Sydney M. Kasongo,Yanxia Sun

DOI: https://doi.org/10.1186/s40537-020-00379-6

2020-11-25

Journal Of Big Data

Abstract:Abstract Computer networks intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are critical aspects that contribute to the success of an organization. Over the past years, IDSs and IPSs using different approaches have been developed and implemented to ensure that computer networks within enterprises are secure, reliable and available. In this paper, we focus on IDSs that are built using machine learning (ML) techniques. IDSs based on ML methods are effective and accurate in detecting networks attacks. However, the performance of these systems decreases for high dimensional data spaces. Therefore, it is crucial to implement an appropriate feature extraction method that can prune some of the features that do not possess a great impact in the classification process. Moreover, many of the ML based IDSs suffer from an increase in false positive rate and a low detection accuracy when the models are trained on highly imbalanced datasets. In this paper, we present an analysis the UNSW-NB15 intrusion detection dataset that will be used for training and testing our models. Moreover, we apply a filter-based feature reduction technique using the XGBoost algorithm. We then implement the following ML approaches using the reduced feature space: Support Vector Machine (SVM), k-Nearest-Neighbour (kNN), Logistic Regression (LR), Artificial Neural Network (ANN) and Decision Tree (DT). In our experiments, we considered both the binary and multiclass classification configurations. The results demonstrated that the XGBoost-based feature selection method allows for methods such as the DT to increase its test accuracy from 88.13 to 90.85% for the binary classification scheme.

Elijah M. Maseno,Zenghui Wang

DOI: https://doi.org/10.1186/s40537-024-00887-9

2024-02-03

Journal Of Big Data

Abstract:Intrusion detection systems play a critical role in the mitigation of cyber-attacks on the Internet of Things (IoT) environment. Due to the integration of many devices within the IoT environment, a huge amount of data is generated. The generated data sets in most cases consist of irrelevant and redundant features that affect the performance of the existing intrusion detection systems (IDS). The selection of optimal features plays a critical role in the enhancement of intrusion detection systems. This study proposes a sequential feature selection approach using an optimized extreme learning machine (ELM) with an SVM (support vector machine) classifier. The main challenge of ELM is the selection of the input parameters, which affect its performance. In this study, the genetic algorithm (GA) is used to optimize the weights of ELM to boost its performance. After the optimization, the algorithm is applied as an estimator in the sequential forward selection (wrapper technique) to select key features. The final obtained feature subset is applied for classification using SVM. The IoT_ToN network and UNSWNB15 datasets were used to test the model's performance. The performance of the model was compared with other existing state-of-the-art classifiers such as k-nearest neighbors, gradient boosting, random forest, and decision tree. The model had the best quality of the selected feature subset. The results indicate that the proposed model had a better intrusion detection performance with 99%, and 86% accuracy for IoT_ToN network dataset and UNSWNB15 datasets, respectively. The model can be used as a promising tool for enhancing the classification performance of IDS datasets.

Bidyapati Thiyam,Shouvik Dey

DOI: https://doi.org/10.1080/1206212X.2023.2223795

2023-06-16

International Journal of Computers and Applications

Abstract:The ever-growing amount of data generated by modern networks poses significant challenges for intrusion detection systems (IDS) in effectively analyzing and classifying security risks. Therefore, it is crucial to identify the most biased characteristics for building efficient and effective IDS algorithms. However, not all features are equally informative or relevant for intrusion detection. In response to these problems, this study proposes a Hybrid approach that uses traditional and advanced statistical techniques. The proposed method effectively validates the features generated from the hybrid model and set-operation theorem to provide the best optimal subset of features for IDS. Various machine learning methods are used to test the proposed model on three popular IDS datasets: NSL-KDD, UNSW NB15, and CIC-DDoS2019. The experimental findings show that the suggested hybrid technique improves IDS performance effectively and efficiently, providing a viable answer to the issues that intrusion detection systems confront.

LIU Yong,SUN Dong-hong,CHEN You,WANG Wan-shan

DOI: https://doi.org/10.3969/j.issn.1005-3026.2010.07.006

2010-01-01

Abstract:A feature selection algorithm can improve efficiently the detection speed and result, with irrelevant and redundant data eliminated and denoised in an intrusion detection system. Taking advantage of the algorithm, a new hybrid feature selection algorithm based on the principal component analysis (PCA) in combination with decision tree algorithm (C4.5) was proposed to develop a lightweight intrusion detection system. Verifying the proposed algorithm in detail via tests with the KDD 1999 dataset, the algorithm was proved that it is available to not only ensure the high detection rate and low false alarm rate but also improve obviously the training/testing time of the intrusion detection system. Furthermore, as a result of comparative tests, the algorithm is superior to GA-SVM algorithm in training/testing time, detection rate and false alarm rate.

