A Hybrid Intrusion Detection with Decision Tree for Feature Selection

Umar, Mubarak Albarka; Chen, Zhanfang; Liu, Yan

doi:10.11610/isij.4901

Cited by 10 publications

(3 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Three basic feature selection methods are explained in the next section. However, only two of these methods were mainly applied in IDS modeling, with most studies using the filter method, which generally ignores the effects of the selected feature subset on the performance of the IDS model [25]. Contrary to the wrapper method, which, though computationally expensive, produces better performance for the predefined classifier.…”

Section: Feature Selectionmentioning

confidence: 99%

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar,

Chen,

Shuaib

et al. 2024

Preprint

View full text Add to dashboard Cite

The rapid rise of cyberattacks and the gradual failure of traditional defense systems and approaches led to using Machine Learning (ML) techniques to build more efficient and reliable Intrusion Detection Systems (IDSs). However, the advent of larger IDS datasets has negatively impacted the performance and computational complexity of ML-based IDSs. Many researchers used data preprocessing techniques such as feature selection and normalization to overcome such issues. While most of these researchers reported the success of these preprocessing techniques on a shallow level, very few studies have been performed on their effects on a wider scale. Furthermore, the performance of an IDS model is subject to not only the utilized preprocessing techniques but also the dataset and the ML algorithm used, which most of the existing studies give little emphasis on. Thus, this study provides an in-depth analysis of feature selection and normalization effects on various IDS models built using two IDS datasets namely, NSL-KDD and UNSW-NB15, and five different ML algorithms. The algorithms are support vector machine, k-nearest neighbor, random forest, naive bayes, and artificial neural network. For feature selection and normalization, the decision tree wrapper-based approach, which tends to give superior model performance, and min-max normalization methods were respectively used. A total of 30 unique IDS models were implemented using the full and feature-selected copy of the datasets. The models were evaluated using popular evaluation metrics in IDS modeling, intra- and inter-model comparisons were performed between models and with state-of-the-art works. Random forest achieved the best performance on both NSL-KDD and UNSW-NB15 datasets with prediction accuracies of 99.87% and 98.5%, as well as detection rates of 99.79% and 99.17% respectively, it also achieved an excellent performance in comparison with the recent works. The results show that both normalization and feature selection positively affect IDS modeling with normalization shown to be more important than feature selection in improving performance and computational time. The study also found that the UNSW-NB15 dataset is more complex and more suitable for building and evaluating modern-day IDS than NSL-KDD.

show abstract

Section: Feature Selectionmentioning

confidence: 99%

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar,

Chen,

Shuaib

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…One of the key elements influencing how well supervised machine learning models can detect and categorize harmful intrusions is feature engineering [8]. This can be done by selecting the dataset's most significant and connected features to the model outputs, a process known as feature selection, and then creating a new feature from the already accessible ISOT-CID dataset, a process known as feature extraction [9], [10].…”

Section: Introductionmentioning

confidence: 99%

Enhancing the Intrusion Detection Efficiency using a Partitioning-based Recursive Feature Elimination in Big Cloud Environment

Elmasry¹,

Khedr²,

Abdelkader³

2023

IJACSA

View full text Add to dashboard Cite

In the era of cloud computing, the effectiveness of utilizing supervised machine-learning-based intrusion detection models for categorizing and detecting malicious network attacks depends on the preparation, extraction, and selection of the optimal subset of features from the dataset. Therefore, before beginning the training phase of the machine learning classifier models, it is required to remove redundant data, manage missing values, extract statistical features from the dataset, and choose the most valuable and appropriate attributes using the Python Jupyter Notebook. In this study, partitioning-based recursive feature elimination (PRFE) method was suggested to decrease the complexity space and training time for machine learning models while increasing the accuracy rate of detecting malicious attacks. On the information security and object technology cloud intrusion dataset (ISOT-CID), some of the most popular supervised machine learning classification techniques, including support vector machines (SVM) and decision trees (DT), have been assessed using the suggested PRFE technique. In comparison to some of the most popular filter and wrapperbased feature selection strategies, the results of the practical experiments demonstrated an improvement in accuracy, recall, F-score, and precision rate after using the PRFE technique on the ISOT-CID dataset. Additionally, the time required to train the machine-learning models was reduced.

show abstract

“…Under the circumstance, cybersecurity issues have been paid much more attention in various networks, such as wireless networks [1][2][3], the Internet of things [4][5][6], and vehicle networks [7,8]. To detect cyberattacks, intrusion detection system (IDS) [9][10][11][12][13][14][15][16] has become a common tool due to its serviceability and extendibility. However, the huge amount of information flow has posed a great challenge to the efficacy and efficiency of the traditional intrusion detection systems.…”

Section: Introductionmentioning

confidence: 99%

EFS-DNN: An Ensemble Feature Selection-Based Deep Learning Approach to Network Intrusion Detection System

Wang

Liu

Sun

2022

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, the scale of networks has substantially evolved due to the rapid development of infrastructures in real networks. Under the circumstances, intrusion detection systems (IDSs) have become the crucial tool to detect cyberattacks, malicious actions, and anomaly behaviors that threaten the credibility and integrity of information services in networks. The feature selection technologies are commonly applied in various intrusion detection algorithms owing to the potential of improving performance and speeding up decision-making. However, existing feature selection-based intrusion detection methods still suffer from high computational complexity or the lack of robustness. To mitigate these challenges, we propose a novel ensemble feature selection-based deep neural network (EFS-DNN) to detect attacks in networks with high-volume traffic data. In particular, we leverage light gradient boosting machine (LightGBM) as the base selector in the ensemble feature selection module to enhance the robustness of the selected optimal subset. Besides, we utilize a deep neural network with batch normalization and embedding technique as the classifier to improve the expressiveness. We conduct extensive experiments on three public datasets to demonstrate the superiority of the EFS-DNN compared with baselines.

show abstract

A Hybrid Intrusion Detection with Decision Tree for Feature Selection

Cited by 10 publications

References 34 publications

Effects of Feature Selection and Normalization on Network Intrusion Detection

Effects of Feature Selection and Normalization on Network Intrusion Detection

Enhancing the Intrusion Detection Efficiency using a Partitioning-based Recursive Feature Elimination in Big Cloud Environment

EFS-DNN: An Ensemble Feature Selection-Based Deep Learning Approach to Network Intrusion Detection System

Contact Info

Product

Resources

About