Journal Home > Volume 29 , Issue 4
Tsinghua Science and Technology 2024, 29(4): 948-958 https://doi.org/10.26599/TST.2023.9010032
Open Access | Issue | Published: 09 February 2024

Novel Framework for an Intrusion Detection System Using Multiple Feature Selection Methods Based on Deep Learning

Show Author's Information A. E. M. Eljialy1 Mohammed Yousuf Uddin1 Sultan Ahmad2( )
Department of Information Systems, College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Alkharj, Saudi Arabia
Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Alkharj, Saudi Arabia, and also with University Center for Research and Development (UCRD), Department of Computer Science and Engineering, Chandigarh University, Punjab, India
Keywords:
random forest, feature selection, decision tree, software-defined network, logistic regression, intrusion detection system, XGB classifier, AdaBoost
Cite this article:
Eljialy AEM, Uddin MY, Ahmad S. Novel Framework for an Intrusion Detection System Using Multiple Feature Selection Methods Based on Deep Learning. Tsinghua Science and Technology, 2024, 29(4): 948-958. https://doi.org/10.26599/TST.2023.9010032
Download citation
EndNote(RIS)
BibTeX

271

Views

65

Downloads

Citations

0

Crossref

0

WoS

0

Scopus

0

CSCD

Abstract Full text About this article

Intrusion detection systems (IDSs) are deployed to detect anomalies in real time. They classify a network’s incoming traffic as benign or anomalous (attack). An efficient and robust IDS in software-defined networks is an inevitable component of network security. The main challenges of such an IDS are achieving zero or extremely low false positive rates and high detection rates. Internet of Things (IoT) networks run by using devices with minimal resources. This situation makes deploying traditional IDSs in IoT networks unfeasible. Machine learning (ML) techniques are extensively applied to build robust IDSs. Many researchers have utilized different ML methods and techniques to address the above challenges. The development of an efficient IDS starts with a good feature selection process to avoid overfitting the ML model. This work proposes a multiple feature selection process followed by classification. In this study, the Software-defined networking (SDN) dataset is used to train and test the proposed model. This model applies multiple feature selection techniques to select high-scoring features from a set of features. Highly relevant features for anomaly detection are selected on the basis of their scores to generate the candidate dataset. Multiple classification algorithms are applied to the candidate dataset to build models. The proposed model exhibits considerable improvement in the detection of attacks with high accuracy and low false positive rates, even with a few features selected.


menu
Abstract
Full text
Outline
About this article

Novel Framework for an Intrusion Detection System Using Multiple Feature Selection Methods Based on Deep Learning

Show Author's information A. E. M. Eljialy1Mohammed Yousuf Uddin1Sultan Ahmad2( )
Department of Information Systems, College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Alkharj, Saudi Arabia
Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Alkharj, Saudi Arabia, and also with University Center for Research and Development (UCRD), Department of Computer Science and Engineering, Chandigarh University, Punjab, India

Abstract

Intrusion detection systems (IDSs) are deployed to detect anomalies in real time. They classify a network’s incoming traffic as benign or anomalous (attack). An efficient and robust IDS in software-defined networks is an inevitable component of network security. The main challenges of such an IDS are achieving zero or extremely low false positive rates and high detection rates. Internet of Things (IoT) networks run by using devices with minimal resources. This situation makes deploying traditional IDSs in IoT networks unfeasible. Machine learning (ML) techniques are extensively applied to build robust IDSs. Many researchers have utilized different ML methods and techniques to address the above challenges. The development of an efficient IDS starts with a good feature selection process to avoid overfitting the ML model. This work proposes a multiple feature selection process followed by classification. In this study, the Software-defined networking (SDN) dataset is used to train and test the proposed model. This model applies multiple feature selection techniques to select high-scoring features from a set of features. Highly relevant features for anomaly detection are selected on the basis of their scores to generate the candidate dataset. Multiple classification algorithms are applied to the candidate dataset to build models. The proposed model exhibits considerable improvement in the detection of attacks with high accuracy and low false positive rates, even with a few features selected.

