An anomaly-based intrusion detection system using recursive feature elimination technique for improved attack detection

Kannari, Phanindra Reddy; Chowdary, Noorullah Shariff; Biradar, Rajkumar L.

doi:10.1016/j.tcs.2022.07.030

Cited by 24 publications

(11 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even Mhawi et al [24] have obtained an accuracy of nearly 99% on the CIC-IDS 2017 dataset, but their model uses 30 attributes which is more when compared to our proposed model. Moreover, Kannari et al [20] attained an accuracy of nearly 99% on the NSL-KDD dataset, but compared with our proposed model, the training time and the number of features are more for their models. Compared to earlier techniques, our suggested method outperforms the others since most solutions did not address the class imbalance.…”

Section: Comparative Analysismentioning

confidence: 84%

“…Kannari et al [20] proposed an IDS to reduce the detection model computation time and resource usage. Initially, they used recursive feature elimination to remove the irrelevant features, and they selected 21 most essential attributes out of 42 of the NSL-KDD Dataset.…”

Section: Related Workmentioning

confidence: 99%

“…Table 15 shows the comparative analysis of the proposed model with existing models. To reduce resource utilization and computational time, Kannari et al [20] suggest an IDS model using Recursive feature elimination with RF classifier to identify attacks. They tested their model on the NSL-KDD data set.…”

Section: Comparative Analysismentioning

confidence: 99%

See 2 more Smart Citations

Fusion of Feature Ranking Methods for an Effective Intrusion Detection System

Bhavani Mallampati,

Hari

2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Expanding internet-connected services has increased cyberattacks, many of which have grave and disastrous repercussions. An Intrusion Detection System (IDS) plays an essential role in network security since it helps to protect the network from vulnerabilities and attacks. Although extensive research was reported in IDS, detecting novel intrusions with optimal features and reducing false alarm rates are still challenging. Therefore, we developed a novel fusion-based feature importance method to reduce the high dimensional feature space, which helps to identify attacks accurately with less false alarm rate. Initially, to improve training data quality, various preprocessing techniques are utilized. The Adaptive Synthetic oversampling technique generates synthetic samples for minority classes. In the proposed fusion-based feature importance, we use different approaches from the filter, wrapper, and embedded methods like mutual information, random forest importance, permutation importance, Shapley Additive exPlanations (SHAP)-based feature importance, and statistical feature importance methods like the difference of mean and median and standard deviation to rank each feature according to its rank. Then by simple plurality voting, the most optimal features are retrieved. Then the optimal features are fed to various models like Extra Tree (ET), Logistic Regression (LR), Support vector Machine (SVM), Decision Tree (DT), and Extreme Gradient Boosting Machine (XGBM). Then the hyperparameters of classification models are tuned with Halving Random Search cross-validation to enhance the performance. The experiments were carried out on the original imbalanced data and balanced data. The outcomes demonstrate that the balanced data scenario knocked out the imbalanced data. Finally, the experimental analysis proved that our proposed fusionbased feature importance performed well with XGBM giving an accuracy of 99.86%, 99.68%, and 92.4%, with 9, 7 and 8 features by training time of 1.5, 4.5 and 5.5 s on Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD), Canadian Institute for Cybersecurity (CIC-IDS 2017), and UNSW-NB15, datasets respectively. In addition, the suggested technique has been examined and contrasted with the state of art methods on three datasets.

show abstract

Section: Comparative Analysismentioning

confidence: 84%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Fusion of Feature Ranking Methods for an Effective Intrusion Detection System

Bhavani Mallampati,

Hari

2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…Raddy et al [10] have proposed a multiclass random forest technique for anomaly detection in resource-constrained IoT environments that is also very effective on streaming data. They have stated that the ensemble random forest technique is based on a multiclass algorithm and is very effective in handling streams of data, including the preprocessing stage.…”

Section: Background Studies -A Thorough Investigationmentioning

confidence: 99%

A Comparative Analysis for Designing Security Mechanism for Resource-Constrained Internet of Things Devices

Vashisth,

Goyal

2024

Advancements in Communication and Systems

View full text Add to dashboard Cite

In today’s digital age, the rise of Internet of Things (IoT) devices has remarkably transformed technological interactions, offering unprecedented convenience and efficiency across various domains. However, this rapid increase in IoT adoption has also introduced significant network security challenges, as these interconnected devices offer a broader surface vulnerable to cyber threats. Intrusion Detection Systems (IDS) aim to monitor network traffic, identify suspicious patterns, and promptly respond to potential security breaches. This paper provides a comprehensive review of various machine learning algorithms employed in IDS specifically designed for IoT devices. Our primary objective is to critically evaluate the efficiency, strengths, and limitations of these algorithms in detecting and countering threats within the unique constraints of IoT ecosystems. This review encompasses a thorough analysis of emerging ML technologies, including but not limited to Decision Trees, Support Vector Machines, Random Forests, Neural Networks, and Deep Learning models.

show abstract

“…The experimental results showed that the hybrid dimensionality reduction method is better than the single algorithm and can effectively identify abnormal traffic. Phanindra et al [7] used recursive feature elimination techniques to rank features according to their importance and used stochastic forest algorithms to classify attacks. Su et al [8] studied the characteristics of abnormal behavior of network traffic, used hierarchical clustering method to sample traffic data, and then used support vector machine (SVM) to detect anomalies.…”

Section: Introductionmentioning

confidence: 99%

Network Traffic Anomaly Detection Model Based on Feature Reduction and Bidirectional LSTM Neural Network Optimization

Jiang,

Ji,

et al. 2023

Scientific Programming

View full text Add to dashboard Cite

Aiming at the problems of large data dimension, more redundant data, and low accuracy in network traffic anomaly detection, a network traffic anomaly detection model (FR-APPSO BiLSTM) based on feature reduction and bidirectional long short-term memory (LSTM) neural network optimization is proposed. First, the feature dimensions are divided by hierarchical clustering according to the similarity distance between data features, and the features with high correlation are divided into the same feature subset. Second, an automatic encoder is used to reduce each feature subset, eliminating redundant information, and reducing the computational complexity of the detection data. Then, a particle swarm optimization algorithm based on adaptive updating of variables and dynamic adjustment of parameters (APPSO) is proposed, which is used to optimize the parameters of the bidirectional LSTM neural network (BiLSTM). Finally, the optimized BiLSTM is used as a classifier to model network traffic anomaly detection using the reduced feature data. Experiments based on NSL-KDD, UNSW-NB15, and CICIDS-2017 datasets show that the proposed FR-APPSO-BiLSTM model can effectively reduce data features, improve the accuracy of detection, and the performance of network traffic anomaly detection.

show abstract

An anomaly-based intrusion detection system using recursive feature elimination technique for improved attack detection

Cited by 24 publications

References 23 publications

Fusion of Feature Ranking Methods for an Effective Intrusion Detection System

Fusion of Feature Ranking Methods for an Effective Intrusion Detection System

A Comparative Analysis for Designing Security Mechanism for Resource-Constrained Internet of Things Devices

Network Traffic Anomaly Detection Model Based on Feature Reduction and Bidirectional LSTM Neural Network Optimization

Contact Info

Product

Resources

About