Jiadong Ren,Jiawei Guo,Wang Qian,Huang Yuan,Xiaobing Hao,Hu Jingjing

DOI: https://doi.org/10.1155/2019/7130868

IF: 1.968

2019-06-16

Security and Communication Networks

Abstract:Intrusion detection system (IDS) can effectively identify anomaly behaviors in the network; however, it still has low detection rate and high false alarm rate especially for anomalies with fewer records. In this paper, we propose an effective IDS by using hybrid data optimization which consists of two parts: data sampling and feature selection, called DO_IDS. In data sampling, the Isolation Forest (iForest) is used to eliminate outliers, genetic algorithm (GA) to optimize the sampling ratio, and the Random Forest (RF) classifier as the evaluation criteria to obtain the optimal training dataset. In feature selection, GA and RF are used again to obtain the optimal feature subset. Finally, an intrusion detection system based on RF is built using the optimal training dataset obtained by data sampling and the features selected by feature selection. The experiment will be carried out on the UNSW-NB15 dataset. Compared with other algorithms, the model has obvious advantages in detecting rare anomaly behaviors.

computer science, information systems,telecommunications

Ayman I. Madbouly,Amr M. Gody,Tamer M. Barakat

DOI: https://doi.org/10.14445/22315381/IJETT-V9P296

2014-03-30

Abstract:Network intrusions have become a significant threat in recent years as a result of the increased demand of computer networks for critical systems. Intrusion detection system (IDS) has been widely deployed as a defense measure for computer networks. Features extracted from network traffic can be used as sign to detect anomalies. However with the huge amount of network traffic, collected data contains irrelevant and redundant features that affect the detection rate of the IDS, consumes high amount of system resources, and slowdown the training and testing process of the IDS. In this paper, a new feature selection model is proposed; this model can effectively select the most relevant features for intrusion detection. Our goal is to build a lightweight intrusion detection system by using a reduced features set. Deleting irrelevant and redundant features helps to build a faster training and testing process, to have less resource consumption as well as to maintain high detection rates. The effectiveness and the feasibility of our feature selection model were verified by several experiments on KDD intrusion detection dataset. The experimental results strongly showed that our model is not only able to yield high detection rates but also to speed up the detection process.

Cryptography and Security,Machine Learning

Fengjun Zhang,Lisheng Huang,Kai Shi,Shengjie Zhai,Yunhai Lan,Qinghua Li

DOI: https://doi.org/10.1093/comjnl/bxae088

2024-09-16

The Computer Journal

Abstract:Abstract The multidimensional features of network flows are the main data source for intrusion detection, but excessively low-value features generate accuracy and efficiency challenges. Researchers have used redundant feature reduction to simplify intrusion detections, and feature selection algorithms are beginning to be widely used. This paper presents a novel hybrid feature selection algorithm, CSA-FPA, which combines both a crow search algorithm and a flower pollination algorithm. In this method, properties such as local pollination and the levy flight of FPA are used to balance the global search and local search efficiencies, and parameters such as group distance and probability thresholds are introduced to customize the model’s appearance. The simulation results on the UNSW-NB15 and CIC-IDS2017 datasets show that the proposed CSA-FPA method achieves better detection accuracies than previous algorithms. Using the proposed feature selection method, the AdaBoost classifier achieved a detection accuracy of 99.14% on the CIC-IDS2017 dataset and 97.98% on the UNSW-NB15 dataset.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Gulab Sah,Subhasish Banerjee,Sweety Singh

DOI: https://doi.org/10.1007/s10207-022-00616-4

2022-10-08

International Journal of Information Security

Abstract:The intrusion detection system (IDS) plays an important role in extracting and analysing the network traffics to detect aberrant activity. However, emerging technologies, like cloud computing, Internet of Things, etc., generate a large volume of traffics, which may carry the irrelevant attributes that do not have any impact on classification or in detection of assaults. Hence, it's became an open challenge for the researchers to extract the meaningful data from huge amounts of traffic and also to examine whether the selected features could increase IDS performance or not. To solve these issues, features selection approaches (FSA) have been used in this research to remove non-relevant features and find the important ones. Later, the various classifiers have been used to investigate the best classifier which could increase the performance of IDS's detection-engine on the NSL-KDD datasets. However, to validate, the investigated best-performing classifier with the suitable features selection technique (FST) has also been implemented on a real-time dataset, i.e. combined CICIDS2017. The experiment results in this research suggest that the acquired subset of relevant features under the proposed model's (Decision Tree + Recursive Feature Elimination) could increase the IDS performance with average accuracy of 99.21% and 99.94% on the well-known NSL-KDD and CICIDS2017 datasets, respectively, and could also minimize the computation cost, in parallel.