Keywords: random forest, feature selection, decision tree, software-defined network, logistic regression, intrusion detection system, XGB classifier, AdaBoost

References(29)

[1]

R. Gopi, M. Mathapati, B. Prasad, S. Ahmad, F. N. Al-Wesabi, M. Abdullah Alohali, and A. Mustafa Hilal, Intelligent DoS attack detection with congestion control technique for VANETs, Comput. Mater. Continua, vol. 72, no. 1, pp. 141–156, 2022.
DOI Google Scholar
[2]

H. Hindy, D. Brosset, E. Bayne, A. K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens, A taxonomy of network threats and the effect of current datasets on intrusion detection systems, IEEE Access, vol. 8, pp. 104650–104675, 2020.
DOI Google Scholar
[3]

S. Ahmad, S. Jha, A. Alam, M. Alharbi, and J. Nazeer, Analysis of intrusion detection approaches for network traffic anomalies with comparative analysis on botnets (2008–2020), Secur. Commun. Netw., vol. 2022, pp. 1–11, 2022.
DOI Google Scholar
[4]

R. Vijayanand, D. Devaraj, and B. Kannapiran, A novel intrusion detection system for wireless mesh network with hybrid feature selection technique based on GA and MI, J. Intell. Fuzzy Syst., vol. 34, no. 3, pp. 1243–1250, 2018.
DOI Google Scholar
[5]

M. Shafiq, Z. Tian, A. K. Bashir, X. Du, and M. Guizani, IoT malicious traffic identification using wrapper-based feature selection mechanisms, Comput. Secur., vol. 94, pp. 101863, 2020.
DOI Google Scholar
[6]

M. Roopak, G. Y. Tian, and J. Chambers, Multi-objective-based feature selection for DDoS attack detection in IoT networks, IET Netw., vol. 9, no. 3, pp. 120–127, 2020.
DOI Google Scholar
[7]

M. A. Siddiqi and W. Pak, Optimizing filter-based feature selection method flow for intrusion detection system, Electronics, vol. 9, no. 12, pp. 2114, 2020.
DOI Google Scholar
[8]

P. Nimbalkar and D. Kshirsagar, Feature selection for intrusion detection system in Internet-of-Things (IoT), ICT Express, vol. 7, no. 2, pp. 177–181, 2021.
DOI Google Scholar
[9]
N. Moustafa and J. Slay, A hybrid feature selection for network intrusion detection systems: Central points, arXiv preprint arXiv: 1707.05505, 2017.
[10]

J. Rene Beulah and D. Shalini Punithavathani, A hybrid feature selection method for improved detection of wired/wireless network intrusions, Wirel. Pers. Commun., vol. 98, no. 2, pp. 1853–1869, 2018.
DOI Google Scholar
[11]
H. Dai and H. Li, A lightweight network intrusion detection model based on feature selection, in Proc. 2009 15th IEEE Pacific Rim Int. Symp. on Dependable Computing, Shanghai, China, 2009, pp. 165–168.
[12]

F. E. Ayo, S. O. Folorunso, A. A. Abayomi-Alli, A. O. Adekunle, and J. B. Awotunde, Network intrusion detection based on deep learning model optimized with rule-based hybrid feature selection, Inf. Secur. J. A Glob. Perspect., vol. 29, no. 6, pp. 267–283, 2020.
DOI Google Scholar
[13]

P. K. Keserwani, M. C. Govil, and E. S. Pilli, An optimal intrusion detection system using GWO-CSA-DSAE model, Cyber Phys. Syst., vol. 7, no. 4, pp. 197–220, 2021.
DOI Google Scholar
[14]

H. Bostani and M. Sheikhan, Hybrid of binary gravitational search algorithm and mutual information for feature selection in intrusion detection systems, Soft Comput., vol. 21, no. 9, pp. 2307–2324, 2017.
DOI Google Scholar
[15]

Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai, Machine learning-based IoT-botnet attack detection with sequential architecture, Sensors, vol. 20, no. 16, pp. 4372, 2020.
DOI Google Scholar
[16]

