Network intrusion detection systems are software or devices used to detect malignant attackers in modern internet networks. The success of these systems depends on the performance of the algorithm and method used to catch attacks and the time it takes for it. Due to the continuous internet traffic, these systems are expected to detect attacks in real time. In this study, using a proposed pre-processing, internet traffic data becomes more easily processable and traffic is classified by network analysis with machine learning techniques. In this way, the traffic analysis time was significantly shortened and a high level of success was achieved. The proposed model has been tested in the CSE-CIC-IDS2018 dataset and its advantaged verified. Experimental results i) 99.0% detection rate was achieved in the ExtraTree algorithm for binary classification, while a reduction of 82.96% was achieved in the processing time per sample; ii) For multiclass (15 class) detection, 98.5% detection rate was achieved with the Random Forest algorithm, while a 64.43% shortening was achieved in the processing time per sample. As a result, similar classification rate with the studies in the literature has been achieved with much shorter test time.

Reviewers Suggestions

Assoc. Prof. İbrahim Alper Doğru - iadogru@gazi.edu.tr Asst. Prof. Ahmet Haşim Yurttakal - ahyurttakal@aku.edu.tr