Signature-based IDSs are not capable of recognizing emerging threats due to the dependence on known patterns of attacks. Therefore, machine learning and deep learning can be used as tools for intrusion detection in the modern network environment. This paper examines three popular machine learning and hybrid IDS models: Random Forest (RF), XGBoost, and CNN-LSTM. Their effectiveness was evaluated based on the use of the CSE-CIC-IDS2018 dataset containing real network traffic and such attacks as brute force attacks, DDoS, botnets, and others. Such techniques as data cleaning, feature encoding, normalization, and feature selection were used in the preprocessing step. The models were compared using several quality metrics such as accuracy, precision, recall, F1-score, false positive rate, and receiver operating characteristic. Experimental results prove that XGBoost shows the best performance with 97.97% accuracy, 0.9797 F1-score, and 0.0051 false positive rate, followed by Random Forest with the accuracy of 97.90%. At the same time, CNN-LSTM has shown an excellent result in recognizing temporal patterns in network traffic with the accuracy of 97.40%. These findings illustrate the efficacy of ensemble-based approaches on tabular datasets and the power of hybrid deep learning algorithms for sequential data. In general, this research stresses the significance of choosing the right IDS models by considering accuracy, speed, and deployability aspects.