A. K. Sarica and P. Angin, Explainable security in SDN-based IoT networks, Sensors, vol. 20, no. 24, pp. 7326, 2020.
DOI Google Scholar
[17]
A. Kaan Sarica and P. Angin, A novel SDN dataset for intrusion detection in IoT networks, in Proc. 2020 16th Int. Conf. Network and Service Management (CNSM), Izmir, Turkey, 2020, pp. 1–5.
DOI
[18]
V. Bolón-Canedo, N. Sánchez-Maroño, and A. Alonso-Betanzos, Foundations of feature selection. Feature Selection for High-Dimensional Data. Cham: Springer, 2015: 13-28.
DOI
[19]

K. Filus, P. Boryszko, J. Domańska, M. Siavvas, and E. Gelenbe, Efficient feature selection for static analysis vulnerability prediction, Sensors, vol. 21, no. 4, pp. 1133, 2021.
DOI Google Scholar
[20]

N. Kunhare, R. Tiwari, and J. Dhar, Particle swarm optimization and feature selection for intrusion detection system, Sādhanā, vol. 45, no. 1, pp. 1–14, 2020.
DOI Google Scholar
[21]

A. Bommert, T. Welchowski, M. Schmid, and J. Rahnenführer, Benchmark of filter methods for feature selection in high-dimensional gene expression survival data, Brief Bioinform, vol. 23, no. 1, pp. bbab354, 2022.
DOI Google Scholar
[22]

H. Zhou, X. Wang, and R. Zhu, Feature selection based on mutual information with correlation coefficient, Appl. Intell., vol. 52, no. 5, pp. 5457–5474, 2022.
DOI Google Scholar
[23]

M. Alassaf and A. M. Qamar, Improving sentiment analysis of Arabic tweets by one-way ANOVA, J. King Saud Univ. Comput. Inf. Sci., vol. 34, no. 6, pp. 2849–2859, 2022.
DOI Google Scholar
[24]

R. Lamba, T. Gulati, and A. Jain, A hybrid feature selection approach for Parkinson’s detection based on mutual information gain and recursive feature elimination, Arab. J. Sci. Eng., vol. 47, no. 8, pp. 10263–10276, 2022.
DOI Google Scholar
[25]

S. K. Dey, K. M. M. Uddin, H. M. H. Babu, M. M. Rahman, A. Howlader, and K. M. Aslam Uddin, Chi2-MI: A hybrid feature selection based machine learning approach in diagnosis of chronic kidney disease, Intell. Syst. Appl., vol. 16, pp. 200144, 2022.
DOI Google Scholar
[26]
Jack Tan, How to improve data quality for machine learning? https://towardsdatascience.com/how-to-improve-data-preparation-for-machine-learning-dde107b60091 Accessed on January 1, 2023.
[27]

A. Rajagopal, S. Ahmad, S. Jha, R. Alagarsamy, A. Alharbi, and B. Alouffi, A robust automated framework for classification of CT covid-19 images using MSI-ResNet, Comput. Syst. Sci. Eng., vol. 45, no. 3, pp. 3215–3229, 2023.
DOI Google Scholar
[28]

M. A. Talukder, K. F. Hasan, M. M. Islam, M. A. Uddin, A. Akhter, M. Abu Yousuf, F. Alharbi, and M. Ali Moni, A dependable hybrid machine learning model for network intrusion detection, J. Inf. Secur. Appl., vol. 72, pp. 103405, 2023.
DOI Google Scholar
[29]

S. Ahmad and M. Yousuf Uddin, An intelligent irrigation system and prediction of environmental weather based on nano electronics and Internet of Things devices, J. Nanoelectron. Optoelectron., vol. 18, no. 2, pp. 227–236, 2023.
DOI Google Scholar
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 06 March 2023
Revised: 10 April 2023
Accepted: 14 April 2023
Published: 09 February 2024
Issue date: August 2024

Copyright

© The Author(s) 2024.

Acknowledgements

Acknowledgment

The authors extend their appreciation to the Deputyship for Research & Innovation, Ministry of Education in Saudi Arabia for funding this research work through the project number (IF2/PSAU/2022/01/23126)

Rights and permissions

The articles published in this open access journal are distributed under the terms of theCreative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return