Ensemble Approach for Feature Selection and Classification in Intrusion Detection System

Abstract

Network data security is a global issue for governments, businesses, and individuals. The frequency of attacks is rapidly growing, and attackers techniques are evolving. Attackers may get unauthorized access to resources or services through harmful behavior. Many techniques (such as firewalls, anti-viruses, anti-malware, and spam filters) are utilized as network security technologies. An Intrusion Detection System (IDS) is a robust network security system that detects illegal and irregular network activity (e.g., DDoS attack, Ransomware attack, Botnet attack, etc.). On the other hand, firewalls and traditional IDS constantly update their defined databases to identify threats. Various strategies and solutions have been proposed in recent decades to solve the limitations of IDS, such as high false alarm rates, low accuracy, and time consumption. newlineMany machine learning methods have been investigated for IDS in order to detect unknown attacks. However, in real-world applications, classifier performance may vary with diverse datasets, with one of the key reasons being redundant or inefficient features. This thesis analyses feature selection methods and present an ensemble method to increase detection performance to address this issue. Using ensemble classifiers generally outperforms compare to a single classifier. This thesis aims to offer design techniques for effective IDS. The new IDS approaches attempt to use machine learning models to create robust systems. newlineThe proposed model includes the following steps: selection of raw data, data preprocessing, feature selection, classification, and performance evaluation. Our experiment used benchmark datasets (KDD 99, NSL-KDD, and UNSW-NB15) and the most recent datasets (CICIDS2017 and CICIDS2018) in the first step. Three stages are involved in the preprocessing in the second step. It eliminates duplicate entries from the dataset in the first stage. In the second stage, we classify each attack into fundamental attack categories.