computer science, information systems, theory & methods, software engineering

Saleh Alabdulwahab,BongKyo Moon

DOI: https://doi.org/10.3390/sym12091424

2020-08-27

Symmetry

Abstract:The detection accuracy and model building time of machine learning (ML) classifiers are vital aspects for an intrusion detection system (IDS) to predict attacks in real life. Recently, researchers have introduced feature selection methods to increase the detection accuracy and minimize the model building time of a limited number of ML classifiers. Therefore, identifying more ML classifiers with very high detection accuracy and the lowest possible model building time is necessary. In this study, the authors tested six supervised classifiers on a full NSL-KDD training dataset (a benchmark record for Internet traffic) using 10-fold cross-validation in the Weka tool with and without feature selection/reduction methods. The authors aimed to identify more options to outperform and secure classifiers with the highest detection accuracy and lowest model building time. The results show that the feature selection/reduction methods, including the wrapper method in combination with the discretize filter, the filter method in combination with the discretize filter, and the discretize filter, can significantly decrease model building time without compromising detection accuracy. The suggested ML algorithms and feature selection/reduction methods are automated pattern recognition approaches to detect network attacks, which are within the scope of the Symmetry journal.

Milos Antonijevic,Marko Tanaskovic,Nebojša Bačanin,M. Zivkovic,Miloš Stanković,Dijana Jovanovic

DOI: https://doi.org/10.1109/ICECAA55415.2022.9936116

2022-10-13

Abstract:The fast increase in number of different hardware being attached to the internet of things (IoT) mesh also leverages the importance of solving the security issues for establishing the secure environment data transfer over the network. As novel vulnerabilities are being discovered daily, the scientists and network security specialists must devise new models to detect and prevent the intrusions and keep the network safe. One way to address this challenge is to apply the artificial intelligence to develop modern intrusion detection systems (IDS). These cutting-edge systems are able to adjust and counter the novel threats as they come to light, allowing reaction in the real time and altering their bearing with respect to the previous experience. However, the challenge to classify the ongoing traffic is getting more complex due to the immense data volume that is produced by the network systems and leveraged computation requirements. Consequently, the feature selection must be employed as a mean to decrease data complexity through the process of removal of the least relevant information for the current classifying job, increasing the accuracy of the model on the way. This research suggests using a hybrid variant of the commonly used artificial bee colony (ABC) metaheuristics to tackle the feature selection, aiming to increase the accuracy of the extreme learning machine classifier. The novel model has been validated on two famous network security datasets (UNSW-NB15 and CICIDS-2017) to demonstrate the improvement in the performances, and the simulation outcomes were compared to the results obtained by other contemporary methods that have been employed for the same task and under similar circumstances.

Engineering,Computer Science

Gulab Sah,Sweety Singh,Subhasish Banerjee

DOI: https://doi.org/10.23919/jcc.fa.2022-0076.202409

2024-10-01

China Communications

Abstract:The key objective of intrusion detection systems (IDS) is to protect the particular host or network by investigating and predicting the network traffic as an attack or normal. These IDS uses many methods of machine learning (ML) to learn from past-experience attack i.e. signatures based and identify the new ones. Even though these methods are effective, but they have to suffer from large computational costs due to considering all the traffic features, together. Moreover, emerging technologies like the Internet of Things (IoT), big data, etc. are getting advanced day by day; as a result, network traffics are also increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, firstly, the ML methods have been used with the feature selection technique (FST) to reduce the number of features by picking out only the important ones from NSL-KDD, CICIDS2017, and CIC-DDoS2019 datasets later that helped to build IDSs with lower cost but with the higher performance which would be appropriate for vast scale network. The experimental result demonstrated that the proposed model i.e. Decision tree (DT) with Recursive feature elimination (RFE) performs better than other classifiers with RFE in terms of accuracy, specificity, precision, sensitivity, F1-score, and G-means on the investigated datasets.

