Development of an Efficient Network Intrusion Detection Model Using Extreme Gradient Boosting (XGBoost) on the UNSW-NB15 Dataset

Network intrusion detection systems are used to help protect and secure network infrastructures. Efficient network intrusion models are required to analyze and assess both present and future network attacks. Various machine learning methods have been developed and evaluated to attempt to efficiently analyze and predict network intrusion attacks to determine network attributes that may contribute to a particular attack type. In this study, we evaluated the UNSW-NB15 data set, represents modern day network attacks and network traffic compared to the previous standard KDD99 data set. Among various machine learning algorithms, extreme gradient boosting (XGBoost) that provides highly efficient and accurate data predictive model were used. We also were able to select a subset of 23 out of 39 usable features using information gain obtained through XGBoost to help distinguish network attack types. Through bivariate analysis, we could compute the percentage of records in a particular value range correspond to an attack type. The final XGBoost model that was developed uses 23 features, may be used for any future network intrusion data where these 23 features are available to easily and efficiently predict network attack types.