Efficient Hybrid Model for Intrusion Detection Systems

This paper proposes a new hybrid ML model that relies on K-Means clustering and the Variational Bayesian Gaussian Mixture models to efficiently detect and classify unknown network attacks. The proposed model first classifies the input data into various clusters using K-Means. Then, it identifies anomalies in those clusters using the Variational Bayesian Gaussian Mixture model. The model has been tested against the CICIDS 2017 dataset that contains new relevant attacks and realistic normal traffic, with a reasonable size. To balance the data, undersampling techniques were used. Furthermore, the features were reduced from 78 to 28 using feature selection and feature extraction methods. The proposed model shows promising results when identifying whether a data point is an attack or not with an F1 score of up to 91%.