telecommunications

Reehan Ali Shah,Yuntao Qian,Dileep Kumar,Munwar Ali,Muhammad Bux Alvi

DOI: https://doi.org/10.3390/fi9040081

2017-01-01

Future Internet

Abstract:Intrusion detection system (IDS) is a well-known and effective component of network security that provides transactions upon the network systems with security and safety. Most of earlier research has addressed difficulties such as overfitting, feature redundancy, high-dimensional features and a limited number of training samples but feature selection. We approach the problem of feature selection via sparse logistic regression (SPLR). In this paper, we propose a discriminative feature selection and intrusion classification based on SPLR for IDS. The SPLR is a recently developed technique for data analysis and processing via sparse regularized optimization that selects a small subset from the original feature variables to model the data for the purpose of classification. A linear SPLR model aims to select the discriminative features from the repository of datasets and learns the coefficients of the linear classifier. Compared with the feature selection approaches, like filter (ranking) and wrapper methods that separate the feature selection and classification problems, SPLR can combine feature selection and classification into a unified framework. The experiments in this correspondence demonstrate that the proposed method has better performance than most of the well-known techniques used for intrusion detection.

Ankit Rajeshkumar Kharwar,Devendra V. Thakor

DOI: https://doi.org/10.4018/ijisp.2022010113

2022-01-01

International Journal of Information Security and Privacy

Abstract:The number of attacks increased with speedy development in web communication in the last couple of years. The Anomaly Detection method for IDS has become substantial in detecting novel attacks in Intrusion Detection System (IDS). Achieving high accuracy are the significant challenges in designing an intrusion detection system. It also emphasizes applying different feature selection techniques to identify the most suitable feature subset. The author uses Extremely randomized trees (Extra-Tree) for feature importance. The author tries multiple thresholds on the feature importance parameters to find the best features. If single classifiers use, then the classifier's output is wrong, so that the final decision may be wrong. So The author uses an Extra-Tree classifier applied to the best-selected features. The proposed method is estimated on standard datasets KDD CUP'99, NSL-KDD, and UNSW-NB15. The experimental results show that the proposed approach performs better than existing methods in detection rate, false alarm rate, and accuracy.

M. Rani,Gagandeep

DOI: https://doi.org/10.1109/INDIACom51348.2021.00088

2021-03-17

Abstract:Feature selection in Intrusion Detection System (IDS) helps in optimizing the classification process. Being an optimization problem, it is vitally important to choose the appropriate subset of features from feature space. In this paper, Artificial Bee Colony (ABC) algorithm has been used for feature selection process followed by random forest classifier applied for classification task. The proposed model is evaluated over two well-known datasets, i.e. NSL KDD and UNSW-NB15. The experimental results show that the proposed approach is able to select good feature set from both datasets using 80.83% and 88.17% accuracy. The performance of the system is also compared with the existing literature work which uses same datasets.

Computer Science

Neeraj Kumar,Sanjeev Sharma

DOI: https://doi.org/10.3390/electronics12194050

IF: 2.9

2023-09-27

Electronics

Abstract:With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

engineering, electrical & electronic,computer science, information systems,physics, applied

Al Mehedi Hasan d.,Nasser Mohammed,Ahmad Shamim,Islam Molla Khademul,Md. Al Mehedi Hasan,Mohammed Nasser,Shamim Ahmad,Khademul Islam Molla

DOI: https://doi.org/10.4236/jis.2016.73009

2016-01-01

Journal of Information Security

Abstract:An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.

English Else

Yakub Kayode Saheed,Temitope Olubanjo Kehinde,Mustafa Ayobami Raji,Usman Ahmad Baba

DOI: https://doi.org/10.1080/24751839.2023.2272484

2023-11-08

Journal of Information and Telecommunication

Abstract:This research introduces innovative approaches to enhance intrusion detection systems (IDSs) by addressing critical challenges in existing methods. Various machine-learning techniques, including nature-inspired metaheuristics, Bayesian algorithms, and swarm intelligence, have been proposed in the past for attribute selection and IDS performance improvement. However, these methods have often fallen short in terms of detection accuracy, detection rate, precision, and F-score. To tackle these issues, the paper presents a novel hybrid feature selection approach combining the Bat metaheuristic algorithm with the Residue Number System (RNS). Initially, the Bat algorithm is utilized to partition training data and eliminate irrelevant attributes. Recognizing the Bat algorithm's slower training and testing times, RNS is incorporated to enhance processing speed. Additionally, principal component analysis (PCA) is employed for feature extraction. In a second phase, RNS is excluded for feature selection, allowing the Bat algorithm to perform this task while PCA handles feature extraction. Subsequently, classification is conducted using naive bayes, and k-Nearest Neighbors. Experimental results demonstrate the remarkable effectiveness of combining RNS with the Bat algorithm, achieving outstanding detection rates, accuracy, and F-scores. Notably, the fusion approach doubles processing speed. The findings are further validated through benchmarking against existing intrusion detection methods, establishing their competitiveness.

Chanchal Suman,Somanath Tripathy,Sriparna Saha

DOI: https://doi.org/10.48550/arXiv.1905.06562

2019-05-16

Neural and Evolutionary Computing

Abstract:Intrusion Detection Systems (IDS) are developed to protect the network by detecting the attack. The current paper proposes an unsupervised feature selection technique for analyzing the network data. The search capability of the non-dominated sorting genetic algorithm (NSGA-II) has been employed for optimizing three different objective functions utilizing different information theoretic measures including mutual information, standard deviation, and information gain to identify mutually exclusive and a high variant subset of features. Finally, the Pareto optimal front of the different optimal feature subsets are obtained and these feature subsets are utilized for developing classification systems using different popular machine learning models like support vector machines, decision trees and k-nearest neighbour (k=5) classifier etc. We have evaluated the results of the algorithm on KDD-99, NSL-KDD and Kyoto 2006+ datasets. The experimental results on KDD-99 dataset show that decision tree provides better results than other available classifiers. The proposed system obtains the best results of 99.78% accuracy, 99.27% detection rate and false alarm rate of 0.2%, which are better than all the previous results for KDD dataset. We achieved an accuracy of 99.83% for 20% testing data of NSL-KDD dataset and 99.65% accuracy for 10-fold cross-validation on Kyoto dataset. The most attractive characteristic of the proposed scheme is that during the selection of appropriate feature subset, no labeled information is utilized and different feature quality measures are optimized simultaneously using the multi-objective optimization framework.

Shuai Jiang,Xiaolong Xu

DOI: https://doi.org/10.1109/cyberc.2019.00039

2019-01-01

Abstract:The rapid increase of data has led to many security issues. Various new technologies and other sub-disciplines have been introduced into the research of intrusion detection system (IDS), which has become a hot topic in the current field of security. However, IDS utilizing traditional machine learning technology suffers from relatively low detection rate, large computational overhead, and high false positive rate, due to the large amount of redundancy and high correlation of network traffic data. Therefore, we select random forest (RF) to handle the classification of the network traffic data, and try the classic feature selection algorithms Extra-Trees (ET) and Chi-square (CHI) to reduce the detection time and improve the efficiency of IDS. The experimental results based on the NSL-KDD dataset indicate that ET-RF and CHI-RF outstand in accuracy and computational overhead. Meanwhile, RF with ET outperforms that with CHI.

Mouhammd Alkasassbeh

DOI: https://doi.org/10.48550/arXiv.1712.09623

2017-12-28

Abstract:Despite the great developments in information technology, particularly the Internet, computer networks, global information exchange, and its positive impact in all areas of daily life, it has also contributed to the development of penetration and intrusion which forms a high risk to the security of information organizations, government agencies, and causes large economic losses. There are many techniques designed for protection such as firewall and intrusion detection systems (IDS). IDS is a set of software and/or hardware techniques used to detect hacker's activities in computer systems. Two types of anomalies are used in IDS to detect intrusive activities different from normal user behavior. Misuse relies on the knowledge base that contains all known attack techniques and intrusion is discovered through research in this knowledge base. Artificial intelligence techniques have been introduced to improve the performance of these systems. The importance of IDS is to identify unauthorized access attempting to compromise confidentiality, integrity or availability of the computer network. This paper investigates the Intrusion Detection (ID) problem using three machine learning algorithms namely, BayesNet algorithm, Multi-Layer Perceptron (MLP), and Support Vector Machine (SVM). The algorithms are applied on a real, Management Information Based (MIB) dataset that is collected from real life environment. To enhance the detection process accuracy, a set of feature selection approaches is used; Infogain (IG), ReleifF (RF), and Genetic Search (GS). Our experiments show that the three feature selection methods have enhanced the classification performance. GS with bayesNet, MLP and SVM give high accuracy rates, more specifically the BayesNet with the GS accuracy rate is 99.9%.

Networking and Internet Architecture,Cryptography and Security,Machine Learning